aboutsummaryrefslogtreecommitdiff
path: root/frida_mode/src/persistent
diff options
context:
space:
mode:
Diffstat (limited to 'frida_mode/src/persistent')
-rw-r--r--frida_mode/src/persistent/persistent_x64.c46
-rw-r--r--frida_mode/src/persistent/persistent_x86.c40
2 files changed, 13 insertions, 73 deletions
diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c
index 49f1988c..aa772b7f 100644
--- a/frida_mode/src/persistent/persistent_x64.c
+++ b/frida_mode/src/persistent/persistent_x64.c
@@ -40,7 +40,6 @@ struct x86_64_regs {
typedef struct x86_64_regs arch_api_regs;
static arch_api_regs saved_regs = {0};
-static void * saved_return = NULL;
gboolean persistent_is_supported(void) {
@@ -183,43 +182,11 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw,
}
-static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) {
+static void instrument_exit(GumX86Writer *cw) {
- GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
- gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
- -(GUM_RED_ZONE_SIZE));
- gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
- gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
-
- gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
- gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP,
- GUM_RED_ZONE_SIZE + 0x10);
- gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX);
-
- gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX);
- gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-
- gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
- (GUM_RED_ZONE_SIZE));
-
-}
-
-static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) {
-
- GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
- gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
- -(GUM_RED_ZONE_SIZE));
-
- /* Place holder for ret */
- gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
- gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-
- gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
- gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0);
-
- gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX);
- gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
- gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE);
+ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit));
+ gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0);
+ gum_x86_writer_put_call_reg(cw, GUM_REG_RAX);
}
@@ -302,8 +269,7 @@ void persistent_prologue(GumStalkerOutput *output) {
/* Stack must be 16-byte aligned per ABI */
instrument_persitent_save_regs(cw, &saved_regs);
- /* Stash and pop the return value */
- instrument_save_ret(cw, &saved_return);
+ /* pop the return value */
gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8));
/* loop: */
@@ -329,7 +295,7 @@ void persistent_prologue(GumStalkerOutput *output) {
/* done: */
gum_x86_writer_put_label(cw, done);
- instrument_jump_ret(cw, &saved_return);
+ instrument_exit(cw);
/* original: */
gum_x86_writer_put_label(cw, original);
diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c
index bd7171b9..20a3dc42 100644
--- a/frida_mode/src/persistent/persistent_x86.c
+++ b/frida_mode/src/persistent/persistent_x86.c
@@ -39,7 +39,6 @@ struct x86_regs {
typedef struct x86_regs arch_api_regs;
static arch_api_regs saved_regs = {0};
-static void * saved_return = NULL;
gboolean persistent_is_supported(void) {
@@ -138,36 +137,12 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw,
}
-static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) {
+static void instrument_exit(GumX86Writer *cw) {
- GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-
- gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
- gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
-
- gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address);
- gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8);
- gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX);
-
- gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX);
- gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
-
-}
-
-static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) {
-
- GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-
- /* Place holder for ret */
- gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
- gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
-
- gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address);
- gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0);
-
- gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX);
- gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
- gum_x86_writer_put_ret(cw);
+ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit));
+ gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0);
+ gum_x86_writer_put_push_reg(cw, GUM_REG_EDI);
+ gum_x86_writer_put_call_reg(cw, GUM_REG_EAX);
}
@@ -238,8 +213,7 @@ void persistent_prologue(GumStalkerOutput *output) {
/* Stack must be 16-byte aligned per ABI */
instrument_persitent_save_regs(cw, &saved_regs);
- /* Stash and pop the return value */
- instrument_save_ret(cw, &saved_return);
+ /* Pop the return value */
gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4));
/* loop: */
@@ -265,7 +239,7 @@ void persistent_prologue(GumStalkerOutput *output) {
/* done: */
gum_x86_writer_put_label(cw, done);
- instrument_jump_ret(cw, &saved_return);
+ instrument_exit(cw);
/* original: */
gum_x86_writer_put_label(cw, original);
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-14 21:56:04 +0000