about summary refs log tree commit diff
path: root/frida_mode/src/persistent
diff options
context:
space:
mode:
Diffstat (limited to 'frida_mode/src/persistent')
-rw-r--r--frida_mode/src/persistent/persistent_arm64.c45
-rw-r--r--frida_mode/src/persistent/persistent_x64.c172
-rw-r--r--frida_mode/src/persistent/persistent_x86.c114
3 files changed, 161 insertions, 170 deletions
diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c
index 16ecf39c..565a2b8c 100644
--- a/frida_mode/src/persistent/persistent_arm64.c
+++ b/frida_mode/src/persistent/persistent_arm64.c
@@ -24,7 +24,7 @@ gboolean persistent_is_supported(void) {
 
 }
 
-static void instrument_persitent_save_regs(GumArm64Writer *  cw,
+static void instrument_persitent_save_regs(GumArm64Writer   *cw,
                                            persistent_ctx_t *regs) {
 
   GumAddress    regs_address = GUM_ADDRESS(regs);
@@ -105,18 +105,13 @@ static void instrument_persitent_save_regs(GumArm64Writer *  cw,
                                           offsetof(persistent_ctx_t, rflags));
 
   /* Q */
-  gum_arm64_writer_put_stp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_stp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_stp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_stp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET);
+  for (int i = 0; i < 16; i++) {
+
+    gum_arm64_writer_put_stp_reg_reg_reg_offset(
+        cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0,
+        offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET);
+
+  }
 
   /* x0 & x1 */
   gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3,
@@ -136,7 +131,7 @@ static void instrument_persitent_save_regs(GumArm64Writer *  cw,
 
 }
 
-static void instrument_persitent_restore_regs(GumArm64Writer *  cw,
+static void instrument_persitent_restore_regs(GumArm64Writer   *cw,
                                               persistent_ctx_t *regs) {
 
   GumAddress    regs_address = GUM_ADDRESS(regs);
@@ -201,18 +196,14 @@ static void instrument_persitent_restore_regs(GumArm64Writer *  cw,
                                           offsetof(persistent_ctx_t, rflags));
   gum_arm64_writer_put_instruction(cw, msr_nzcv_x1);
 
-  gum_arm64_writer_put_ldp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_ldp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_ldp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET);
-  gum_arm64_writer_put_ldp_reg_reg_reg_offset(
-      cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0,
-      offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET);
+  /* Q */
+  for (int i = 0; i < 16; i++) {
+
+    gum_arm64_writer_put_ldp_reg_reg_reg_offset(
+        cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0,
+        offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET);
+
+  }
 
   /* x2 & x3 */
   gum_arm64_writer_put_ldp_reg_reg_reg_offset(
@@ -258,7 +249,7 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) {
 
 }
 
-static void persistent_prologue_hook(GumArm64Writer *  cw,
+static void persistent_prologue_hook(GumArm64Writer   *cw,
                                      persistent_ctx_t *regs) {
 
   if (persistent_hook == NULL) return;
diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c
index 56141787..a8bed7be 100644
--- a/frida_mode/src/persistent/persistent_x64.c
+++ b/frida_mode/src/persistent/persistent_x64.c
@@ -25,148 +25,148 @@ gboolean persistent_is_supported(void) {
 
 }
 
-static void instrument_persitent_save_regs(GumX86Writer *    cw,
+static void instrument_persitent_save_regs(GumX86Writer     *cw,
                                            persistent_ctx_t *regs) {
 
   GumAddress regs_address = GUM_ADDRESS(regs);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         -(GUM_RED_ZONE_SIZE));
 
   /* Should be pushing FPU here, but meh */
   gum_x86_writer_put_pushfx(cw);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RAX);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address);
 
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rbx), GUM_REG_RBX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rbx), GUM_X86_RBX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rcx), GUM_REG_RCX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rcx), GUM_X86_RCX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rdx), GUM_REG_RDX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rdx), GUM_X86_RDX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rdi), GUM_REG_RDI);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rdi), GUM_X86_RDI);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rsi), GUM_REG_RSI);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rsi), GUM_X86_RSI);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rbp), GUM_REG_RBP);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rbp), GUM_X86_RBP);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r8), GUM_REG_R8);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r8), GUM_X86_R8);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r9), GUM_REG_R9);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r9), GUM_X86_R9);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r10), GUM_REG_R10);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r10), GUM_X86_R10);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r11), GUM_REG_R11);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r11), GUM_X86_R11);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r12), GUM_REG_R12);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r12), GUM_X86_R12);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r13), GUM_REG_R13);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r13), GUM_X86_R13);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r14), GUM_REG_R14);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r14), GUM_X86_R14);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, r15), GUM_REG_R15);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, r15), GUM_X86_R15);
 
   /* Store RIP */
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RBX,
                                      GUM_ADDRESS(persistent_start));
 
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rip), GUM_REG_RBX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rip), GUM_X86_RBX);
 
   /* Store adjusted RSP */
-  gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP);
+  gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_RBX, GUM_X86_RSP);
 
   /* RED_ZONE + Saved flags, RAX, alignment */
-  gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX,
+  gum_x86_writer_put_add_reg_imm(cw, GUM_X86_RBX,
                                  GUM_RED_ZONE_SIZE + (0x8 * 2));
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rsp), GUM_REG_RBX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rsp), GUM_X86_RBX);
 
   /* Save the flags */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x8);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(persistent_ctx_t, rflags), GUM_REG_RBX);
+      cw, GUM_X86_RAX, offsetof(persistent_ctx_t, rflags), GUM_X86_RBX);
 
   /* Save the RAX */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x0);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_RAX, offsetof(GumCpuContext, rax), GUM_REG_RBX);
+      cw, GUM_X86_RAX, offsetof(GumCpuContext, rax), GUM_X86_RBX);
 
   /* Pop the saved values */
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10);
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 0x10);
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         (GUM_RED_ZONE_SIZE));
 
 }
 
-static void instrument_persitent_restore_regs(GumX86Writer *    cw,
+static void instrument_persitent_restore_regs(GumX86Writer     *cw,
                                               persistent_ctx_t *regs) {
 
   GumAddress regs_address = GUM_ADDRESS(regs);
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address);
 
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RCX, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rcx));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rdx));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDI, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rdi));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rsi));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBP, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rbp));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R8, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r8));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R9, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r9));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R10, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r10));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R11, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r11));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R12, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r12));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R13, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r13));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R14, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r14));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R15, GUM_X86_RAX,
                                             offsetof(GumCpuContext, r15));
 
   /* Don't restore RIP */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSP, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rsp));
 
   /* Restore RBX, RAX & Flags */
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         -(GUM_RED_ZONE_SIZE));
 
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rbx));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RBX);
 
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX,
                                             offsetof(GumCpuContext, rax));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX,
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RBX);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX,
                                             offsetof(persistent_ctx_t, rflags));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RBX);
 
   gum_x86_writer_put_popfx(cw);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX);
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         (GUM_RED_ZONE_SIZE));
 
 }
 
 static void instrument_exit(GumX86Writer *cw) {
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit));
-  gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0);
-  gum_x86_writer_put_call_reg(cw, GUM_REG_RAX);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(_exit));
+  gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_RDI, 0);
+  gum_x86_writer_put_call_reg(cw, GUM_X86_RAX);
 
 }
 
@@ -186,13 +186,13 @@ static int instrument_afl_persistent_loop_func(void) {
 
 static void instrument_afl_persistent_loop(GumX86Writer *cw) {
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         -(GUM_RED_ZONE_SIZE));
   gum_x86_writer_put_call_address_with_arguments(
       cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0);
-  gum_x86_writer_put_test_reg_reg(cw, GUM_REG_RAX, GUM_REG_RAX);
+  gum_x86_writer_put_test_reg_reg(cw, GUM_X86_RAX, GUM_X86_RAX);
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         (GUM_RED_ZONE_SIZE));
 
 }
@@ -200,26 +200,26 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) {
 static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) {
 
   if (persistent_hook == NULL) return;
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         -(GUM_RED_ZONE_SIZE));
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RDX,
                                      GUM_ADDRESS(&__afl_fuzz_len));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0);
-  gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff);
-  gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RDX, GUM_REG_RDI);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0);
+  gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_RDI, 0xffffffff);
+  gum_x86_writer_put_and_reg_reg(cw, GUM_X86_RDX, GUM_X86_RDI);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RSI,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RSI,
                                      GUM_ADDRESS(&__afl_fuzz_ptr));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RSI, 0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RSI, 0);
 
   gum_x86_writer_put_call_address_with_arguments(
       cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS,
-      GUM_ADDRESS(&regs->ctx), GUM_ARG_REGISTER, GUM_REG_RSI, GUM_ARG_REGISTER,
-      GUM_REG_RDX);
+      GUM_ADDRESS(&regs->ctx), GUM_ARG_REGISTER, GUM_X86_RSI, GUM_ARG_REGISTER,
+      GUM_X86_RDX);
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         (GUM_RED_ZONE_SIZE));
 
 }
@@ -228,23 +228,23 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) {
 
   /* Stack usage by this function */
   gssize offset = GUM_RED_ZONE_SIZE + (3 * 8);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         -(GUM_RED_ZONE_SIZE));
 
   gum_x86_writer_put_pushfx(cw);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RAX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_RBX);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret));
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP,
                                             offset);
-  gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_RAX, GUM_REG_RBX);
+  gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_RAX, GUM_X86_RBX);
 
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX);
   gum_x86_writer_put_popfx(cw);
 
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP,
                                         (GUM_RED_ZONE_SIZE));
 
 }
@@ -278,7 +278,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) {
   FVERBOSE("Persistent loop reached");
 
   /* Pop the return value */
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8);
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 8);
 
   instrument_persitent_save_regs(cw, &saved_regs);
 
@@ -326,13 +326,13 @@ void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   /* The stack should be aligned when we re-enter our loop */
   gconstpointer zero = cw->code + 1;
-  gum_x86_writer_put_test_reg_u32(cw, GUM_REG_RSP, 0xF);
+  gum_x86_writer_put_test_reg_u32(cw, GUM_X86_RSP, 0xF);
   gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, zero, GUM_NO_HINT);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -8);
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -8);
   gum_x86_writer_put_label(cw, zero);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret));
-  gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_RAX);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret));
+  gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_RAX);
 
 }
 
diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c
index 76c25334..e9bde3d2 100644
--- a/frida_mode/src/persistent/persistent_x86.c
+++ b/frida_mode/src/persistent/persistent_x86.c
@@ -25,105 +25,105 @@ gboolean persistent_is_supported(void) {
 
 }
 
-static void instrument_persitent_save_regs(GumX86Writer *    cw,
+static void instrument_persitent_save_regs(GumX86Writer     *cw,
                                            persistent_ctx_t *regs) {
 
   GumAddress regs_address = GUM_ADDRESS(regs);
 
   /* Should be pushing FPU here, but meh */
   gum_x86_writer_put_pushfx(cw);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EAX);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address);
 
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, ebx), GUM_REG_EBX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, ebx), GUM_X86_EBX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, ecx), GUM_REG_ECX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, ecx), GUM_X86_ECX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, edx), GUM_REG_EDX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, edx), GUM_X86_EDX);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, edi), GUM_REG_EDI);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, edi), GUM_X86_EDI);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, esi), GUM_REG_ESI);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, esi), GUM_X86_ESI);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, ebp), GUM_REG_EBP);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, ebp), GUM_X86_EBP);
 
   /* Store RIP */
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EBX,
                                      GUM_ADDRESS(persistent_start));
 
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, eip), GUM_REG_EBX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, eip), GUM_X86_EBX);
 
   /* Store adjusted RSP */
-  gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP);
+  gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_EBX, GUM_X86_ESP);
 
   /* RED_ZONE + Saved flags, RAX */
-  gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2));
+  gum_x86_writer_put_add_reg_imm(cw, GUM_X86_EBX, (0x4 * 2));
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, esp), GUM_REG_EBX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, esp), GUM_X86_EBX);
 
   /* Save the flags */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x4);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(persistent_ctx_t, eflags), GUM_REG_EBX);
+      cw, GUM_X86_EAX, offsetof(persistent_ctx_t, eflags), GUM_X86_EBX);
 
   /* Save the RAX */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x0);
   gum_x86_writer_put_mov_reg_offset_ptr_reg(
-      cw, GUM_REG_EAX, offsetof(GumCpuContext, eax), GUM_REG_EBX);
+      cw, GUM_X86_EAX, offsetof(GumCpuContext, eax), GUM_X86_EBX);
 
   /* Pop the saved values */
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8);
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 0x8);
 
 }
 
-static void instrument_persitent_restore_regs(GumX86Writer *    cw,
+static void instrument_persitent_restore_regs(GumX86Writer     *cw,
                                               persistent_ctx_t *regs) {
 
   GumAddress regs_address = GUM_ADDRESS(regs);
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address);
 
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_EAX,
                                             offsetof(GumCpuContext, ecx));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EAX,
                                             offsetof(GumCpuContext, edx));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDI, GUM_X86_EAX,
                                             offsetof(GumCpuContext, edi));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESI, GUM_X86_EAX,
                                             offsetof(GumCpuContext, esi));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBP, GUM_X86_EAX,
                                             offsetof(GumCpuContext, ebp));
 
   /* Don't restore RIP */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESP, GUM_X86_EAX,
                                             offsetof(GumCpuContext, esp));
 
   /* Restore RBX, RAX & Flags */
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX,
                                             offsetof(GumCpuContext, ebx));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EBX);
 
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX,
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX,
                                             offsetof(GumCpuContext, eax));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX,
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EBX);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX,
                                             offsetof(persistent_ctx_t, eflags));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EBX);
 
   gum_x86_writer_put_popfx(cw);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX);
 
 }
 
 static void instrument_exit(GumX86Writer *cw) {
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit));
-  gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EDI);
-  gum_x86_writer_put_call_reg(cw, GUM_REG_EAX);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(_exit));
+  gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_EDI, 0);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EDI);
+  gum_x86_writer_put_call_reg(cw, GUM_X86_EAX);
 
 }
 
@@ -145,7 +145,7 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) {
 
   gum_x86_writer_put_call_address_with_arguments(
       cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0);
-  gum_x86_writer_put_test_reg_reg(cw, GUM_REG_EAX, GUM_REG_EAX);
+  gum_x86_writer_put_test_reg_reg(cw, GUM_X86_EAX, GUM_X86_EAX);
 
 }
 
@@ -153,20 +153,20 @@ static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) {
 
   if (persistent_hook == NULL) return;
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_ECX,
                                      GUM_ADDRESS(&__afl_fuzz_len));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDX,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EDX,
                                      GUM_ADDRESS(&__afl_fuzz_ptr));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EDX, 0);
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EDX, 0);
 
   /* Base address is 64-bits (hence two zero arguments) */
   gum_x86_writer_put_call_address_with_arguments(
       cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS,
-      GUM_ADDRESS(&regs->ctx), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER,
-      GUM_REG_ECX);
+      GUM_ADDRESS(&regs->ctx), GUM_ARG_REGISTER, GUM_X86_EDX, GUM_ARG_REGISTER,
+      GUM_X86_ECX);
 
 }
 
@@ -176,16 +176,16 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) {
   gssize offset = (3 * 4);
 
   gum_x86_writer_put_pushfx(cw);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EAX);
+  gum_x86_writer_put_push_reg(cw, GUM_X86_EBX);
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret));
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP,
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret));
+  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP,
                                             offset);
-  gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_EAX, GUM_REG_EBX);
+  gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_EAX, GUM_X86_EBX);
 
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX);
+  gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX);
   gum_x86_writer_put_popfx(cw);
 
 }
@@ -219,7 +219,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) {
   FVERBOSE("Persistent loop reached");
 
   /* Pop the return value */
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4);
+  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 4);
 
   instrument_persitent_save_regs(cw, &saved_regs);
 
@@ -263,8 +263,8 @@ void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); }
 
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret));
-  gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_EAX);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret));
+  gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_EAX);
 
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-08-13 02:36:36 +0000