Skip to content
Snippets Groups Projects
Commit d4d383d0 authored by jdh8d's avatar jdh8d
Browse files

fixed scfi to deal with protecting jumps/calls. converted rcx to r11 on 64-bit

parent b23c4490
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 57 additions and 6 deletions
scfi_instr.cpp
+ 57
6
View file @ d4d383d0
...@@ -301,18 +301,58 @@ static string change_to_push(Instruction_t *insn) ...@@ -301,18 +301,58 @@ static string change_to_push(Instruction_t *insn)
{ {
string newbits=insn->GetDataBits(); string newbits=insn->GetDataBits();
// fixme for REX insn. DISASM d;
insn->Disassemble(d);
int opcode_offset=0;
// FIXME: assumes REX is only prefix on jmp insn.
// does not assume rex exists.
if(d.Prefix.REX.state == InUsePrefix)
opcode_offset=1;
unsigned char modregrm = (newbits[1]); unsigned char modregrm = (newbits[1+opcode_offset]);
modregrm &= 0xc7; modregrm &= 0xc7;
modregrm |= 0x30; modregrm |= 0x30;
newbits[0] = 0xFF; newbits[0+opcode_offset] = 0xFF;
newbits[1] = modregrm; newbits[1+opcode_offset] = modregrm;
return newbits; return newbits;
} }
void mov_reloc(Instruction_t* from, Instruction_t* to, string type )
{
for(
/* start */
RelocationSet_t::iterator it=from->GetRelocations().begin();
/* continue */
it!=from->GetRelocations().end();
/* increment */
/* empty */
)
{
Relocation_t* reloc=*it;
if(reloc->GetType()==type)
{
to->GetRelocations().insert(reloc);
// odd standards-conforming way to delete object while iterating.
from->GetRelocations().erase(it++);
}
else
{
it++;
}
}
}
void SCFI_Instrument::AddJumpCFI(Instruction_t* insn) void SCFI_Instrument::AddJumpCFI(Instruction_t* insn)
{ {
string reg="ecx"; // 32-bit reg string reg="ecx"; // 32-bit reg
...@@ -335,7 +375,18 @@ void SCFI_Instrument::AddJumpCFI(Instruction_t* insn) ...@@ -335,7 +375,18 @@ void SCFI_Instrument::AddJumpCFI(Instruction_t* insn)
after->SetTarget(after); after->SetTarget(after);
return; return;
#else #else
cout<<"Warning, JUMPS not CFI's yet"<<endl; string pushbits=change_to_push(insn);
cout<<"Converting ' "<<insn->getDisassembly()<<"' to '";
Instruction_t* after=insertDataBitsBefore(firp,insn,pushbits);
after->SetDataBits(getRetDataBits());
cout <<insn->getDisassembly()<<" + ret "<<endl ;
// move any pc-rel relocation bits to the push, which will access memory now
mov_reloc(after,insn,"pcrel");
AddReturnCFI(after);
// cout<<"Warning, JUMPS not CFI's yet"<<endl;
return; return;
#endif #endif
} }
...@@ -345,7 +396,7 @@ void SCFI_Instrument::AddReturnCFI(Instruction_t* insn) ...@@ -345,7 +396,7 @@ void SCFI_Instrument::AddReturnCFI(Instruction_t* insn)
{ {
string reg="ecx"; // 32-bit reg string reg="ecx"; // 32-bit reg
if(firp->GetArchitectureBitWidth()==64) if(firp->GetArchitectureBitWidth()==64)
reg="rcx"; // 64-bit reg. reg="r11"; // 64-bit reg.
string rspreg="esp"; // 32-bit reg string rspreg="esp"; // 32-bit reg
if(firp->GetArchitectureBitWidth()==64) if(firp->GetArchitectureBitWidth()==64)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment