diff options
Diffstat (limited to 'src/vm/amd64/asan_wrapper.S')
| -rw-r--r-- | src/vm/amd64/asan_wrapper.S | 106 |
1 files changed, 75 insertions, 31 deletions
diff --git a/src/vm/amd64/asan_wrapper.S b/src/vm/amd64/asan_wrapper.S index a58828b2d3..70eb6e8acb 100644 --- a/src/vm/amd64/asan_wrapper.S +++ b/src/vm/amd64/asan_wrapper.S @@ -28,9 +28,13 @@ RETADDR_OFFSET=8*15 push %r14 push %r13 push %r12 + +# push %rax # tmp for align stack .endm .macro POP_REGS +# pop %rax + pop %r12 pop %r13 pop %r14 @@ -54,30 +58,22 @@ RETADDR_OFFSET=8*15 .global hex_wrapper_size .global hex_wrapper_entry_offset - # Extern functions - .global asan_enable_addr_offset - .global asan_disable_addr_offset - .global target_addr_offset - .global get_return_addr_offset - - .text .code64 hex_wrapper: -asan_enable_addr: .quad 0x0badc0de0badc0de -asan_disable_addr: .quad 0x0badc0de0badc0de target_addr: .quad 0x0badc0de0badc0de -get_return_addr: .quad 0x0badc0de0badc0de +push_addr: .quad 0xdeadfeefdeadbeef +pop_addr: .quad 0xdeadc0dedeadc0de hex_wrapper_entry: + #int3 # Save context PUSH_REGS # Save the return adderss - call *get_return_addr(%rip) # rax: get space for saving the return address mov RETADDR_OFFSET(%rsp), %rdi # rdi: get return address - mov %rdi, (%rax) # save the return address to the received space + call *push_addr(%rip) # save 'ret addr' and call pre_code # Change the return address on the 'wrapper_second' call next @@ -85,43 +81,91 @@ next: pop %rax # rax: get current rip add $(wrapper_second - next), %rax # rax: add offset to 'wrapper_second' mov %rax, RETADDR_OFFSET(%rsp) # change the return address - # Enable ASan - call *asan_enable_addr(%rip) - # Restore context POP_REGS + #int3 # Call original function jmp *target_addr(%rip) wrapper_second: + #int3 # Save context PUSH_REGS - # Align stack - add $8, %rsp - - # Disable ASan - call *asan_disable_addr(%rip) - + sub $8, %rsp # Restore the return address - call *get_return_addr(%rip) # rax: get pointer to saved the return address - sub $8, %rsp # 'restore' aligned stack - mov (%rax), %rdi # rdi: get the return address - mov %rdi, RETADDR_OFFSET(%rsp) # restore the return address + call *pop_addr(%rip) # rax: call post_code and get 'ret addr' + add $8, %rsp + mov %rax, RETADDR_OFFSET(%rsp) # restore the return address # Restore context POP_REGS - # Return + #int3 + # return ret hex_wrapper_size: .quad . - hex_wrapper - hex_wrapper_entry_offset: .quad hex_wrapper_entry - hex_wrapper -asan_enable_addr_offset: .quad asan_enable_addr - hex_wrapper -asan_disable_addr_offset: .quad asan_disable_addr - hex_wrapper -target_addr_offset: .quad target_addr - hex_wrapper -get_return_addr_offset: .quad get_return_addr - hex_wrapper # set environment LD_PRELOAD /root/asan/libasan.so +# b TheUMEntryPrestub +# b UMThunkStub + + + .global hex_wrapper2 + .global hex_wrapper2_size + .global hex_wrapper2_entry_offset + + .text + .code64 + +hex_wrapper2: +target_addr2: .quad 0x0badc0de0badc0de +push_addr2: .quad 0xdeadfeefdeadbeef +pop_addr2: .quad 0xdeadc0dedeadc0de + +hex_wrapper2_entry: + #int3 + # Save context + PUSH_REGS + + # Save the return adderss + mov RETADDR_OFFSET(%rsp), %rdi # rdi: get return address + call *push_addr2(%rip) # save 'ret addr' and call pre_code + + # Change the return address on the 'wrapper_second' + call next2 +next2: pop %rax # rax: get current rip + add $(wrapper_second2 - next2), %rax # rax: add offset to 'wrapper_second' + mov %rax, RETADDR_OFFSET(%rsp) # change the return address + + # Restore context + POP_REGS + + #int3 + # Call original function + jmp *target_addr2(%rip) +wrapper_second2: + sub $8, %rsp # add space for 'ret addr' + + #int3 + # Save context + PUSH_REGS + +// sub $8, %rsp + # Restore the return address + call *pop_addr2(%rip) # rax: call post_code and get 'ret addr' +// add $8, %rsp + mov %rax, RETADDR_OFFSET(%rsp) # restore the return address + + # Restore context + POP_REGS + + #int3 + # return + ret + +hex_wrapper2_size: .quad . - hex_wrapper2 +hex_wrapper2_entry_offset: .quad hex_wrapper2_entry - hex_wrapper2 |