shithub: drawcpu

Info • Files • Log • Branches
ref: 6d3e368f2d0796e366d2df8ed56e3b6fe0c42182
dir: /posix-arm64/trampoline.c/
#include <u.h>
#include <libc.h>

#define _NSYS		53

void asm_syscall_hook(void)
{
	__asm__ __volatile__ (
    	".global asm_syscall_hook \n\t"
    	"asm_syscall_hook: \n\t"
    	"stp x29, x30, [sp, #-16]! \n\t"  // Save frame pointer and link register
    	"mov x29, sp \n\t"                // Set up frame pointer
    	"sub sp, sp, #32 \n\t"            // Allocate 32 bytes on stack
    	"str x8, [sp, #24] \n\t"          // Save x8 (syscall number)
    	"stp x0, x1, [sp, #8] \n\t"       // Save x0 and x1
    	"str x2, [sp] \n\t"               // Save x2
    	"mov x0, x8 \n\t"                 // Move syscall number to x0
    	"mov x1, x0 \n\t"                 // Shift arguments: x0 -> x1
    	"mov x2, x1 \n\t"                 // x1 -> x2
    	"mov x3, x2 \n\t"                 // x2 -> x3
    	"mov x4, x3 \n\t"                 // x3 -> x4
    	"mov x5, x4 \n\t"                 // x4 -> x5
    	"mov x6, x5 \n\t"                 // x5 -> x6
    	"ldr x7, [sp, #24] \n\t"          // Load original x8 into x7
    	"bl _sysintercept \n\t"            // Call syscall function
    	"mov sp, x29 \n\t"                // Restore stack pointer
    	"ldp x29, x30, [sp], #16 \n\t"    // Restore frame pointer and link register
    	"ret \n\t"                        // Return
	);
}

int
trampoline(void *text)
{
    int i;

    for(i = 0; i < _NSYS; i++)
        ((uint8_t *)text)[i] = 0x90;

    /* Preserve redzone */
    ((uint8_t*)text)[_NSYS + 0x00] = 0x48;
    ((uint8_t *) text)[_NSYS + 0x01] = 0x81;
	((uint8_t *) text)[_NSYS + 0x02] = 0xec;
	((uint8_t *) text)[_NSYS + 0x03] = 0x80;
	((uint8_t *) text)[_NSYS + 0x04] = 0x00;
	((uint8_t *) text)[_NSYS + 0x05] = 0x00;
	((uint8_t *) text)[_NSYS + 0x06] = 0x00;

    /* 49 bb [64-bit addr (8-byte)] movabs [64-bit addr (8-byte)],%r11 */
	((uint8_t *) text)[_NSYS + 0x07] = 0x49;
	((uint8_t *) text)[_NSYS + 0x08] = 0xbb;
	((uint8_t *) text)[_NSYS + 0x09] = ((uint64_t) asm_syscall_hook >> (8 * 0)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0a] = ((uint64_t) asm_syscall_hook >> (8 * 1)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0b] = ((uint64_t) asm_syscall_hook >> (8 * 2)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0c] = ((uint64_t) asm_syscall_hook >> (8 * 3)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0d] = ((uint64_t) asm_syscall_hook >> (8 * 4)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0e] = ((uint64_t) asm_syscall_hook >> (8 * 5)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x0f] = ((uint64_t) asm_syscall_hook >> (8 * 6)) & 0xff;
	((uint8_t *) text)[_NSYS + 0x10] = ((uint64_t) asm_syscall_hook >> (8 * 7)) & 0xff;

	// 41 ff e3                jmp    *%r11
	((uint8_t *) text)[_NSYS + 0x11] = 0x41;
	((uint8_t *) text)[_NSYS + 0x12] = 0xff;
	((uint8_t *) text)[_NSYS + 0x13] = 0xe3;
	return i + 0x13;
}