From 108cdcf827bd6f7912b203ad4a8dd42d9d8e64f7 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 16 Jan 2024 15:41:43 +0200 Subject: [PATCH 01/40] stalker-x86: Add tests for transformer being able to replace calls/tailjmps with callouts --- tests/core/arch-x86/stalker-x86.c | 79 +++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index 683afaca6..fc8325213 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -31,6 +31,8 @@ TESTLIST_BEGIN (stalker) TESTENTRY (call_probe) TESTENTRY (custom_transformer) TESTENTRY (transformer_should_be_able_to_skip_call) + TESTENTRY (transformer_should_be_able_to_replace_call_with_callout) + TESTENTRY (transformer_should_be_able_to_replace_tailjump_with_callout) TESTENTRY (unfollow_should_be_allowed_before_first_transform) TESTENTRY (unfollow_should_be_allowed_mid_first_transform) TESTENTRY (unfollow_should_be_allowed_after_first_transform) @@ -192,6 +194,9 @@ static void insert_extra_increment_after_xor (GumStalkerIterator * iterator, static void store_xax (GumCpuContext * cpu_context, gpointer user_data); static void skip_call (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); +static void replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, + gpointer user_data); +static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void modify_to_return_true_after_three_calls ( @@ -1005,6 +1010,80 @@ skip_call (GumStalkerIterator * iterator, } } +TESTCASE (transformer_should_be_able_to_replace_call_with_callout) +{ + guint8 code_template[] = + { + 0xb8, 0x14, 0x05, 0x00, 0x00, /* mov eax, 1300 */ + 0xe8, 0x01, 0x00, 0x00, 0x00, /* call bump_number */ + 0xc3, /* ret */ + /* bump_number: */ + 0x83, 0xc0, 0x25, /* add eax, 37 */ + 0xc3, /* ret */ + }; + StalkerTestFunc func; + gint ret; + + func = (StalkerTestFunc) test_stalker_fixture_dup_code (fixture, + code_template, sizeof (code_template)); + + fixture->transformer = gum_stalker_transformer_make_from_callback (replace_call_with_callout, + func, NULL); + + ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); + g_assert_cmpuint (ret, ==, 0xc001); +} + +TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) +{ + guint8 code_template[] = + { + 0xb8, 0x14, 0x05, 0x00, 0x00, /* mov eax, 1300 */ + 0xe9, 0x01, 0x00, 0x00, 0x00, /* jump bump_number */ + 0xcc, /* int3 */ + /* bump_number: */ + 0x83, 0xc0, 0x25, /* add eax, 37 */ + 0xc3, /* ret */ + }; + StalkerTestFunc func; + gint ret; + + func = (StalkerTestFunc) test_stalker_fixture_dup_code (fixture, + code_template, sizeof (code_template)); + + fixture->transformer = gum_stalker_transformer_make_from_callback (replace_call_with_callout, + func, NULL); + + ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); + g_assert_cmpuint (ret, ==, 0xc001); +} + +static void +replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const guint8 * func_start = user_data; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + continue; + } + + gum_stalker_iterator_keep (iterator); + } +} + +static void +callout_set_cool (GumCpuContext * cpu_context, + gpointer user_data) +{ + cpu_context->rax = 0xc001; +} + TESTCASE (unfollow_should_be_allowed_before_first_transform) { UnfollowTransformContext ctx; From 7571e35f778728fe27b9f5076a33112de3106876 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 16 Jan 2024 16:00:04 +0200 Subject: [PATCH 02/40] stalker-x86: fix jmp in test --- tests/core/arch-x86/stalker-x86.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index fc8325213..e9e8d584c 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -1039,8 +1039,8 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) guint8 code_template[] = { 0xb8, 0x14, 0x05, 0x00, 0x00, /* mov eax, 1300 */ - 0xe9, 0x01, 0x00, 0x00, 0x00, /* jump bump_number */ - 0xcc, /* int3 */ + 0xeb, 0x01, /* jmp bump_number */ + 0x90, /* nop */ /* bump_number: */ 0x83, 0xc0, 0x25, /* add eax, 37 */ 0xc3, /* ret */ From a32d261891f1edabf6e30fc25f3491c2751197ef Mon Sep 17 00:00:00 2001 From: s1341 Date: Wed, 17 Jan 2024 09:51:07 +0200 Subject: [PATCH 03/40] stalker-x86: Add the new api call --- tests/core/arch-x86/stalker-x86.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index e9e8d584c..26d362b66 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -196,6 +196,8 @@ static void skip_call (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); +static void replace_jmp_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, + gpointer user_data); static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); @@ -1034,6 +1036,25 @@ TESTCASE (transformer_should_be_able_to_replace_call_with_callout) g_assert_cmpuint (ret, ==, 0xc001); } +static void +replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const guint8 * func_start = user_data; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + continue; + } + + gum_stalker_iterator_keep (iterator); + } +} + TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) { guint8 code_template[] = @@ -1051,7 +1072,7 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) func = (StalkerTestFunc) test_stalker_fixture_dup_code (fixture, code_template, sizeof (code_template)); - fixture->transformer = gum_stalker_transformer_make_from_callback (replace_call_with_callout, + fixture->transformer = gum_stalker_transformer_make_from_callback (replace_jmp_with_callout, func, NULL); ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); @@ -1059,7 +1080,7 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) } static void -replace_call_with_callout (GumStalkerIterator * iterator, +replace_jmp_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data) { @@ -1070,6 +1091,7 @@ replace_call_with_callout (GumStalkerIterator * iterator, { if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) { gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + gum_stalker_iterator_put_chaining_return(iterator); continue; } From a913d31d913088adbc17023cda0c58ab221567ef Mon Sep 17 00:00:00 2001 From: s1341 Date: Thu, 18 Jan 2024 07:37:32 +0200 Subject: [PATCH 04/40] stalker-x86: attempt to implement the gum_stalker_iterator_put_chaining_return function --- gum/backend-x86/gumstalker-x86.c | 9 +++++++++ gum/gumstalker.h | 1 + 2 files changed, 10 insertions(+) diff --git a/gum/backend-x86/gumstalker-x86.c b/gum/backend-x86/gumstalker-x86.c index 45a348ede..1fa873c20 100644 --- a/gum/backend-x86/gumstalker-x86.c +++ b/gum/backend-x86/gumstalker-x86.c @@ -3243,6 +3243,15 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) self->requirements = requirements; } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + + gum_exec_block_virtualize_ret_insn (block, gc); +} + GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { diff --git a/gum/gumstalker.h b/gum/gumstalker.h index 17b796e8a..0f5cfb11b 100644 --- a/gum/gumstalker.h +++ b/gum/gumstalker.h @@ -235,6 +235,7 @@ GUM_API GumMemoryAccess gum_stalker_iterator_get_memory_access ( GumStalkerIterator * self); GUM_API void gum_stalker_iterator_put_callout (GumStalkerIterator * self, GumStalkerCallout callout, gpointer data, GDestroyNotify data_destroy); +GUM_API void gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self); GUM_API csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self); #define GUM_DECLARE_OBSERVER_INCREMENT(name) \ From 44dd7be6fdba17c6c9ac2384dc4a50001a1b12f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= Date: Fri, 19 Jan 2024 15:34:53 +0100 Subject: [PATCH 05/40] stalker-x86: Fix put_chaining_return() --- gum/backend-x86/gumstalker-x86.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/gum/backend-x86/gumstalker-x86.c b/gum/backend-x86/gumstalker-x86.c index 1fa873c20..9f1bc4c0c 100644 --- a/gum/backend-x86/gumstalker-x86.c +++ b/gum/backend-x86/gumstalker-x86.c @@ -765,6 +765,8 @@ static void gum_exec_block_write_jmp_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, guint id, GumAddress jcc_address); static void gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc); +static void gum_exec_block_write_chaining_return_code (GumExecBlock * block, + GumGeneratorContext * gc, guint16 npop); static gpointer * gum_exec_block_write_inline_cache_code (GumExecBlock * block, GumGeneratorContext * gc, GumX86Writer * cw, GumX86Writer * cws); static void gum_exec_block_backpatch_slab (GumExecBlock * block, @@ -3249,7 +3251,12 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) GumExecBlock * block = self->exec_block; GumGeneratorContext * gc = self->generator_context; - gum_exec_block_virtualize_ret_insn (block, gc); + if ((block->ctx->sink_mask & GUM_RET) != 0) + gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + + gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); + + gum_exec_block_write_chaining_return_code (block, gc, 0); } GumMemoryAccess @@ -5617,11 +5624,6 @@ gum_exec_block_write_ret_transfer_code (GumExecBlock * block, cs_x86 * x86 = &insn->ci->detail->x86; cs_x86_op * op = &x86->operands[0]; guint16 npop = 0; - const gint trust_threshold = block->ctx->stalker->trust_threshold; - GumX86Writer * cw = gc->code_writer; - GumX86Writer * cws = gc->slow_writer; - gpointer * ic_match; - GumExecCtx * ctx = block->ctx; if (x86->op_count != 0) { @@ -5631,6 +5633,20 @@ gum_exec_block_write_ret_transfer_code (GumExecBlock * block, npop = op->imm; } + gum_exec_block_write_chaining_return_code (block, gc, npop); +} + +static void +gum_exec_block_write_chaining_return_code (GumExecBlock * block, + GumGeneratorContext * gc, + guint16 npop) +{ + const gint trust_threshold = block->ctx->stalker->trust_threshold; + GumX86Writer * cw = gc->code_writer; + GumX86Writer * cws = gc->slow_writer; + gpointer * ic_match; + GumExecCtx * ctx = block->ctx; + if (trust_threshold >= 0) { gum_exec_block_close_prolog (block, gc, gc->code_writer); From 4f1b47a079e887e838f6034b61f222d955a60c7a Mon Sep 17 00:00:00 2001 From: s1341 Date: Mon, 12 Feb 2024 15:43:44 +0200 Subject: [PATCH 06/40] stalker-x86: fix 32bit build --- tests/core/arch-x86/stalker-x86.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index 26d362b66..9c2f3c1d9 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -1103,7 +1103,11 @@ static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data) { +#if GLIB_SIZEOF_VOID_P == 8 cpu_context->rax = 0xc001; +#else + cpu_context->eax = 0xc001; +#endif } TESTCASE (unfollow_should_be_allowed_before_first_transform) From 1dc877a35e6cb891b148b37ddbc1301978e27e82 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 08:12:05 +0200 Subject: [PATCH 07/40] Style fixes --- gum/gumstalker.h | 3 ++- tests/core/arch-x86/stalker-x86.c | 30 ++++++++++++++++-------------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/gum/gumstalker.h b/gum/gumstalker.h index 0f5cfb11b..81cc18aed 100644 --- a/gum/gumstalker.h +++ b/gum/gumstalker.h @@ -235,7 +235,8 @@ GUM_API GumMemoryAccess gum_stalker_iterator_get_memory_access ( GumStalkerIterator * self); GUM_API void gum_stalker_iterator_put_callout (GumStalkerIterator * self, GumStalkerCallout callout, gpointer data, GDestroyNotify data_destroy); -GUM_API void gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self); +GUM_API void gum_stalker_iterator_put_chaining_return ( + GumStalkerIterator * self); GUM_API csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self); #define GUM_DECLARE_OBSERVER_INCREMENT(name) \ diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index 9c2f3c1d9..2b00a4ee5 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -194,10 +194,10 @@ static void insert_extra_increment_after_xor (GumStalkerIterator * iterator, static void store_xax (GumCpuContext * cpu_context, gpointer user_data); static void skip_call (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); -static void replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, - gpointer user_data); -static void replace_jmp_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, - gpointer user_data); +static void replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void replace_jmp_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); @@ -1029,8 +1029,8 @@ TESTCASE (transformer_should_be_able_to_replace_call_with_callout) func = (StalkerTestFunc) test_stalker_fixture_dup_code (fixture, code_template, sizeof (code_template)); - fixture->transformer = gum_stalker_transformer_make_from_callback (replace_call_with_callout, - func, NULL); + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_call_with_callout, func, NULL); ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); @@ -1046,7 +1046,8 @@ replace_call_with_callout (GumStalkerIterator * iterator, while (gum_stalker_iterator_next (iterator, &insn)) { - if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) { + if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) + { gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); continue; } @@ -1072,8 +1073,8 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) func = (StalkerTestFunc) test_stalker_fixture_dup_code (fixture, code_template, sizeof (code_template)); - fixture->transformer = gum_stalker_transformer_make_from_callback (replace_jmp_with_callout, - func, NULL); + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_jmp_with_callout, func, NULL); ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); @@ -1081,17 +1082,18 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) static void replace_jmp_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, - gpointer user_data) + GumStalkerOutput * output, + gpointer user_data) { const guint8 * func_start = user_data; const cs_insn * insn; while (gum_stalker_iterator_next (iterator, &insn)) { - if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) { + if (insn->address == GPOINTER_TO_SIZE (func_start + 5)) + { gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); - gum_stalker_iterator_put_chaining_return(iterator); + gum_stalker_iterator_put_chaining_return (iterator); continue; } @@ -1101,7 +1103,7 @@ replace_jmp_with_callout (GumStalkerIterator * iterator, static void callout_set_cool (GumCpuContext * cpu_context, - gpointer user_data) + gpointer user_data) { #if GLIB_SIZEOF_VOID_P == 8 cpu_context->rax = 0xc001; From f45f78e3feedbb1972914debc936bfc162980431 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 08:35:06 +0200 Subject: [PATCH 08/40] stalker-arm64: implement call->callout tests --- tests/core/arch-arm64/stalker-arm64.c | 104 ++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/tests/core/arch-arm64/stalker-arm64.c b/tests/core/arch-arm64/stalker-arm64.c index e0007557e..1c5974d4d 100644 --- a/tests/core/arch-arm64/stalker-arm64.c +++ b/tests/core/arch-arm64/stalker-arm64.c @@ -32,6 +32,8 @@ TESTLIST_BEGIN (stalker) /* TRANSFORMERS */ TESTENTRY (custom_transformer) TESTENTRY (transformer_should_be_able_to_skip_call) + TESTENTRY (transformer_should_be_able_to_replace_call_with_callout) + TESTENTRY (transformer_should_be_able_to_replace_tailjump_with_callout) TESTENTRY (unfollow_should_be_allowed_before_first_transform) TESTENTRY (unfollow_should_be_allowed_mid_first_transform) TESTENTRY (unfollow_should_be_allowed_after_first_transform) @@ -123,6 +125,11 @@ static void insert_extra_add_after_sub (GumStalkerIterator * iterator, static void store_x0 (GumCpuContext * cpu_context, gpointer user_data); static void skip_call (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); +static void replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void replace_jmp_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static gboolean test_is_finished (void); @@ -544,6 +551,103 @@ skip_call (GumStalkerIterator * iterator, } } +TESTCASE (transformer_should_be_able_to_replace_call_with_callout) +{ + guint32 code_template[] = + { + 0xa9bf7bfd, /* push {x29, x30} */ + 0xd280a280, /* mov x0, #1300 */ + 0x94000003, /* bl bump_number */ + 0xa8c17bfd, /* pop {x29, x30} */ + 0xd65f03c0, /* ret */ + /* bump_number: */ + 0x91009400, /* add x0, x0, #37 */ + 0xd65f03c0, /* ret */ + }; + StalkerTestFunc func; + gint ret; + + func = (StalkerTestFunc) test_arm64_stalker_fixture_dup_code (fixture, + code_template, sizeof (code_template)); + + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_call_with_callout, func, NULL); + + ret = test_arm64_stalker_fixture_follow_and_invoke (fixture, func, 0); + g_assert_cmpuint (ret, ==, 0xc001); +} + +static void +replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const guint32 * func_start = user_data; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->address == GPOINTER_TO_SIZE (func_start + 2)) + { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + continue; + } + + gum_stalker_iterator_keep (iterator); + } +} + +TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) +{ + guint32 code_template[] = + { + 0xd280a280, /* mov x0, #1300 */ + 0x14000001, /* b bump_number */ + /* bump_number: */ + 0x91009400, /* add x0, x0, #37 */ + 0xd65f03c0, /* ret */ + }; + StalkerTestFunc func; + gint ret; + + func = (StalkerTestFunc) test_arm64_stalker_fixture_dup_code (fixture, + code_template, sizeof (code_template)); + + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_jmp_with_callout, func, NULL); + + ret = test_arm64_stalker_fixture_follow_and_invoke (fixture, func, 0); + g_assert_cmpuint (ret, ==, 0xc001); +} + +static void +replace_jmp_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const guint32 * func_start = user_data; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->address == GPOINTER_TO_SIZE (func_start + 1)) + { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + gum_stalker_iterator_put_chaining_return (iterator); + continue; + } + + gum_stalker_iterator_keep (iterator); + } +} + +static void +callout_set_cool (GumCpuContext * cpu_context, + gpointer user_data) +{ + cpu_context->x0 = 0xc001; +} + TESTCASE (unfollow_should_be_allowed_before_first_transform) { UnfollowTransformContext ctx; From 479b4c82e4c62ae707275c53cb52ac4783fd8211 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 08:40:29 +0200 Subject: [PATCH 09/40] stalker-arm64: fix register access --- tests/core/arch-arm64/stalker-arm64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/core/arch-arm64/stalker-arm64.c b/tests/core/arch-arm64/stalker-arm64.c index 1c5974d4d..ac3464c7f 100644 --- a/tests/core/arch-arm64/stalker-arm64.c +++ b/tests/core/arch-arm64/stalker-arm64.c @@ -645,7 +645,7 @@ static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data) { - cpu_context->x0 = 0xc001; + cpu_context->x[0] = 0xc001; } TESTCASE (unfollow_should_be_allowed_before_first_transform) From f4abe478176231e354d71771d869aaacf9e10a72 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 08:42:02 +0200 Subject: [PATCH 10/40] Style fixes --- tests/core/arch-arm64/stalker-arm64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-arm64/stalker-arm64.c b/tests/core/arch-arm64/stalker-arm64.c index ac3464c7f..ba3526a5d 100644 --- a/tests/core/arch-arm64/stalker-arm64.c +++ b/tests/core/arch-arm64/stalker-arm64.c @@ -579,8 +579,8 @@ TESTCASE (transformer_should_be_able_to_replace_call_with_callout) static void replace_call_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, - gpointer user_data) + GumStalkerOutput * output, + gpointer user_data) { const guint32 * func_start = user_data; const cs_insn * insn; From 86ff4b6f8171370bcc1474332e44a573e2c93c1f Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 09:12:31 +0200 Subject: [PATCH 11/40] stalker-arm: introduce call->callout test --- tests/core/arch-arm/stalker-arm.c | 54 +++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 0a8343c80..29d2d2d1c 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -98,6 +98,7 @@ TESTLIST_BEGIN (stalker) TESTENTRY (performance) TESTENTRY (custom_transformer) + TESTENTRY (arm_transformer_should_be_able_to_replace_call_with_callout) TESTENTRY (arm_callout) TESTENTRY (thumb_callout) TESTENTRY (unfollow_should_be_allowed_before_first_transform) @@ -163,6 +164,9 @@ static GLogWriterOutput test_log_writer_func (GLogLevelFlags log_level, const GLogField * fields, gsize n_fields, gpointer user_data); static void duplicate_adds (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); +static void replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void transform_arm_return_value (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void on_arm_ret (GumCpuContext * cpu_context, gpointer user_data); @@ -3249,6 +3253,56 @@ add_n_return_value_increments (GumStalkerIterator * iterator, } } +TESTCODE (arm_simple_call, + 0x14, 0x05, 0x00, 0xe3, /* mov r0, 1300 */ + 0xfe, 0xff, 0xff, 0xfa, /* blx bump_number */ + 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ + /* bump_number: */ + 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ + 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ +); + +TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) +{ + guint32 code[CODE_SIZE (arm_simple_call) / sizeof (guint32)], val; + + memcpy (code, arm_simple_call, CODE_SIZE (arm_simple_call)); + + fixture->transformer = gum_stalker_transformer_make_from_callback ( + insert_callout_after_cmp, NULL, NULL); + + INVOKE_ARM_EXPECTING (GUM_EXEC, code, 0xc001); +} + +static void +replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + gint * num_cmp_callouts = user_data; + GumMemoryAccess access; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->id == ARM_INS_BLX) + { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, + NULL, NULL); + continue; + } + gum_stalker_iterator_keep (iterator); + } +} + +static void +callout_set_cool (GumCpuContext * cpu_context, + gpointer user_data) +{ + cpu_context->r[0] = 0xc001; +} + + TESTCODE (arm_ldrex_strex, 0x44, 0x00, 0x9f, 0xe5, /* ldr r0, [pointer_to_value] */ /* retry: */ From df3759a571eb3301ac30fd3120936c99058fb9cd Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 09:13:54 +0200 Subject: [PATCH 12/40] Style fixes --- tests/core/arch-arm/stalker-arm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 29d2d2d1c..98b247e69 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3302,7 +3302,6 @@ callout_set_cool (GumCpuContext * cpu_context, cpu_context->r[0] = 0xc001; } - TESTCODE (arm_ldrex_strex, 0x44, 0x00, 0x9f, 0xe5, /* ldr r0, [pointer_to_value] */ /* retry: */ From 9da638781ab7470ba2ddf33a7665046811b6219d Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 09:22:55 +0200 Subject: [PATCH 13/40] stalker-arm: add another test and fix previous one --- tests/core/arch-arm/stalker-arm.c | 47 ++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 98b247e69..202059391 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -99,6 +99,7 @@ TESTLIST_BEGIN (stalker) TESTENTRY (custom_transformer) TESTENTRY (arm_transformer_should_be_able_to_replace_call_with_callout) + TESTENTRY (arm_transformer_should_be_able_to_replace_jumpout_with_callout) TESTENTRY (arm_callout) TESTENTRY (thumb_callout) TESTENTRY (unfollow_should_be_allowed_before_first_transform) @@ -166,6 +167,8 @@ static void duplicate_adds (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); +static void replace_jumpout_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void transform_arm_return_value (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); @@ -3269,7 +3272,7 @@ TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) memcpy (code, arm_simple_call, CODE_SIZE (arm_simple_call)); fixture->transformer = gum_stalker_transformer_make_from_callback ( - insert_callout_after_cmp, NULL, NULL); + replace_call_with_callout, NULL, NULL); INVOKE_ARM_EXPECTING (GUM_EXEC, code, 0xc001); } @@ -3295,6 +3298,48 @@ replace_call_with_callout (GumStalkerIterator * iterator, } } +TESTCODE (arm_simple_jumpout, + 0x14, 0x05, 0x00, 0xe3, /* mov r0, 1300 */ + 0xff, 0xff, 0xff, 0xea, /* b bump_number */ + /* bump_number: */ + 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ + 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ +); + +TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) +{ + guint32 code[CODE_SIZE (Arm_simple_jumpout) / sizeof (guint32)], val; + + memcpy (code, arm_simple_jumpout, CODE_SIZE (arm_simple_jumpout)); + + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_jumpout_with_callout, NULL, NULL); + + INVOKE_ARM_EXPECTING (GUM_EXEC, code, 0xc001); +} + +static void +replace_jumpout_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + gint * num_cmp_callouts = user_data; + GumMemoryAccess access; + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->id == ARM_INS_B) + { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, + NULL, NULL); + gum_stalker_iterator_put_chaining_return (iterator); + continue; + } + gum_stalker_iterator_keep (iterator); + } +} + static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data) From ab67e857f96ef21617cb5080843e1b7e9ee9f550 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 09:24:31 +0200 Subject: [PATCH 14/40] Style fixes --- tests/core/arch-arm/stalker-arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 202059391..1190a8d2d 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3320,8 +3320,8 @@ TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) static void replace_jumpout_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, - gpointer user_data) + GumStalkerOutput * output, + gpointer user_data) { gint * num_cmp_callouts = user_data; GumMemoryAccess access; From 349aadcafbe42ab5b2818bbd8885da0dc2d7d96b Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 09:39:24 +0200 Subject: [PATCH 15/40] stalker-arm: fix bugs --- tests/core/arch-arm/stalker-arm.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 1190a8d2d..af03e0cc1 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3267,7 +3267,7 @@ TESTCODE (arm_simple_call, TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) { - guint32 code[CODE_SIZE (arm_simple_call) / sizeof (guint32)], val; + guint32 code[CODE_SIZE (arm_simple_call) / sizeof (guint32)]; memcpy (code, arm_simple_call, CODE_SIZE (arm_simple_call)); @@ -3282,8 +3282,6 @@ replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data) { - gint * num_cmp_callouts = user_data; - GumMemoryAccess access; const cs_insn * insn; while (gum_stalker_iterator_next (iterator, &insn)) @@ -3308,7 +3306,7 @@ TESTCODE (arm_simple_jumpout, TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) { - guint32 code[CODE_SIZE (Arm_simple_jumpout) / sizeof (guint32)], val; + guint32 code[CODE_SIZE (arm_simple_jumpout) / sizeof (guint32)]; memcpy (code, arm_simple_jumpout, CODE_SIZE (arm_simple_jumpout)); @@ -3323,8 +3321,6 @@ replace_jumpout_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data) { - gint * num_cmp_callouts = user_data; - GumMemoryAccess access; const cs_insn * insn; while (gum_stalker_iterator_next (iterator, &insn)) From c7eaa82a17d03956d3904fe34b1cffe83cf6147a Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:27:16 +0200 Subject: [PATCH 16/40] stalker-arm64: attempt to implement put_chaining_return --- gum/backend-arm64/gumstalker-arm64.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index 12988a364..742f4a012 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -693,6 +693,8 @@ static void gum_exec_block_write_jmp_transfer_code (GumExecBlock * block, GumGeneratorContext * gc); static void gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg); +static void gum_exec_block_write_chaining_return_code (GumExecBlock * block, + GumGeneratorContext * gc); static void gum_exec_block_write_slab_transfer_code (GumArm64Writer * from, GumArm64Writer * to); static void gum_exec_block_backpatch_slab (GumExecBlock * block, @@ -3019,6 +3021,20 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) self->requirements = requirements; } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + + if ((block->ctx->sink_mask & GUM_RET) != 0) + gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + + gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); + + gum_exec_block_write_chaining_return_code (block, gc); +} + GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { @@ -5093,6 +5109,14 @@ static void gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg) +{ + gum_exec_block_write_chaining_return_code(block, gc); +} + + +static void +gum_exec_block_write_chaining_return_code (GumExecBlock * block, + GumGeneratorContext * gc) { GumArm64Writer * cw = gc->code_writer; GumArm64Writer * cws = gc->slow_writer; From 20445caa83987a6ed6f68ad80fd80e48eee7b7df Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:28:41 +0200 Subject: [PATCH 17/40] Style fixes --- gum/backend-arm64/gumstalker-arm64.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index 742f4a012..6deaf1c0e 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -5110,10 +5110,9 @@ gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg) { - gum_exec_block_write_chaining_return_code(block, gc); + gum_exec_block_write_chaining_return_code (block, gc); } - static void gum_exec_block_write_chaining_return_code (GumExecBlock * block, GumGeneratorContext * gc) From 3479852fb033bb64314d0c73f5a87660c1727390 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:33:58 +0200 Subject: [PATCH 18/40] stalker-arm64: fix missing ret_reg --- gum/backend-arm64/gumstalker-arm64.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index 6deaf1c0e..fa02c317d 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -694,7 +694,7 @@ static void gum_exec_block_write_jmp_transfer_code (GumExecBlock * block, static void gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg); static void gum_exec_block_write_chaining_return_code (GumExecBlock * block, - GumGeneratorContext * gc); + GumGeneratorContext * gc, arm64_reg ret_reg); static void gum_exec_block_write_slab_transfer_code (GumArm64Writer * from, GumArm64Writer * to); static void gum_exec_block_backpatch_slab (GumExecBlock * block, @@ -3032,7 +3032,7 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); - gum_exec_block_write_chaining_return_code (block, gc); + gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_LR); } GumMemoryAccess @@ -5110,12 +5110,13 @@ gum_exec_block_write_ret_transfer_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg) { - gum_exec_block_write_chaining_return_code (block, gc); + gum_exec_block_write_chaining_return_code (block, gc, ret_reg); } static void gum_exec_block_write_chaining_return_code (GumExecBlock * block, - GumGeneratorContext * gc) + GumGeneratorContext * gc, + arm64_reg ret_reg) { GumArm64Writer * cw = gc->code_writer; GumArm64Writer * cws = gc->slow_writer; From 8d2addd1f93d3775dfd02be360eb916e84c94e06 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:37:52 +0200 Subject: [PATCH 19/40] stalker-arm64: get rid of unnecessary and undefined function --- gum/backend-arm64/gumstalker-arm64.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index fa02c317d..880d73f66 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -3030,8 +3030,6 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) if ((block->ctx->sink_mask & GUM_RET) != 0) gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); - gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); - gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_LR); } From 36452418c1f66306a11599533aa644ae8a90a6ee Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:56:44 +0200 Subject: [PATCH 20/40] stalker-arm64: use X30 instead of LR --- gum/backend-arm64/gumstalker-arm64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index 880d73f66..f9fd3841e 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -3030,7 +3030,7 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) if ((block->ctx->sink_mask & GUM_RET) != 0) gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); - gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_LR); + gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_X30); } GumMemoryAccess From a73f213622ec4966d530c425fbb089cc6f621af6 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 14:57:29 +0200 Subject: [PATCH 21/40] stalker-arm: implement empty put_chaining_return --- gum/backend-arm/gumstalker-arm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index dd6875b15..c7f52155b 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2640,6 +2640,18 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) gum_stalker_iterator_arm_keep (self); } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + // GumExecBlock * block = self->exec_block; + // GumGeneratorContext * gc = self->generator_context; + + // if ((block->ctx->sink_mask & GUM_RET) != 0) + // gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + + // gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_X30); +} + GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { From 76897ff9b440b99b54a3f109a33633a5318d2b03 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 15:21:47 +0200 Subject: [PATCH 22/40] stalker-arm: fix broken tests --- tests/core/arch-arm/stalker-arm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index af03e0cc1..b96ecfb30 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3257,9 +3257,10 @@ add_n_return_value_increments (GumStalkerIterator * iterator, } TESTCODE (arm_simple_call, + 0x04, 0xe0, 0x2d, 0xe5, /* push {lr} */ 0x14, 0x05, 0x00, 0xe3, /* mov r0, 1300 */ 0xfe, 0xff, 0xff, 0xfa, /* blx bump_number */ - 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ + 0x04, 0xf0, 0x9d, 0xe4, /* pop {pc} */ /* bump_number: */ 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ From 5d60144517caea81401c409e4f24e071e9dde86e Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 15:29:25 +0200 Subject: [PATCH 23/40] stalker-arm: fix broken tests --- tests/core/arch-arm/stalker-arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index b96ecfb30..75405a02f 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3258,8 +3258,8 @@ add_n_return_value_increments (GumStalkerIterator * iterator, TESTCODE (arm_simple_call, 0x04, 0xe0, 0x2d, 0xe5, /* push {lr} */ - 0x14, 0x05, 0x00, 0xe3, /* mov r0, 1300 */ - 0xfe, 0xff, 0xff, 0xfa, /* blx bump_number */ + 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ + 0x00, 0x00, 0x00, 0xfa, /* blx bump_number */ 0x04, 0xf0, 0x9d, 0xe4, /* pop {pc} */ /* bump_number: */ 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ From 4371e5e501291883673fe6bb437466b4b7dffcb6 Mon Sep 17 00:00:00 2001 From: s1341 Date: Tue, 13 Feb 2024 15:34:20 +0200 Subject: [PATCH 24/40] stalker-arm: fix broken tests --- tests/core/arch-arm/stalker-arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 75405a02f..885a155a9 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3298,8 +3298,8 @@ replace_call_with_callout (GumStalkerIterator * iterator, } TESTCODE (arm_simple_jumpout, - 0x14, 0x05, 0x00, 0xe3, /* mov r0, 1300 */ - 0xff, 0xff, 0xff, 0xea, /* b bump_number */ + 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ + 0xff, 0xff, 0xff, 0xea, /* b bump_number */ /* bump_number: */ 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ From 5ef4a28f5fa4647c31844b4884586f206ebc2d30 Mon Sep 17 00:00:00 2001 From: sharad Date: Sun, 25 Feb 2024 02:59:51 -0500 Subject: [PATCH 25/40] ARM implementation of chaining return --- gum/backend-arm/gumstalker-arm.c | 72 ++++++++++++++++++++++--------- tests/core/arch-arm/stalker-arm.c | 15 ++++--- 2 files changed, 60 insertions(+), 27 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index c7f52155b..842737f32 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2510,15 +2510,15 @@ gum_stalker_iterator_arm_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } - - if (gum_arm_relocator_eob (rl)) + } else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)){ return FALSE; + } } instruction = &self->instruction; n_read = gum_arm_relocator_read_one (rl, &instruction->ci); + if (n_read == 0) return FALSE; @@ -2569,10 +2569,9 @@ gum_stalker_iterator_thumb_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } - - if (gum_thumb_relocator_eob (rl)) + } else if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)){ return FALSE; + } } instruction = &self->instruction; @@ -2643,13 +2642,22 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) void gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) { - // GumExecBlock * block = self->exec_block; - // GumGeneratorContext * gc = self->generator_context; + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + GumBranchTarget target = {0}; + + target.type = GUM_TARGET_DIRECT_REG_OFFSET; + GumBranchDirectRegOffset* value = &target.value.direct_reg_offset; + value->reg = ARM_REG_LR; + value->offset = 0; + value->mode = GUM_ARM_MODE_CURRENT; - // if ((block->ctx->sink_mask & GUM_RET) != 0) - // gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + if(gc->is_thumb){ + gum_exec_block_virtualize_thumb_ret_insn(block, &target, false, 0, gc); + }else{ + gum_exec_block_virtualize_arm_ret_insn(block, &target, ARM_CC_AL, false, 0, gc); + } - // gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_X30); } GumMemoryAccess @@ -2781,11 +2789,13 @@ gum_stalker_iterator_handle_thumb_branch_insn (GumStalkerIterator * self, case ARM_INS_MOV: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, FALSE, 0, gc); + gum_thumb_relocator_skip_one(gc->thumb_relocator); break; case ARM_INS_POP: case ARM_INS_LDM: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, TRUE, mask, gc); + gum_thumb_relocator_skip_one(gc->thumb_relocator); break; case ARM_INS_SMC: case ARM_INS_HVC: @@ -2848,11 +2858,10 @@ gum_stalker_iterator_handle_thumb_it_insn (GumStalkerIterator * self) /* * Put a breakpoint to trap and detect any errant continued execution (the - * branch should handle any possible continuation). Skip the original - * branch instruction. + * branch should handle any possible continuation). The original instruction + * is skipped by the branch code */ - gum_thumb_writer_put_breakpoint (gc->thumb_writer); - gum_thumb_relocator_skip_one (gc->thumb_relocator); + //gum_thumb_writer_put_breakpoint (gc->thumb_writer); } else { @@ -4493,7 +4502,7 @@ gum_exec_block_virtualize_arm_branch_insn (GumExecBlock * block, if (backpatch_prolog_state == GUM_PROLOG_CLOSED) gum_exec_block_arm_open_prolog (block, gc); - + gum_exec_block_write_arm_handle_excluded (block, target, FALSE, gc); gum_exec_block_write_arm_handle_kuser_helper (block, target, gc); gum_exec_block_write_arm_call_switch_block (block, target, gc); @@ -4584,6 +4593,15 @@ gum_exec_block_virtualize_thumb_branch_insn (GumExecBlock * block, gum_exec_block_write_thumb_handle_writeback (block, writeback, gc); gum_exec_block_write_thumb_exec_generated_code (cw, block->ctx); + + /* + * We MUST do this last to account for IT blocks. gum_thumb_relocator_skip_one will complete + * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the + * middle of the relocated branch + */ + + gum_thumb_relocator_skip_one(gc->thumb_relocator); + } static void @@ -4614,6 +4632,7 @@ gum_exec_block_virtualize_arm_call_insn (GumExecBlock * block, gum_arm_writer_put_ldr_reg_address (gc->arm_writer, ARM_REG_LR, GUM_ADDRESS (ret_real_address)); gum_exec_block_write_arm_exec_generated_code (gc->arm_writer, block->ctx); + } static void @@ -4641,6 +4660,15 @@ gum_exec_block_virtualize_thumb_call_insn (GumExecBlock * block, gum_thumb_writer_put_ldr_reg_address (gc->thumb_writer, ARM_REG_LR, GUM_ADDRESS (ret_real_address)); gum_exec_block_write_thumb_exec_generated_code (gc->thumb_writer, block->ctx); + + /* + * We MUST do this last to account for IT blocks. gum_thumb_relocator_skip_one will complete + * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the middle + * of the relocated branch + */ + + gum_thumb_relocator_skip_one(gc->thumb_relocator); + } static void @@ -4700,6 +4728,8 @@ gum_exec_block_virtualize_arm_ret_insn (GumExecBlock * block, } gum_exec_block_write_arm_exec_generated_code (gc->arm_writer, block->ctx); + + gum_arm_relocator_skip_one(gc->arm_relocator); } static void @@ -4761,7 +4791,6 @@ gum_exec_block_virtualize_arm_svc_insn (GumExecBlock * block, gum_exec_block_dont_virtualize_arm_insn (block, gc); #ifdef HAVE_LINUX - { GumArmWriter * cw = gc->arm_writer; gconstpointer not_cloned_child = cw->code + 1; @@ -4793,7 +4822,6 @@ gum_exec_block_virtualize_arm_svc_insn (GumExecBlock * block, /* Restore the flags */ gum_arm_writer_put_mov_cpsr_reg (cw, ARM_REG_R1); gum_arm_writer_put_pop_regs (cw, 1, ARM_REG_R1); - } #endif } @@ -5135,8 +5163,10 @@ gum_exec_block_write_arm_handle_excluded (GumExecBlock * block, */ if (target->type == GUM_TARGET_DIRECT_ADDRESS) { - if (!check (block->ctx, target->value.direct_address.address)) + if (!check (block->ctx, target->value.direct_address.address)){ + gum_arm_relocator_skip_one (gc->arm_relocator); //in the case we return early, we still need to skip return; + } } if (target->type != GUM_TARGET_DIRECT_ADDRESS) @@ -5198,8 +5228,10 @@ gum_exec_block_write_thumb_handle_excluded (GumExecBlock * block, if (target->type == GUM_TARGET_DIRECT_ADDRESS) { - if (!check (block->ctx, target->value.direct_address.address)) + if (!check (block->ctx, target->value.direct_address.address)){ return; + } + } if (target->type != GUM_TARGET_DIRECT_ADDRESS) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 885a155a9..f3e11860a 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3259,7 +3259,7 @@ add_n_return_value_increments (GumStalkerIterator * iterator, TESTCODE (arm_simple_call, 0x04, 0xe0, 0x2d, 0xe5, /* push {lr} */ 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ - 0x00, 0x00, 0x00, 0xfa, /* blx bump_number */ + 0x00, 0x00, 0x00, 0xeb, /* bl bump_number */ 0x04, 0xf0, 0x9d, 0xe4, /* pop {pc} */ /* bump_number: */ 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ @@ -3275,7 +3275,7 @@ TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) fixture->transformer = gum_stalker_transformer_make_from_callback ( replace_call_with_callout, NULL, NULL); - INVOKE_ARM_EXPECTING (GUM_EXEC, code, 0xc001); + INVOKE_ARM_EXPECTING (GUM_NOTHING, arm_simple_call, 0xc001); } static void @@ -3284,16 +3284,17 @@ replace_call_with_callout (GumStalkerIterator * iterator, gpointer user_data) { const cs_insn * insn; - + static int num = 0; while (gum_stalker_iterator_next (iterator, &insn)) { - if (insn->id == ARM_INS_BLX) + if (num == 4) { gum_stalker_iterator_put_callout (iterator, callout_set_cool, - NULL, NULL); - continue; + NULL, NULL); + } else { + gum_stalker_iterator_keep (iterator); } - gum_stalker_iterator_keep (iterator); + num++; } } From 83e2107c8a7b4d6a410707496d714df3eaf86dcb Mon Sep 17 00:00:00 2001 From: sharad Date: Sun, 25 Feb 2024 04:30:15 -0500 Subject: [PATCH 26/40] Formatting --- gum/backend-arm/gumstalker-arm.c | 13 ++++--------- tests/core/arch-arm/stalker-arm.c | 6 +++--- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index 842737f32..f2ce9778d 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2647,7 +2647,7 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) GumBranchTarget target = {0}; target.type = GUM_TARGET_DIRECT_REG_OFFSET; - GumBranchDirectRegOffset* value = &target.value.direct_reg_offset; + GumBranchDirectRegOffset * value = &target.value.direct_reg_offset; value->reg = ARM_REG_LR; value->offset = 0; value->mode = GUM_ARM_MODE_CURRENT; @@ -2855,13 +2855,6 @@ gum_stalker_iterator_handle_thumb_it_insn (GumStalkerIterator * self) */ insn->detail->arm.cc = ARM_CC_AL; gum_stalker_iterator_handle_thumb_branch_insn (self, insn); - - /* - * Put a breakpoint to trap and detect any errant continued execution (the - * branch should handle any possible continuation). The original instruction - * is skipped by the branch code - */ - //gum_thumb_writer_put_breakpoint (gc->thumb_writer); } else { @@ -4791,6 +4784,7 @@ gum_exec_block_virtualize_arm_svc_insn (GumExecBlock * block, gum_exec_block_dont_virtualize_arm_insn (block, gc); #ifdef HAVE_LINUX + { GumArmWriter * cw = gc->arm_writer; gconstpointer not_cloned_child = cw->code + 1; @@ -4822,6 +4816,7 @@ gum_exec_block_virtualize_arm_svc_insn (GumExecBlock * block, /* Restore the flags */ gum_arm_writer_put_mov_cpsr_reg (cw, ARM_REG_R1); gum_arm_writer_put_pop_regs (cw, 1, ARM_REG_R1); + } #endif } @@ -5164,7 +5159,7 @@ gum_exec_block_write_arm_handle_excluded (GumExecBlock * block, if (target->type == GUM_TARGET_DIRECT_ADDRESS) { if (!check (block->ctx, target->value.direct_address.address)){ - gum_arm_relocator_skip_one (gc->arm_relocator); //in the case we return early, we still need to skip + gum_arm_relocator_skip_one (gc->arm_relocator); return; } } diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index f3e11860a..7368f07c5 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3284,17 +3284,17 @@ replace_call_with_callout (GumStalkerIterator * iterator, gpointer user_data) { const cs_insn * insn; - static int num = 0; + static int insn_num = 0; while (gum_stalker_iterator_next (iterator, &insn)) { - if (num == 4) + if (insn_num == 4) { gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); } else { gum_stalker_iterator_keep (iterator); } - num++; + insn_num++; } } From fe3a4001ba39ce1cbac30cae3feca58c0c5d9194 Mon Sep 17 00:00:00 2001 From: sharad Date: Sun, 25 Feb 2024 05:23:19 -0500 Subject: [PATCH 27/40] Additional formatting fixes --- gum/backend-arm/gumstalker-arm.c | 37 +++++++++++++++++-------------- tests/core/arch-arm/stalker-arm.c | 14 ++++-------- 2 files changed, 24 insertions(+), 27 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index f2ce9778d..59a0943bb 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2510,7 +2510,9 @@ gum_stalker_iterator_arm_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)){ + } + else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)) + { return FALSE; } } @@ -2569,7 +2571,9 @@ gum_stalker_iterator_thumb_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } else if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)){ + } + else if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)) + { return FALSE; } } @@ -2644,7 +2648,7 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) { GumExecBlock * block = self->exec_block; GumGeneratorContext * gc = self->generator_context; - GumBranchTarget target = {0}; + GumBranchTarget target; target.type = GUM_TARGET_DIRECT_REG_OFFSET; GumBranchDirectRegOffset * value = &target.value.direct_reg_offset; @@ -2652,12 +2656,14 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) value->offset = 0; value->mode = GUM_ARM_MODE_CURRENT; - if(gc->is_thumb){ - gum_exec_block_virtualize_thumb_ret_insn(block, &target, false, 0, gc); - }else{ - gum_exec_block_virtualize_arm_ret_insn(block, &target, ARM_CC_AL, false, 0, gc); + if (gc->is_thumb) + { + gum_exec_block_virtualize_thumb_ret_insn (block, &target, false, 0, gc); + } + else + { + gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, 0, gc); } - } GumMemoryAccess @@ -2789,13 +2795,13 @@ gum_stalker_iterator_handle_thumb_branch_insn (GumStalkerIterator * self, case ARM_INS_MOV: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, FALSE, 0, gc); - gum_thumb_relocator_skip_one(gc->thumb_relocator); + gum_thumb_relocator_skip_one (gc->thumb_relocator); break; case ARM_INS_POP: case ARM_INS_LDM: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, TRUE, mask, gc); - gum_thumb_relocator_skip_one(gc->thumb_relocator); + gum_thumb_relocator_skip_one (gc->thumb_relocator); break; case ARM_INS_SMC: case ARM_INS_HVC: @@ -4593,8 +4599,7 @@ gum_exec_block_virtualize_thumb_branch_insn (GumExecBlock * block, * middle of the relocated branch */ - gum_thumb_relocator_skip_one(gc->thumb_relocator); - + gum_thumb_relocator_skip_one (gc->thumb_relocator); } static void @@ -4625,7 +4630,6 @@ gum_exec_block_virtualize_arm_call_insn (GumExecBlock * block, gum_arm_writer_put_ldr_reg_address (gc->arm_writer, ARM_REG_LR, GUM_ADDRESS (ret_real_address)); gum_exec_block_write_arm_exec_generated_code (gc->arm_writer, block->ctx); - } static void @@ -4660,8 +4664,7 @@ gum_exec_block_virtualize_thumb_call_insn (GumExecBlock * block, * of the relocated branch */ - gum_thumb_relocator_skip_one(gc->thumb_relocator); - + gum_thumb_relocator_skip_one (gc->thumb_relocator); } static void @@ -5158,7 +5161,8 @@ gum_exec_block_write_arm_handle_excluded (GumExecBlock * block, */ if (target->type == GUM_TARGET_DIRECT_ADDRESS) { - if (!check (block->ctx, target->value.direct_address.address)){ + if (!check (block->ctx, target->value.direct_address.address)) + { gum_arm_relocator_skip_one (gc->arm_relocator); return; } @@ -5226,7 +5230,6 @@ gum_exec_block_write_thumb_handle_excluded (GumExecBlock * block, if (!check (block->ctx, target->value.direct_address.address)){ return; } - } if (target->type != GUM_TARGET_DIRECT_ADDRESS) diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 7368f07c5..eb6a3b8b0 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3268,10 +3268,6 @@ TESTCODE (arm_simple_call, TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) { - guint32 code[CODE_SIZE (arm_simple_call) / sizeof (guint32)]; - - memcpy (code, arm_simple_call, CODE_SIZE (arm_simple_call)); - fixture->transformer = gum_stalker_transformer_make_from_callback ( replace_call_with_callout, NULL, NULL); @@ -3291,7 +3287,9 @@ replace_call_with_callout (GumStalkerIterator * iterator, { gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); - } else { + } + else + { gum_stalker_iterator_keep (iterator); } insn_num++; @@ -3308,14 +3306,10 @@ TESTCODE (arm_simple_jumpout, TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) { - guint32 code[CODE_SIZE (arm_simple_jumpout) / sizeof (guint32)]; - - memcpy (code, arm_simple_jumpout, CODE_SIZE (arm_simple_jumpout)); - fixture->transformer = gum_stalker_transformer_make_from_callback ( replace_jumpout_with_callout, NULL, NULL); - INVOKE_ARM_EXPECTING (GUM_EXEC, code, 0xc001); + INVOKE_ARM_EXPECTING (GUM_EXEC, arm_simple_jumpout, 0xc001); } static void From 7514450e26dff3a8c98df056d646656b2c466837 Mon Sep 17 00:00:00 2001 From: sharad Date: Sun, 25 Feb 2024 05:24:55 -0500 Subject: [PATCH 28/40] add newline to check --- gum/backend-arm/gumstalker-arm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index 59a0943bb..1e0385118 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -5227,7 +5227,8 @@ gum_exec_block_write_thumb_handle_excluded (GumExecBlock * block, if (target->type == GUM_TARGET_DIRECT_ADDRESS) { - if (!check (block->ctx, target->value.direct_address.address)){ + if (!check (block->ctx, target->value.direct_address.address)) + { return; } } From 7391d7e2bebb57c2168596da6f86305871f14a16 Mon Sep 17 00:00:00 2001 From: sharad Date: Mon, 26 Feb 2024 13:36:17 -0500 Subject: [PATCH 29/40] stylecheck.py fixes --- gum/backend-arm/gumstalker-arm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index 1e0385118..9e40eda8d 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2662,7 +2662,8 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) } else { - gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, 0, gc); + gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, + 0, gc); } } @@ -4725,7 +4726,7 @@ gum_exec_block_virtualize_arm_ret_insn (GumExecBlock * block, gum_exec_block_write_arm_exec_generated_code (gc->arm_writer, block->ctx); - gum_arm_relocator_skip_one(gc->arm_relocator); + gum_arm_relocator_skip_one (gc->arm_relocator); } static void From 5c73e794b7d1737a29d09e6729b27fbf2b165a70 Mon Sep 17 00:00:00 2001 From: s1341 Date: Wed, 28 Feb 2024 08:47:20 +0200 Subject: [PATCH 30/40] style: get rid of trailing whitespaces --- gum/backend-arm/gumstalker-arm.c | 18 +++++++++--------- tests/core/arch-arm/stalker-arm.c | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index 9e40eda8d..d9798adbf 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2510,8 +2510,8 @@ gum_stalker_iterator_arm_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } - else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)) + } + else if !skip_implicitly_requested && gum_arm_relocator_eob (rl)) { return FALSE; } @@ -2571,7 +2571,7 @@ gum_stalker_iterator_thumb_next (GumStalkerIterator * self, { gc->continuation_real_address = instruction->end; return FALSE; - } + } else if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)) { return FALSE; @@ -2662,7 +2662,7 @@ gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) } else { - gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, + gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, 0, gc); } } @@ -2796,13 +2796,13 @@ gum_stalker_iterator_handle_thumb_branch_insn (GumStalkerIterator * self, case ARM_INS_MOV: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, FALSE, 0, gc); - gum_thumb_relocator_skip_one (gc->thumb_relocator); + gum_thumb_relocator_skip_one (gc->thumb_relocator); break; case ARM_INS_POP: case ARM_INS_LDM: gum_stalker_get_target_address (insn, TRUE, &target, &mask); gum_exec_block_virtualize_thumb_ret_insn (block, &target, TRUE, mask, gc); - gum_thumb_relocator_skip_one (gc->thumb_relocator); + gum_thumb_relocator_skip_one (gc->thumb_relocator); break; case ARM_INS_SMC: case ARM_INS_HVC: @@ -4502,7 +4502,7 @@ gum_exec_block_virtualize_arm_branch_insn (GumExecBlock * block, if (backpatch_prolog_state == GUM_PROLOG_CLOSED) gum_exec_block_arm_open_prolog (block, gc); - + gum_exec_block_write_arm_handle_excluded (block, target, FALSE, gc); gum_exec_block_write_arm_handle_kuser_helper (block, target, gc); gum_exec_block_write_arm_call_switch_block (block, target, gc); @@ -4596,7 +4596,7 @@ gum_exec_block_virtualize_thumb_branch_insn (GumExecBlock * block, /* * We MUST do this last to account for IT blocks. gum_thumb_relocator_skip_one will complete - * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the + * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the * middle of the relocated branch */ @@ -4665,7 +4665,7 @@ gum_exec_block_virtualize_thumb_call_insn (GumExecBlock * block, * of the relocated branch */ - gum_thumb_relocator_skip_one (gc->thumb_relocator); + gum_thumb_relocator_skip_one (gc->thumb_relocator); } static void diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index eb6a3b8b0..17943c6b1 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -3286,9 +3286,9 @@ replace_call_with_callout (GumStalkerIterator * iterator, if (insn_num == 4) { gum_stalker_iterator_put_callout (iterator, callout_set_cool, - NULL, NULL); - } - else + NULL, NULL); + } + else { gum_stalker_iterator_keep (iterator); } From cbcf3b19f6867898c633812184c138867c863c55 Mon Sep 17 00:00:00 2001 From: s1341 Date: Wed, 28 Feb 2024 08:55:15 +0200 Subject: [PATCH 31/40] stalker-arm: missing bracket --- gum/backend-arm/gumstalker-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index d9798adbf..64a0694b6 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2511,7 +2511,7 @@ gum_stalker_iterator_arm_next (GumStalkerIterator * self, gc->continuation_real_address = instruction->end; return FALSE; } - else if !skip_implicitly_requested && gum_arm_relocator_eob (rl)) + else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)) { return FALSE; } From 2843ec380887fdee6720077c9488e4b3d877f4f2 Mon Sep 17 00:00:00 2001 From: s1341 Date: Wed, 28 Feb 2024 08:58:30 +0200 Subject: [PATCH 32/40] style: remove trailing spaces --- gum/backend-arm/gumstalker-arm.c | 2 +- gum/backend-arm64/gumstalker-arm64.c | 2 +- tests/core/arch-x86/stalker-x86.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index 64a0694b6..c09da7854 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -4502,7 +4502,7 @@ gum_exec_block_virtualize_arm_branch_insn (GumExecBlock * block, if (backpatch_prolog_state == GUM_PROLOG_CLOSED) gum_exec_block_arm_open_prolog (block, gc); - + gum_exec_block_write_arm_handle_excluded (block, target, FALSE, gc); gum_exec_block_write_arm_handle_kuser_helper (block, target, gc); gum_exec_block_write_arm_call_switch_block (block, target, gc); diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index f9fd3841e..49d856d9b 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -5112,7 +5112,7 @@ gum_exec_block_write_ret_transfer_code (GumExecBlock * block, } static void -gum_exec_block_write_chaining_return_code (GumExecBlock * block, +gum_exec_block_write_chaining_return_code (GumExecBlock * block, GumGeneratorContext * gc, arm64_reg ret_reg) { diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index 2b00a4ee5..790dfea5a 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -194,9 +194,9 @@ static void insert_extra_increment_after_xor (GumStalkerIterator * iterator, static void store_xax (GumCpuContext * cpu_context, gpointer user_data); static void skip_call (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); -static void replace_call_with_callout (GumStalkerIterator * iterator, +static void replace_call_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); -static void replace_jmp_with_callout (GumStalkerIterator * iterator, +static void replace_jmp_with_callout (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, From d5b0d8eed695871e5d52a6101a1ccfab7170d311 Mon Sep 17 00:00:00 2001 From: s1341 Date: Thu, 29 Feb 2024 14:23:17 +0200 Subject: [PATCH 33/40] gumjs bindings for put_chaining_return --- bindings/gumjs/gumquickstalker.c | 34 ++++++++++++++++++++++++++++++++ bindings/gumjs/gumv8stalker.cpp | 27 +++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/bindings/gumjs/gumquickstalker.c b/bindings/gumjs/gumquickstalker.c index 995c1aeb4..4a13f8e6e 100644 --- a/bindings/gumjs/gumquickstalker.c +++ b/bindings/gumjs/gumquickstalker.c @@ -115,6 +115,7 @@ GUMJS_DECLARE_GETTER (gumjs_default_iterator_get_memory_access) GUMJS_DECLARE_FUNCTION (gumjs_default_iterator_next) GUMJS_DECLARE_FUNCTION (gumjs_default_iterator_keep) GUMJS_DECLARE_FUNCTION (gumjs_default_iterator_put_callout) +GUMJS_DECLARE_FUNCTION (gumjs_default_iterator_put_chaining_return) static JSValue gum_quick_special_iterator_new (GumQuickStalker * parent, GumQuickSpecialIterator ** iterator); @@ -125,6 +126,7 @@ GUMJS_DECLARE_GETTER (gumjs_special_iterator_get_memory_access) GUMJS_DECLARE_FUNCTION (gumjs_special_iterator_next) GUMJS_DECLARE_FUNCTION (gumjs_special_iterator_keep) GUMJS_DECLARE_FUNCTION (gumjs_special_iterator_put_callout) +GUMJS_DECLARE_FUNCTION (gumjs_special_iterator_put_chaining_return) static void gum_quick_callout_free (GumQuickCallout * callout); static void gum_quick_callout_on_invoke (GumCpuContext * cpu_context, @@ -200,6 +202,7 @@ static const JSCFunctionListEntry gumjs_default_iterator_entries[] = JS_CFUNC_DEF ("next", 0, gumjs_default_iterator_next), JS_CFUNC_DEF ("keep", 0, gumjs_default_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_default_iterator_put_callout), + JS_CFUNC_DEF ("putChainingReturn", 0, gumjs_default_iterator_put_chaining_return), }; static const JSClassDef gumjs_special_iterator_def = @@ -215,6 +218,7 @@ static const JSCFunctionListEntry gumjs_special_iterator_entries[] = JS_CFUNC_DEF ("next", 0, gumjs_special_iterator_next), JS_CFUNC_DEF ("keep", 0, gumjs_special_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_special_iterator_put_callout), + JS_CFUNC_DEF ("putChainingReturn", 0, gumjs_special_iterator_put_chaining_return), }; static const JSClassExoticMethods gumjs_probe_args_exotic_methods = @@ -1016,6 +1020,16 @@ gum_quick_stalker_iterator_put_callout (GumQuickIterator * self, return JS_UNDEFINED; } +static JSValue +gum_quick_stalker_iterator_put_chaining_return (GumQuickIterator * self, + JSContext * ctx, + GumQuickArgs * args) +{ + gum_stalker_iterator_put_callout (self->handle); + + return JS_UNDEFINED; +} + static JSValue gum_quick_default_iterator_new (GumQuickStalker * parent, GumQuickDefaultIterator ** iterator) @@ -1135,6 +1149,16 @@ GUMJS_DEFINE_FUNCTION (gumjs_default_iterator_put_callout) return gum_quick_stalker_iterator_put_callout (&self->iterator, ctx, args); } +GUMJS_DEFINE_FUNCTION (gumjs_default_iterator_put_chaining_return) +{ + GumQuickDefaultIterator * self; + + if (!gum_quick_default_iterator_get (ctx, this_val, core, &self)) + return JS_EXCEPTION; + + return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx, args); +} + static JSValue gum_quick_special_iterator_new (GumQuickStalker * parent, GumQuickSpecialIterator ** iterator) @@ -1254,6 +1278,16 @@ GUMJS_DEFINE_FUNCTION (gumjs_special_iterator_put_callout) return gum_quick_stalker_iterator_put_callout (&self->iterator, ctx, args); } +GUMJS_DEFINE_FUNCTION (gumjs_special_iterator_put_chaining_return) +{ + GumQuickSpecialIterator * self; + + if (!gum_quick_special_iterator_get (ctx, this_val, core, &self)) + return JS_EXCEPTION; + + return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx, args); +} + static void gum_quick_callout_free (GumQuickCallout * callout) { diff --git a/bindings/gumjs/gumv8stalker.cpp b/bindings/gumjs/gumv8stalker.cpp index 1f90f0eb0..414fb377b 100644 --- a/bindings/gumjs/gumv8stalker.cpp +++ b/bindings/gumjs/gumv8stalker.cpp @@ -133,6 +133,7 @@ GUMJS_DECLARE_GETTER (gumjs_stalker_default_iterator_get_memory_access) GUMJS_DECLARE_FUNCTION (gumjs_stalker_default_iterator_next) GUMJS_DECLARE_FUNCTION (gumjs_stalker_default_iterator_keep) GUMJS_DECLARE_FUNCTION (gumjs_stalker_default_iterator_put_callout) +GUMJS_DECLARE_FUNCTION (gumjs_stalker_default_iterator_put_chaining_return) static GumV8StalkerSpecialIterator * gum_v8_stalker_special_iterator_new_persistent (GumV8Stalker * parent); @@ -149,6 +150,7 @@ GUMJS_DECLARE_GETTER (gumjs_stalker_special_iterator_get_memory_access) GUMJS_DECLARE_FUNCTION (gumjs_stalker_special_iterator_next) GUMJS_DECLARE_FUNCTION (gumjs_stalker_special_iterator_keep) GUMJS_DECLARE_FUNCTION (gumjs_stalker_special_iterator_put_callout) +GUMJS_DECLARE_FUNCTION (gumjs_stalker_special_iterator_put_chaining_return) static void gum_v8_callout_free (GumV8Callout * callout); static void gum_v8_callout_on_invoke (GumCpuContext * cpu_context, @@ -227,6 +229,7 @@ static const GumV8Function gumjs_stalker_default_iterator_functions[] = { "next", gumjs_stalker_default_iterator_next }, { "keep", gumjs_stalker_default_iterator_keep }, { "putCallout", gumjs_stalker_default_iterator_put_callout }, + { "putChainingReturn", gumjs_stalker_default_iterator_put_chaining_return }, { NULL, NULL } }; @@ -243,6 +246,7 @@ static const GumV8Function gumjs_stalker_special_iterator_functions[] = { "next", gumjs_stalker_special_iterator_next }, { "keep", gumjs_stalker_special_iterator_keep }, { "putCallout", gumjs_stalker_special_iterator_put_callout }, + { "putChainingReturn", gumjs_stalker_special_iterator_put_chaining_return }, { NULL, NULL } }; @@ -1083,6 +1087,17 @@ gum_v8_stalker_iterator_put_callout (GumV8StalkerIterator * self, } } +static void +gum_v8_stalker_iterator_put_chaining_return (GumV8StalkerIterator * self, + const GumV8Args * args, + Isolate * isolate) +{ + if (!gum_v8_stalker_iterator_check_valid (self, isolate)) + return; + + gum_stalker_iterator_put_chaining_return (self->handle); +} + static GumV8StalkerDefaultIterator * gum_v8_stalker_default_iterator_new_persistent (GumV8Stalker * parent) { @@ -1170,6 +1185,12 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_default_iterator_put_callout, gum_v8_stalker_iterator_put_callout (&self->iterator, args, isolate); } +GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_default_iterator_put_chaining_return, + GumV8StalkerDefaultIterator) +{ + gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); +} + static GumV8StalkerSpecialIterator * gum_v8_stalker_special_iterator_new_persistent (GumV8Stalker * parent) { @@ -1257,6 +1278,12 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_special_iterator_put_callout, gum_v8_stalker_iterator_put_callout (&self->iterator, args, isolate); } +GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_special_iterator_put_chaining_return, + GumV8StalkerSpecialIterator) +{ + gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); +} + static void gum_v8_callout_free (GumV8Callout * callout) { From 61a7dcb1f406840df021ba6f772b49480c97ad9c Mon Sep 17 00:00:00 2001 From: s1341 Date: Thu, 29 Feb 2024 14:39:37 +0200 Subject: [PATCH 34/40] gumstalker.c: add documentation for gum_stalker_iterator_put_chaining_return --- gum/gumstalker.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gum/gumstalker.c b/gum/gumstalker.c index c7083d112..b4e57433c 100644 --- a/gum/gumstalker.c +++ b/gum/gumstalker.c @@ -469,6 +469,14 @@ gum_callback_stalker_transformer_transform_block ( * Returns: %TRUE if there is a next instruction, else %FALSE */ +/** + * gum_stalker_iterator_put_chaining_return: + * @self: a #GumStalkerIterator + * + * Puts a chaining return at the current location in the output + * instruction stream. + */ + static void gum_stalker_observer_default_init (GumStalkerObserverInterface * iface) { From 624f2c2c281099cd20a3c65489e2fea5072d60b4 Mon Sep 17 00:00:00 2001 From: s1341 Date: Thu, 29 Feb 2024 16:29:16 +0200 Subject: [PATCH 35/40] fmt --- bindings/gumjs/gumquickstalker.c | 12 ++++++++---- bindings/gumjs/gumv8stalker.cpp | 10 ++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/bindings/gumjs/gumquickstalker.c b/bindings/gumjs/gumquickstalker.c index 4a13f8e6e..be1902c24 100644 --- a/bindings/gumjs/gumquickstalker.c +++ b/bindings/gumjs/gumquickstalker.c @@ -202,7 +202,8 @@ static const JSCFunctionListEntry gumjs_default_iterator_entries[] = JS_CFUNC_DEF ("next", 0, gumjs_default_iterator_next), JS_CFUNC_DEF ("keep", 0, gumjs_default_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_default_iterator_put_callout), - JS_CFUNC_DEF ("putChainingReturn", 0, gumjs_default_iterator_put_chaining_return), + JS_CFUNC_DEF ("putChainingReturn", 0, + gumjs_default_iterator_put_chaining_return), }; static const JSClassDef gumjs_special_iterator_def = @@ -218,7 +219,8 @@ static const JSCFunctionListEntry gumjs_special_iterator_entries[] = JS_CFUNC_DEF ("next", 0, gumjs_special_iterator_next), JS_CFUNC_DEF ("keep", 0, gumjs_special_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_special_iterator_put_callout), - JS_CFUNC_DEF ("putChainingReturn", 0, gumjs_special_iterator_put_chaining_return), + JS_CFUNC_DEF ("putChainingReturn", 0, + gumjs_special_iterator_put_chaining_return), }; static const JSClassExoticMethods gumjs_probe_args_exotic_methods = @@ -1156,7 +1158,8 @@ GUMJS_DEFINE_FUNCTION (gumjs_default_iterator_put_chaining_return) if (!gum_quick_default_iterator_get (ctx, this_val, core, &self)) return JS_EXCEPTION; - return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx, args); + return gum_quick_stalker_iterator_put_chaining_return ( + &self->iterator, ctx, args); } static JSValue @@ -1285,7 +1288,8 @@ GUMJS_DEFINE_FUNCTION (gumjs_special_iterator_put_chaining_return) if (!gum_quick_special_iterator_get (ctx, this_val, core, &self)) return JS_EXCEPTION; - return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx, args); + return gum_quick_stalker_iterator_put_chaining_return ( + &self->iterator, ctx, args); } static void diff --git a/bindings/gumjs/gumv8stalker.cpp b/bindings/gumjs/gumv8stalker.cpp index 414fb377b..d86891d14 100644 --- a/bindings/gumjs/gumv8stalker.cpp +++ b/bindings/gumjs/gumv8stalker.cpp @@ -1185,8 +1185,9 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_default_iterator_put_callout, gum_v8_stalker_iterator_put_callout (&self->iterator, args, isolate); } -GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_default_iterator_put_chaining_return, - GumV8StalkerDefaultIterator) +GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD ( + gumjs_stalker_default_iterator_put_chaining_return, + GumV8StalkerDefaultIterator) { gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); } @@ -1278,8 +1279,9 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_special_iterator_put_callout, gum_v8_stalker_iterator_put_callout (&self->iterator, args, isolate); } -GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD (gumjs_stalker_special_iterator_put_chaining_return, - GumV8StalkerSpecialIterator) +GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD ( + gumjs_stalker_special_iterator_put_chaining_return, + GumV8StalkerSpecialIterator) { gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); } From bd11f26478b47cbba6f4ace996358b2ac0c19b3d Mon Sep 17 00:00:00 2001 From: s1341 Date: Thu, 29 Feb 2024 16:35:47 +0200 Subject: [PATCH 36/40] Try to fix gumlinux.h --- gum/backend-linux/gumandroid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gum/backend-linux/gumandroid.c b/gum/backend-linux/gumandroid.c index 0096de82d..53e249169 100644 --- a/gum/backend-linux/gumandroid.c +++ b/gum/backend-linux/gumandroid.c @@ -7,7 +7,7 @@ #include "gum/gumandroid.h" #include "gum-init.h" -#include "gum/gumlinux.h" +#include "gumlinux.h" #include #include From f0074909036e0ec62daf7ff6474eda9c76adc226 Mon Sep 17 00:00:00 2001 From: s1341 Date: Mon, 4 Mar 2024 16:20:09 +0200 Subject: [PATCH 37/40] Wrong function call --- bindings/gumjs/gumquickstalker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bindings/gumjs/gumquickstalker.c b/bindings/gumjs/gumquickstalker.c index be1902c24..7a3be77e2 100644 --- a/bindings/gumjs/gumquickstalker.c +++ b/bindings/gumjs/gumquickstalker.c @@ -1027,7 +1027,7 @@ gum_quick_stalker_iterator_put_chaining_return (GumQuickIterator * self, JSContext * ctx, GumQuickArgs * args) { - gum_stalker_iterator_put_callout (self->handle); + gum_stalker_iterator_put_chaining_return (self->handle); return JS_UNDEFINED; } From 54b32656930094c4f026bfc86b5ea834ee0a4f55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= Date: Fri, 10 May 2024 12:23:47 +0200 Subject: [PATCH 38/40] Add MIPS stub --- gum/backend-mips/gumstalker-mips.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gum/backend-mips/gumstalker-mips.c b/gum/backend-mips/gumstalker-mips.c index 7dc064c08..9d4521951 100644 --- a/gum/backend-mips/gumstalker-mips.c +++ b/gum/backend-mips/gumstalker-mips.c @@ -206,6 +206,11 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) { } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ +} + GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { From 404cc80a60f6ad9da09daee7a6357996878368c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= Date: Fri, 10 May 2024 12:44:08 +0200 Subject: [PATCH 39/40] Revert "Try to fix gumlinux.h" This reverts commit bd11f26478b47cbba6f4ace996358b2ac0c19b3d. --- gum/backend-linux/gumandroid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gum/backend-linux/gumandroid.c b/gum/backend-linux/gumandroid.c index 53e249169..0096de82d 100644 --- a/gum/backend-linux/gumandroid.c +++ b/gum/backend-linux/gumandroid.c @@ -7,7 +7,7 @@ #include "gum/gumandroid.h" #include "gum-init.h" -#include "gumlinux.h" +#include "gum/gumlinux.h" #include #include From 627ad98e850e7f58159d04b4d3496ee1f9b59dec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= Date: Fri, 10 May 2024 13:26:34 +0200 Subject: [PATCH 40/40] Fix style issues --- bindings/gumjs/gumquickstalker.c | 13 +- bindings/gumjs/gumv8stalker.cpp | 5 +- gum/backend-arm/gumstalker-arm.c | 82 ++++++------ gum/backend-arm64/gumstalker-arm64.c | 24 ++-- gum/backend-mips/gumstalker-mips.c | 10 +- gum/backend-x86/gumstalker-x86.c | 28 ++-- tests/core/arch-arm/stalker-arm.c | 176 +++++++++++++------------- tests/core/arch-arm64/stalker-arm64.c | 6 +- tests/core/arch-x86/stalker-x86.c | 22 ++-- 9 files changed, 175 insertions(+), 191 deletions(-) diff --git a/bindings/gumjs/gumquickstalker.c b/bindings/gumjs/gumquickstalker.c index 7a3be77e2..b08cfb504 100644 --- a/bindings/gumjs/gumquickstalker.c +++ b/bindings/gumjs/gumquickstalker.c @@ -203,7 +203,7 @@ static const JSCFunctionListEntry gumjs_default_iterator_entries[] = JS_CFUNC_DEF ("keep", 0, gumjs_default_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_default_iterator_put_callout), JS_CFUNC_DEF ("putChainingReturn", 0, - gumjs_default_iterator_put_chaining_return), + gumjs_default_iterator_put_chaining_return), }; static const JSClassDef gumjs_special_iterator_def = @@ -220,7 +220,7 @@ static const JSCFunctionListEntry gumjs_special_iterator_entries[] = JS_CFUNC_DEF ("keep", 0, gumjs_special_iterator_keep), JS_CFUNC_DEF ("putCallout", 0, gumjs_special_iterator_put_callout), JS_CFUNC_DEF ("putChainingReturn", 0, - gumjs_special_iterator_put_chaining_return), + gumjs_special_iterator_put_chaining_return), }; static const JSClassExoticMethods gumjs_probe_args_exotic_methods = @@ -1024,8 +1024,7 @@ gum_quick_stalker_iterator_put_callout (GumQuickIterator * self, static JSValue gum_quick_stalker_iterator_put_chaining_return (GumQuickIterator * self, - JSContext * ctx, - GumQuickArgs * args) + JSContext * ctx) { gum_stalker_iterator_put_chaining_return (self->handle); @@ -1158,8 +1157,7 @@ GUMJS_DEFINE_FUNCTION (gumjs_default_iterator_put_chaining_return) if (!gum_quick_default_iterator_get (ctx, this_val, core, &self)) return JS_EXCEPTION; - return gum_quick_stalker_iterator_put_chaining_return ( - &self->iterator, ctx, args); + return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx); } static JSValue @@ -1288,8 +1286,7 @@ GUMJS_DEFINE_FUNCTION (gumjs_special_iterator_put_chaining_return) if (!gum_quick_special_iterator_get (ctx, this_val, core, &self)) return JS_EXCEPTION; - return gum_quick_stalker_iterator_put_chaining_return ( - &self->iterator, ctx, args); + return gum_quick_stalker_iterator_put_chaining_return (&self->iterator, ctx); } static void diff --git a/bindings/gumjs/gumv8stalker.cpp b/bindings/gumjs/gumv8stalker.cpp index d86891d14..0d5cee1b6 100644 --- a/bindings/gumjs/gumv8stalker.cpp +++ b/bindings/gumjs/gumv8stalker.cpp @@ -1089,7 +1089,6 @@ gum_v8_stalker_iterator_put_callout (GumV8StalkerIterator * self, static void gum_v8_stalker_iterator_put_chaining_return (GumV8StalkerIterator * self, - const GumV8Args * args, Isolate * isolate) { if (!gum_v8_stalker_iterator_check_valid (self, isolate)) @@ -1189,7 +1188,7 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD ( gumjs_stalker_default_iterator_put_chaining_return, GumV8StalkerDefaultIterator) { - gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); + gum_v8_stalker_iterator_put_chaining_return (&self->iterator, isolate); } static GumV8StalkerSpecialIterator * @@ -1283,7 +1282,7 @@ GUMJS_DEFINE_DIRECT_SUBCLASS_METHOD ( gumjs_stalker_special_iterator_put_chaining_return, GumV8StalkerSpecialIterator) { - gum_v8_stalker_iterator_put_chaining_return (&self->iterator, args, isolate); + gum_v8_stalker_iterator_put_chaining_return (&self->iterator, isolate); } static void diff --git a/gum/backend-arm/gumstalker-arm.c b/gum/backend-arm/gumstalker-arm.c index c09da7854..175672d95 100644 --- a/gum/backend-arm/gumstalker-arm.c +++ b/gum/backend-arm/gumstalker-arm.c @@ -2511,16 +2511,14 @@ gum_stalker_iterator_arm_next (GumStalkerIterator * self, gc->continuation_real_address = instruction->end; return FALSE; } - else if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)) - { + + if (!skip_implicitly_requested && gum_arm_relocator_eob (rl)) return FALSE; - } } instruction = &self->instruction; n_read = gum_arm_relocator_read_one (rl, &instruction->ci); - if (n_read == 0) return FALSE; @@ -2572,10 +2570,9 @@ gum_stalker_iterator_thumb_next (GumStalkerIterator * self, gc->continuation_real_address = instruction->end; return FALSE; } - else if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)) - { + + if (!skip_implicitly_requested && gum_thumb_relocator_eob (rl)) return FALSE; - } } instruction = &self->instruction; @@ -2643,30 +2640,6 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) gum_stalker_iterator_arm_keep (self); } -void -gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) -{ - GumExecBlock * block = self->exec_block; - GumGeneratorContext * gc = self->generator_context; - GumBranchTarget target; - - target.type = GUM_TARGET_DIRECT_REG_OFFSET; - GumBranchDirectRegOffset * value = &target.value.direct_reg_offset; - value->reg = ARM_REG_LR; - value->offset = 0; - value->mode = GUM_ARM_MODE_CURRENT; - - if (gc->is_thumb) - { - gum_exec_block_virtualize_thumb_ret_insn (block, &target, false, 0, gc); - } - else - { - gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, false, - 0, gc); - } -} - GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { @@ -3440,6 +3413,31 @@ gum_stalker_invoke_callout (GumCalloutEntry * entry, ec->pending_calls--; } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + GumBranchTarget target; + GumBranchDirectRegOffset * value; + + target.type = GUM_TARGET_DIRECT_REG_OFFSET; + value = &target.value.direct_reg_offset; + value->reg = ARM_REG_LR; + value->offset = 0; + value->mode = GUM_ARM_MODE_CURRENT; + + if (gc->is_thumb) + { + gum_exec_block_virtualize_thumb_ret_insn (block, &target, FALSE, 0, gc); + } + else + { + gum_exec_block_virtualize_arm_ret_insn (block, &target, ARM_CC_AL, FALSE, 0, + gc); + } +} + csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self) { @@ -4595,11 +4593,11 @@ gum_exec_block_virtualize_thumb_branch_insn (GumExecBlock * block, gum_exec_block_write_thumb_exec_generated_code (cw, block->ctx); /* - * We MUST do this last to account for IT blocks. gum_thumb_relocator_skip_one will complete - * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the - * middle of the relocated branch - */ - + * We MUST do this last to account for IT blocks. + * gum_thumb_relocator_skip_one() will complete the IT branch, so if we do + * this early (like on ARM), then the end branch will be relocated into the + * middle of the relocated branch. + */ gum_thumb_relocator_skip_one (gc->thumb_relocator); } @@ -4660,11 +4658,11 @@ gum_exec_block_virtualize_thumb_call_insn (GumExecBlock * block, gum_exec_block_write_thumb_exec_generated_code (gc->thumb_writer, block->ctx); /* - * We MUST do this last to account for IT blocks. gum_thumb_relocator_skip_one will complete - * the IT branch, so if we do this early (like in arm), then the end branch will be relocated into the middle - * of the relocated branch - */ - + * We MUST do this last to account for IT blocks. + * gum_thumb_relocator_skip_one() will complete the IT branch, so if we do + * this early (like on ARM), then the end branch will be relocated into the + * middle of the relocated branch. + */ gum_thumb_relocator_skip_one (gc->thumb_relocator); } @@ -5229,9 +5227,7 @@ gum_exec_block_write_thumb_handle_excluded (GumExecBlock * block, if (target->type == GUM_TARGET_DIRECT_ADDRESS) { if (!check (block->ctx, target->value.direct_address.address)) - { return; - } } if (target->type != GUM_TARGET_DIRECT_ADDRESS) diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c index 49d856d9b..823ea4eea 100644 --- a/gum/backend-arm64/gumstalker-arm64.c +++ b/gum/backend-arm64/gumstalker-arm64.c @@ -3021,18 +3021,6 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) self->requirements = requirements; } -void -gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) -{ - GumExecBlock * block = self->exec_block; - GumGeneratorContext * gc = self->generator_context; - - if ((block->ctx->sink_mask & GUM_RET) != 0) - gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); - - gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_X30); -} - GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { @@ -3160,6 +3148,18 @@ gum_stalker_invoke_callout (GumCalloutEntry * entry, ec->pending_calls--; } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + + if ((block->ctx->sink_mask & GUM_RET) != 0) + gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + + gum_exec_block_write_chaining_return_code (block, gc, ARM64_REG_X30); +} + csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self) { diff --git a/gum/backend-mips/gumstalker-mips.c b/gum/backend-mips/gumstalker-mips.c index 9d4521951..8e3517cdf 100644 --- a/gum/backend-mips/gumstalker-mips.c +++ b/gum/backend-mips/gumstalker-mips.c @@ -206,11 +206,6 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) { } -void -gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) -{ -} - GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { @@ -225,6 +220,11 @@ gum_stalker_iterator_put_callout (GumStalkerIterator * self, { } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ +} + csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self) { diff --git a/gum/backend-x86/gumstalker-x86.c b/gum/backend-x86/gumstalker-x86.c index 9f1bc4c0c..f8595d836 100644 --- a/gum/backend-x86/gumstalker-x86.c +++ b/gum/backend-x86/gumstalker-x86.c @@ -3245,20 +3245,6 @@ gum_stalker_iterator_keep (GumStalkerIterator * self) self->requirements = requirements; } -void -gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) -{ - GumExecBlock * block = self->exec_block; - GumGeneratorContext * gc = self->generator_context; - - if ((block->ctx->sink_mask & GUM_RET) != 0) - gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); - - gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); - - gum_exec_block_write_chaining_return_code (block, gc, 0); -} - GumMemoryAccess gum_stalker_iterator_get_memory_access (GumStalkerIterator * self) { @@ -3383,6 +3369,20 @@ gum_stalker_invoke_callout (GumCalloutEntry * entry, ec->pending_calls--; } +void +gum_stalker_iterator_put_chaining_return (GumStalkerIterator * self) +{ + GumExecBlock * block = self->exec_block; + GumGeneratorContext * gc = self->generator_context; + + if ((block->ctx->sink_mask & GUM_RET) != 0) + gum_exec_block_write_ret_event_code (block, gc, GUM_CODE_INTERRUPTIBLE); + + gum_exec_block_write_adjust_depth (block, gc->code_writer, -1); + + gum_exec_block_write_chaining_return_code (block, gc, 0); +} + csh gum_stalker_iterator_get_capstone (GumStalkerIterator * self) { diff --git a/tests/core/arch-arm/stalker-arm.c b/tests/core/arch-arm/stalker-arm.c index 17943c6b1..f100bfb2d 100644 --- a/tests/core/arch-arm/stalker-arm.c +++ b/tests/core/arch-arm/stalker-arm.c @@ -98,10 +98,10 @@ TESTLIST_BEGIN (stalker) TESTENTRY (performance) TESTENTRY (custom_transformer) - TESTENTRY (arm_transformer_should_be_able_to_replace_call_with_callout) - TESTENTRY (arm_transformer_should_be_able_to_replace_jumpout_with_callout) TESTENTRY (arm_callout) TESTENTRY (thumb_callout) + TESTENTRY (arm_transformer_should_be_able_to_replace_call_with_callout) + TESTENTRY (arm_transformer_should_be_able_to_replace_jumpout_with_callout) TESTENTRY (unfollow_should_be_allowed_before_first_transform) TESTENTRY (unfollow_should_be_allowed_mid_first_transform) TESTENTRY (unfollow_should_be_allowed_after_first_transform) @@ -165,11 +165,6 @@ static GLogWriterOutput test_log_writer_func (GLogLevelFlags log_level, const GLogField * fields, gsize n_fields, gpointer user_data); static void duplicate_adds (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); -static void replace_call_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, gpointer user_data); -static void replace_jumpout_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, gpointer user_data); -static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void transform_arm_return_value (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void on_arm_ret (GumCpuContext * cpu_context, gpointer user_data); @@ -179,6 +174,11 @@ static void transform_thumb_return_value (GumStalkerIterator * iterator, static void on_thumb_ret (GumCpuContext * cpu_context, gpointer user_data); static gboolean is_thumb_pop_pc (const guint8 * bytes, gsize size); +static void replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void replace_jumpout_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, gpointer user_data); +static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data); static void unfollow_during_transform (GumStalkerIterator * iterator, GumStalkerOutput * output, gpointer user_data); static void test_invalidation_for_current_thread_with_target (GumAddress target, @@ -2780,6 +2780,85 @@ is_thumb_pop_pc (const guint8 * bytes, return memcmp (bytes, pop_pc, size) == 0; } +TESTCODE (arm_simple_call, + 0x04, 0xe0, 0x2d, 0xe5, /* push {lr} */ + 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ + 0x00, 0x00, 0x00, 0xeb, /* bl bump_number */ + 0x04, 0xf0, 0x9d, 0xe4, /* pop {pc} */ + /* bump_number: */ + 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ + 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ +); + +TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) +{ + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_call_with_callout, NULL, NULL); + + INVOKE_ARM_EXPECTING (GUM_NOTHING, arm_simple_call, 0xc001); +} + +static void +replace_call_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const cs_insn * insn; + static int insn_num = 0; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn_num == 4) + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + else + gum_stalker_iterator_keep (iterator); + insn_num++; + } +} + +TESTCODE (arm_simple_jumpout, + 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ + 0xff, 0xff, 0xff, 0xea, /* b bump_number */ + /* bump_number: */ + 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ + 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ +); + +TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) +{ + fixture->transformer = gum_stalker_transformer_make_from_callback ( + replace_jumpout_with_callout, NULL, NULL); + + INVOKE_ARM_EXPECTING (GUM_EXEC, arm_simple_jumpout, 0xc001); +} + +static void +replace_jumpout_with_callout (GumStalkerIterator * iterator, + GumStalkerOutput * output, + gpointer user_data) +{ + const cs_insn * insn; + + while (gum_stalker_iterator_next (iterator, &insn)) + { + if (insn->id == ARM_INS_B) + { + gum_stalker_iterator_put_callout (iterator, callout_set_cool, NULL, NULL); + gum_stalker_iterator_put_chaining_return (iterator); + continue; + } + + gum_stalker_iterator_keep (iterator); + } +} + +static void +callout_set_cool (GumCpuContext * cpu_context, + gpointer user_data) +{ + cpu_context->r[0] = 0xc001; +} + TESTCASE (unfollow_should_be_allowed_before_first_transform) { UnfollowTransformContext ctx; @@ -3256,89 +3335,6 @@ add_n_return_value_increments (GumStalkerIterator * iterator, } } -TESTCODE (arm_simple_call, - 0x04, 0xe0, 0x2d, 0xe5, /* push {lr} */ - 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ - 0x00, 0x00, 0x00, 0xeb, /* bl bump_number */ - 0x04, 0xf0, 0x9d, 0xe4, /* pop {pc} */ - /* bump_number: */ - 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ - 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ -); - -TESTCASE (arm_transformer_should_be_able_to_replace_call_with_callout) -{ - fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_call_with_callout, NULL, NULL); - - INVOKE_ARM_EXPECTING (GUM_NOTHING, arm_simple_call, 0xc001); -} - -static void -replace_call_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, - gpointer user_data) -{ - const cs_insn * insn; - static int insn_num = 0; - while (gum_stalker_iterator_next (iterator, &insn)) - { - if (insn_num == 4) - { - gum_stalker_iterator_put_callout (iterator, callout_set_cool, - NULL, NULL); - } - else - { - gum_stalker_iterator_keep (iterator); - } - insn_num++; - } -} - -TESTCODE (arm_simple_jumpout, - 0x0d, 0x00, 0x00, 0xe3, /* mov r0, 13 */ - 0xff, 0xff, 0xff, 0xea, /* b bump_number */ - /* bump_number: */ - 0x25, 0x00, 0x80, 0xe2, /* add r0, 37 */ - 0x1e, 0xff, 0x2f, 0xe1, /* bx lr */ -); - -TESTCASE (arm_transformer_should_be_able_to_replace_jumpout_with_callout) -{ - fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_jumpout_with_callout, NULL, NULL); - - INVOKE_ARM_EXPECTING (GUM_EXEC, arm_simple_jumpout, 0xc001); -} - -static void -replace_jumpout_with_callout (GumStalkerIterator * iterator, - GumStalkerOutput * output, - gpointer user_data) -{ - const cs_insn * insn; - - while (gum_stalker_iterator_next (iterator, &insn)) - { - if (insn->id == ARM_INS_B) - { - gum_stalker_iterator_put_callout (iterator, callout_set_cool, - NULL, NULL); - gum_stalker_iterator_put_chaining_return (iterator); - continue; - } - gum_stalker_iterator_keep (iterator); - } -} - -static void -callout_set_cool (GumCpuContext * cpu_context, - gpointer user_data) -{ - cpu_context->r[0] = 0xc001; -} - TESTCODE (arm_ldrex_strex, 0x44, 0x00, 0x9f, 0xe5, /* ldr r0, [pointer_to_value] */ /* retry: */ diff --git a/tests/core/arch-arm64/stalker-arm64.c b/tests/core/arch-arm64/stalker-arm64.c index ba3526a5d..abfa20e41 100644 --- a/tests/core/arch-arm64/stalker-arm64.c +++ b/tests/core/arch-arm64/stalker-arm64.c @@ -571,7 +571,7 @@ TESTCASE (transformer_should_be_able_to_replace_call_with_callout) code_template, sizeof (code_template)); fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_call_with_callout, func, NULL); + replace_call_with_callout, func, NULL); ret = test_arm64_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); @@ -602,7 +602,7 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) guint32 code_template[] = { 0xd280a280, /* mov x0, #1300 */ - 0x14000001, /* b bump_number */ + 0x14000001, /* b bump_number */ /* bump_number: */ 0x91009400, /* add x0, x0, #37 */ 0xd65f03c0, /* ret */ @@ -614,7 +614,7 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) code_template, sizeof (code_template)); fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_jmp_with_callout, func, NULL); + replace_jmp_with_callout, func, NULL); ret = test_arm64_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); diff --git a/tests/core/arch-x86/stalker-x86.c b/tests/core/arch-x86/stalker-x86.c index 790dfea5a..82849e6b2 100644 --- a/tests/core/arch-x86/stalker-x86.c +++ b/tests/core/arch-x86/stalker-x86.c @@ -1030,7 +1030,7 @@ TESTCASE (transformer_should_be_able_to_replace_call_with_callout) code_template, sizeof (code_template)); fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_call_with_callout, func, NULL); + replace_call_with_callout, func, NULL); ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); @@ -1060,12 +1060,12 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) { guint8 code_template[] = { - 0xb8, 0x14, 0x05, 0x00, 0x00, /* mov eax, 1300 */ - 0xeb, 0x01, /* jmp bump_number */ - 0x90, /* nop */ - /* bump_number: */ - 0x83, 0xc0, 0x25, /* add eax, 37 */ - 0xc3, /* ret */ + 0xb8, 0x14, 0x05, 0x00, 0x00, /* mov eax, 1300 */ + 0xeb, 0x01, /* jmp bump_number */ + 0x90, /* nop */ + /* bump_number: */ + 0x83, 0xc0, 0x25, /* add eax, 37 */ + 0xc3, /* ret */ }; StalkerTestFunc func; gint ret; @@ -1074,7 +1074,7 @@ TESTCASE (transformer_should_be_able_to_replace_tailjump_with_callout) code_template, sizeof (code_template)); fixture->transformer = gum_stalker_transformer_make_from_callback ( - replace_jmp_with_callout, func, NULL); + replace_jmp_with_callout, func, NULL); ret = test_stalker_fixture_follow_and_invoke (fixture, func, 0); g_assert_cmpuint (ret, ==, 0xc001); @@ -1105,11 +1105,7 @@ static void callout_set_cool (GumCpuContext * cpu_context, gpointer user_data) { -#if GLIB_SIZEOF_VOID_P == 8 - cpu_context->rax = 0xc001; -#else - cpu_context->eax = 0xc001; -#endif + GUM_CPU_CONTEXT_XAX (cpu_context) = 0xc001; } TESTCASE (unfollow_should_be_allowed_before_first_transform)