Skip to content

TODO: ARM64 support #4

Open
Open
TODO: ARM64 support#4
Labels
enhancementNew feature or request
@nomi-san

Description

@nomi-san
nomi-san
opened on Jul 13, 2022

Let a method template like this:

void foo() {
    volatile size_t self = 0xFFFFFFFFFFFFDEAD;
    printf("self: %p\n", (void *)self);
}

// mov	x0, #0xDEAD
// movk	x0, #0xFFFF, lsl #16
// movk	x0, #0xFFFF, lsl #32
// movk	x0, #0xFFFF, lsl #48
// str  x0, [sp, #24]

Finding offset:

for (offset = 0; offset < LIMIT; offset++)
  if ((ip[offset] >> 24) == 0xD2)       // MOV
    if (ip[offset + 1] >> 24) == 0xF2)  // MOVK
      if (((ip[offset] >> 5) & 0xFFFF) == 0xDEAD)
        // found

Patching self data:

mov   ?, [data & 0xFF]
movk  ?, [data >> 16], lsl #16
movk  ?, [data >> 32], lsl #32
movk  ?, [data >> 48], lsl #48
; str   ?, [sp, ?]

Trampoline:

; addr = proto + offset + 2 * sizeof(uint32_t)   // 32bit fixed length instruction
mov   x9, [addr & 0xFF]
movk  x9, [addr >> 16], lsl #16
movk  x9, [addr >> 32], lsl #32
movk  x9, [addr >> 48], lsl #48
br    x9

Result:

foo2 = bind(foo, 0xdeadbeef);
foo2();
// self: deadbeef

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions