-
Notifications
You must be signed in to change notification settings - Fork 0
/
both.S
220 lines (190 loc) · 4.26 KB
/
both.S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
#include "asm.h"
.text
.globl __splinter_both_start1
__splinter_both_start1:
pushf
push %R_AX
mov $0xDEAFFACE, %R_AX
lock incl (%R_AX)
xor %R_AX, %R_AX
push %R_AX
push %R_AX
mov 4 * WORD (%R_SP), %R_AX
xchg %R_AX, 2 * WORD (%R_SP)
push %R_AX
#ifdef __i386__
sub $CONTEXT_BUFF + (CONTEXT_ARGS + CONTEXT_VARS + 7) * WORD, %R_SP
#endif
#ifdef __amd64__
sub $CONTEXT_BUFF + (CONTEXT_ARGS + CONTEXT_VARS - 1) * WORD, %R_SP
push %R_15
push %R_14
push %R_13
push %R_12
push %R_11
push %R_10
push %R_9
push %R_8
#endif
mov CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + 11) * WORD (%R_SP), %R_AX
push %R_AX
xor %R_AX, %R_AX
mov %R_AX, CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + 12) * WORD (%R_SP)
mov $0xDEADBEEF, %R_AX
push %R_AX
mov %R_SP, %R_AX
add $CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + 14) * WORD, %R_AX
push %R_AX
push %R_BP
push %R_DI
push %R_SI
push %R_DX
push %R_CX
push %R_BX
mov CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + CONTEXT_REGS - 2) * WORD (%R_SP), %R_AX
push %R_AX
mov %R_SP, %R_SI
add $CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + CONTEXT_REGS + 5) * WORD, %R_SI
mov %R_SP, %R_DI
add $CONTEXT_REGS * WORD, %R_DI
mov $CONTEXT_ARGS, %R_CX
cld
rep MOVCMD
mov %R_SP, %ARGREG3
mov $0xBEADFACE, %ARGREG2
mov $0xCAFEBABE, %ARGREG1
# This produces opcodes e8 ce fa ed fe (call 0xFEEDFACE)
.byte 0xe8, 0xce, 0xfa, 0xed, 0xfe
pop %R_AX
pop %R_BX
pop %R_CX
pop %R_DX
pop %R_SI
pop %R_DI
add $WORD * 3, %R_SP
popf
#ifdef __amd64__
pop %R_8
pop %R_9
pop %R_10
pop %R_11
pop %R_12
pop %R_13
pop %R_14
pop %R_15
#endif
#ifdef __i386__
mov %R_AX, WORD * 7 (%R_SP)
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
#endif
push %R_AX
mov $0xDEADBABE, %R_AX
xchg %R_AX, (%R_SP)
pushf
cmp $0, CONTEXT_BUFF + WORD * (CONTEXT_ARGS + CONTEXT_VARS + 4) (%R_SP)
jne normal_flow
popf
ret
normal_flow:
popf
.globl __splinter_both_finish1
__splinter_both_finish1:
.globl __splinter_both_start2
__splinter_both_start2:
#ifdef __i386__
push %R_AX
push %R_AX
push %R_AX
push %R_AX
push %R_AX
push %R_AX
push %R_AX
push %R_AX
#endif
#ifdef __amd64__
push %R_15
push %R_14
push %R_13
push %R_12
push %R_11
push %R_10
push %R_9
push %R_8
#endif
pushf
push %R_AX
mov %R_SP, %R_AX
add $CONTEXT_BUFF + (14 + CONTEXT_ARGS + CONTEXT_VARS) * WORD, %R_AX
push %R_AX
push %R_BP
push %R_DI
push %R_SI
push %R_DX
push %R_CX
push %R_BX
mov $0xDEADBEEF, %R_AX
xchg %R_AX, 7 * WORD (%R_SP)
push %R_AX
mov %R_SP, %ARGREG3
mov $0xBEADFACE, %ARGREG2
mov $0xCAFEBABE, %ARGREG1
# The following will produce opcodes e8 ce fa ed fe (call 0xFEEDFACE)
.byte 0xe8, 0xce, 0xfa, 0xed, 0xfe
mov %R_SP, %ARGREG2
mov $0xBEADFACE, %ARGREG1
# The following will produce opcodes e8 ad de ad de (call 0xDEADDEAD)
.byte 0xe8, 0xad, 0xde, 0xad, 0xde
mov %R_SP, %R_DI
add $CONTEXT_BUFF + (CONTEXT_VARS + CONTEXT_ARGS + CONTEXT_REGS + 5) * WORD, %R_DI
mov %R_SP, %R_SI
add $CONTEXT_REGS * WORD, %R_SI
mov $CONTEXT_ARGS, %R_CX
cld
rep MOVCMD
pop %R_AX
pop %R_BX
pop %R_CX
pop %R_DX
pop %R_SI
pop %R_DI
add $WORD * 3, %R_SP
xchg %R_AX, (%R_SP)
mov %R_AX, CONTEXT_BUFF + WORD * (CONTEXT_ARGS + CONTEXT_VARS + 12) (%R_SP)
pop %R_AX
#ifdef __amd64__
pop %R_8
pop %R_9
pop %R_10
pop %R_11
pop %R_12
pop %R_13
pop %R_14
pop %R_15
#endif
#ifdef __i386__
mov %R_AX, WORD * 7 (%R_SP)
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
pop %R_AX
#endif
add $CONTEXT_BUFF + WORD * (CONTEXT_ARGS + CONTEXT_VARS + 3), %R_SP
push %R_AX
mov $0xDEAFFACE, %R_AX
lock decl (%R_AX)
pop %R_AX
popf
ret
.globl __splinter_both_finish2
__splinter_both_finish2: