Giter Club home page Giter Club logo

Comments (2)

gthaker avatar gthaker commented on August 21, 2024

As some added information, I found on the Internet some mention that compiling with GCC with "-mmanual-endbr" may help. So on my GCC 9.3 test I did this, and now the function foo becomes:

   0x5555555552bb <foo>:	push   %rbp
   0x5555555552bc <foo+1>:	mov    %rsp,%rbp
   0x5555555552bf <foo+4>:	push   %rbx
   0x5555555552c0 <foo+5>:	sub    $0x18,%rsp
   0x5555555552c4 <foo+9>:	lea    0xe15(%rip),%rdi        # 0x5555555560e0
   0x5555555552cb <foo+16>:	callq  0x5555555550d0 <puts@plt>
   0x5555555552d0 <foo+21>:	callq  0x555555555110 <random@plt>
   0x5555555552d5 <foo+26>:	mov    %eax,-0x1c(%rbp)
   0x5555555552d8 <foo+29>:	callq  0x555555555110 <random@plt>
   0x5555555552dd <foo+34>:	mov    -0x1c(%rbp),%edx
   0x5555555552e0 <foo+37>:	movslq %edx,%rdx
   0x5555555552e3 <foo+40>:	lea    (%rax,%rdx,1),%rbx
   0x5555555552e7 <foo+44>:	callq  0x555555555110 <random@plt>
   0x5555555552ec <foo+49>:	movzbl %al,%ecx
   0x5555555552ef <foo+52>:	mov    %rbx,%rax
   0x5555555552f2 <foo+55>:	cqto   
   0x5555555552f4 <foo+57>:	idiv   %rcx
   0x5555555552f7 <foo+60>:	mov    %rdx,%rax
   0x5555555552fa <foo+63>:	mov    %eax,-0x18(%rbp)
   0x5555555552fd <foo+66>:	mov    -0x1c(%rbp),%edx
   0x555555555300 <foo+69>:	mov    -0x18(%rbp),%eax
...

so the endbr64 instruction is gone. But now I run into "offset too large issue", in gdb I have:

subhook_make_trampoline (trampoline=0x40000000, src=0x5555555552bb , jmp_size=14, trampoline_len=0x5555555596f0, flags=SUBHOOK_64BIT_OFFSET)
at repos/subhook/subhook_x86.c:430

and diff between 0x40000000 and 0x5555555552bb is too large and I fail at:

    #ifdef SUBHOOK_X86_64
      if (CHECK_INT32_OVERFLOW(offset)) {
        /*
         * Oops! It looks like the two locations are too far away from each
         * other! This is not going to work...
         */
        *trampoline_len = 0;
        return -EOVERFLOW;
      }
     # endif

Is there no workaround this problem? Why can't the trampoline code overcome this limit by doing some jump via RIP register or something? (Sorry, I have limited knowledge of Intel 64 bit instruction extensions, (AMD's extensions I believe.))

from subhook.

santazhang avatar santazhang commented on August 21, 2024

Pull request #58 can help address this issue on Linux.

from subhook.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.