diff options
Diffstat (limited to '')
| -rw-r--r-- | linux/os.h | 32 | ||||
| -rw-r--r-- | linux/x86-64.h | 86 | 
2 files changed, 118 insertions, 0 deletions
| diff --git a/linux/os.h b/linux/os.h new file mode 100644 index 0000000..db22f10 --- /dev/null +++ b/linux/os.h @@ -0,0 +1,32 @@ +/* See LICENSE file for copyright and license details. */ +#include <linux/elf.h> +#include <sys/ptrace.h> +#include <linux/ptrace.h> /* after <sys/ptrace.h> */ +#include <sys/syscall.h> +#include <sys/user.h> + +#ifndef ERESTARTSYS +# define ERESTARTSYS 512 +# define ALSO_ERESTARTSYS +#endif +#ifndef ERESTARTNOINTR +# define ERESTARTNOINTR 513 +# define ALSO_ERESTARTNOINTR +#endif +#ifndef ERESTARTNOHAND +# define ERESTARTNOHAND 514 +# define ALSO_ERESTARTNOHAND +#endif +#ifndef ERESTART_RESTARTBLOCK +# define ERESTART_RESTARTBLOCK 516 +# define ALSO_ERESTART_RESTARTBLOCK +#endif + +#define RETURN_IS_ERROR(RET)\ +	((RET) > -(unsigned long long int)PAGE_SIZE) /* Don't know the actual limit, but this seems safe */ + +#if defined(__x86_64__) && !defined(__IPL32__) +# include "x86-64.h" +#else +# error "This program is only implemented for x86-64 on Linux" +#endif diff --git a/linux/x86-64.h b/linux/x86-64.h new file mode 100644 index 0000000..16ff32f --- /dev/null +++ b/linux/x86-64.h @@ -0,0 +1,86 @@ +/* See LICENSE file for copyright and license details. */ +struct i386_user_regs_struct +{ +	uint32_t ebx; +	uint32_t ecx; +	uint32_t edx; +	uint32_t esi; +	uint32_t edi; +	uint32_t ebp; +	uint32_t eax; +	uint32_t xds; +	uint32_t xes; +	uint32_t xfs; +	uint32_t xgs; +	uint32_t orig_eax; +	uint32_t eip; +	uint32_t xcs; +	uint32_t eflags; +	uint32_t esp; +	uint32_t xss; +}; + +#define SYSCALL_NUM_REG orig_rax +#define SYSCALL_RET_REG rax + +enum { +      x86_64 = 0, +      x32, +      i386 +}; + +#define CHECK_ARCHITECTURE(proc, regsp)\ +	do {\ +		struct iovec iov = {\ +			.iov_base = (regsp),\ +			.iov_len = sizeof(*(regsp)),\ +		};\ +		if (ptrace(PTRACE_GETREGSET, (proc)->pid, NT_PRSTATUS, &iov)) {\ +			eprintf("ptrace PTRACE_GETREGSET %ju NT_PRSTATUS {.iov_base=<buffer>, .iov_len=%zu}:",\ +			        (uintmax_t)(proc)->pid, sizeof(*(regsp)));\ +		} else if (iov.iov_len != sizeof(*(regsp))) {\ +			if ((proc)->mode != i386) {\ +				(proc)->mode = i386;\ +				(proc)->long_is_int = 1;\ +				(proc)->ptr_is_int = 1;\ +				(proc)->scall_xor = 0;\ +				tprintf(proc, "Process is running in i386 mode, this is not yet supported\n"); /* TODO */\ +				exit(1);\ +			}\ +		} else if ((proc)->scall & __X32_SYSCALL_BIT) {\ +			if ((proc)->mode != x32) {\ +				(proc)->mode = x32;\ +				(proc)->long_is_int = 0;\ +				(proc)->ptr_is_int = 1;\ +				(proc)->scall_xor = __X32_SYSCALL_BIT;\ +				tprintf(proc, "Process is running in x32 mode (support is untested)\n");\ +			}\ +		} else {\ +			if ((proc)->mode != x86_64) {\ +				(proc)->mode = x86_64;\ +				(proc)->long_is_int = 0;\ +				(proc)->ptr_is_int = 0;\ +				(proc)->scall_xor = 0;\ +				tprintf(proc, "Process is running in x86-64 mode\n");\ +			}\ +		}\ +	} while (0) + +#define GET_SYSCALL_ARGUMENTS(proc, regsp)\ +	do {\ +		if ((proc)->mode != i386) {\ +			(proc)->args[0] = (regsp)->rdi;\ +			(proc)->args[1] = (regsp)->rsi;\ +			(proc)->args[2] = (regsp)->rdx;\ +			(proc)->args[3] = (regsp)->r10;\ +			(proc)->args[4] = (regsp)->r8;\ +			(proc)->args[5] = (regsp)->r9;\ +		} else {\ +			(proc)->args[0] = ((const struct i386_user_regs_struct *)(regsp))->ebx;\ +			(proc)->args[1] = ((const struct i386_user_regs_struct *)(regsp))->ecx;\ +			(proc)->args[2] = ((const struct i386_user_regs_struct *)(regsp))->edx;\ +			(proc)->args[3] = ((const struct i386_user_regs_struct *)(regsp))->esi;\ +			(proc)->args[4] = ((const struct i386_user_regs_struct *)(regsp))->edi;\ +			(proc)->args[5] = ((const struct i386_user_regs_struct *)(regsp))->ebp;\ +		}\ +	} while (0) | 
