TODO: ARM64 support
nomi-san opened this issue · 0 comments
nomi-san commented
Let a method template like this:
void foo() {
volatile size_t self = 0xFFFFFFFFFFFFDEAD;
printf("self: %p\n", (void *)self);
}
// mov x0, #0xDEAD
// movk x0, #0xFFFF, lsl #16
// movk x0, #0xFFFF, lsl #32
// movk x0, #0xFFFF, lsl #48
// str x0, [sp, #24] Finding offset:
for (offset = 0; offset < LIMIT; offset++)
if ((ip[offset] >> 24) == 0xD2) // MOV
if (ip[offset + 1] >> 24) == 0xF2) // MOVK
if (((ip[offset] >> 5) & 0xFFFF) == 0xDEAD)
// foundPatching self data:
mov ?, [data & 0xFF]
movk ?, [data >> 16], lsl #16
movk ?, [data >> 32], lsl #32
movk ?, [data >> 48], lsl #48
; str ?, [sp, ?] Trampoline:
; addr = proto + offset + 2 * sizeof(uint32_t) // 32bit fixed length instruction
mov x9, [addr & 0xFF]
movk x9, [addr >> 16], lsl #16
movk x9, [addr >> 32], lsl #32
movk x9, [addr >> 48], lsl #48
br x9Result:
foo2 = bind(foo, 0xdeadbeef);
foo2();
// self: deadbeef