diff options
| author | ptitSeb <sebastien.chev@gmail.com> | 2021-06-07 18:07:02 +0200 |
|---|---|---|
| committer | ptitSeb <sebastien.chev@gmail.com> | 2021-06-07 18:07:02 +0200 |
| commit | 31a01aceab37edf01759223f69a38bd3961633b6 (patch) | |
| tree | 2db3967e06c0df860c14cbc53ddc717c1255838b /src | |
| parent | 3b39d1270db80523e415a362512f82d993a1da07 (diff) | |
| download | box64-31a01aceab37edf01759223f69a38bd3961633b6.tar.gz box64-31a01aceab37edf01759223f69a38bd3961633b6.zip | |
Small adjustment to tls record
Diffstat (limited to 'src')
| -rwxr-xr-x | src/box64context.c | 2 | ||||
| -rwxr-xr-x | src/emu/x64tls.c | 25 |
2 files changed, 23 insertions, 4 deletions
diff --git a/src/box64context.c b/src/box64context.c index 4b4ae956..0202dba1 100755 --- a/src/box64context.c +++ b/src/box64context.c @@ -176,7 +176,7 @@ box64context_t *NewBox64Context(int argc) for (int i=0; i<8; ++i) context->canary[i] = 1 + getrand(255); context->canary[getrand(4)] = 0; - printf_log(LOG_DEBUG, "Setting up canary (for Stack protector) at FS:0x14, value:%08X\n", *(uint32_t*)context->canary); + printf_log(LOG_DEBUG, "Setting up canary (for Stack protector) at FS:0x28, value:%08X\n", *(uint32_t*)context->canary); initAllHelpers(context); diff --git a/src/emu/x64tls.c b/src/emu/x64tls.c index 783a1b2f..de573a45 100755 --- a/src/emu/x64tls.c +++ b/src/emu/x64tls.c @@ -128,7 +128,25 @@ uint32_t my_modify_ldt(x64emu_t* emu, int op, thread_area_t* td, int size) return 0; } -#define POS_TLS 0x50 +#define POS_TLS 0x200 +/* + tls record should looks like: + void* tcb 0x00 + void* dtv 0x08 + void* self 0x10 + int multiple 0x18 + int gscope 0x1c + void* sysinfo 0x20 + uintptr_t stack_guard 0x28 + uitnptr_t pointer_guard 0x30 + uint64_t vgetcpu[2] 0x38 + uint32_t features 0x48 + int unused 0x4c + void* private[4] 0x50 + void* private_ss 0x70 + uintptr_t ssp_base 0x78 + .... padding .... 0x200? +*/ static tlsdatasize_t* setupTLSData(box64context_t* context) { @@ -142,9 +160,10 @@ static tlsdatasize_t* setupTLSData(box64context_t* context) pthread_setspecific(context->tlskey, data); // copy canary... memset((void*)((uintptr_t)ptr+context->tlssize), 0, POS_TLS+dtsize); // set to 0 remining bytes - memcpy((void*)((uintptr_t)ptr+context->tlssize+0x14), context->canary, sizeof(void*)); // put canary in place + memcpy((void*)((uintptr_t)ptr+context->tlssize+0x28), context->canary, sizeof(void*)); // put canary in place uintptr_t tlsptr = (uintptr_t)ptr+context->tlssize; memcpy((void*)((uintptr_t)ptr+context->tlssize+0x0), &tlsptr, sizeof(void*)); + memcpy((void*)((uintptr_t)ptr+context->tlssize+0x10), &tlsptr, sizeof(void*)); // set tcb and self same address uintptr_t dtp = (uintptr_t)ptr+context->tlssize+POS_TLS; memcpy((void*)(tlsptr+sizeof(void*)), &dtp, sizeof(void*)); if(dtsize) { @@ -155,7 +174,7 @@ static tlsdatasize_t* setupTLSData(box64context_t* context) *(uint64_t*)((uintptr_t)ptr+context->tlssize+POS_TLS+i*16+8) = i; // index } } - memcpy((void*)((uintptr_t)ptr+context->tlssize+0x10), &context->vsyscall, sizeof(void*)); // address of vsyscall + memcpy((void*)((uintptr_t)ptr+context->tlssize+0x20), &context->vsyscall, sizeof(void*)); // address of vsyscall return data; } |