diff options
Diffstat (limited to 'src/tools/box64stack.c')
| -rwxr-xr-x | src/tools/box64stack.c | 66 |
1 files changed, 46 insertions, 20 deletions
diff --git a/src/tools/box64stack.c b/src/tools/box64stack.c index 94ca4dd3..7c330128 100755 --- a/src/tools/box64stack.c +++ b/src/tools/box64stack.c @@ -121,29 +121,55 @@ void SetupInitialStack(x64emu_t *emu) R_RSP=tmp; // push the AuxVector themselves - Push(emu, 0); Push(emu, 0); //AT_NULL(0)=0 - Push(emu, p_x86_64); Push(emu, 15); //AT_PLATFORM(15)=p_x86_64* - Push(emu, 0); Push(emu, 66); //AT_HWCAP2(26)=0 + /* Actual sample: + 3 0x400040 + 4 0x38 + 5 0xb + 6 0x1000 + 7 0x7f7addca6000 + 8 (nil) + 9 0x401040 + 11 0x3e8 + 12 0x3e8 + 13 0x3e8 + 14 0x3e8 + 16 0xbfebfbff + 15 0x7ffd5074c4c9 + 17 0x64 + 23 (nil) + 25 0x7ffd5074c4b9 + 26 (nil) + 31 0x7ffd5074efea + 33 0x7ffd507e6000 + */ + Push(emu, 0); Push(emu, 0); //AT_NULL(0)=0 + //Push(emu, ); Push(emu, 3); //AT_PHDR(3)=address of the PH of the executable + //Push(emu, ); Push(emu, 4); //AT_PHENT(4)=size of PH entry + //Push(emu, ); Push(emu, 5); //AT_PHNUM(5)=number of elf headers + Push(emu, box64_pagesize); Push(emu, 6); //AT_PAGESZ(6) + //Push(emu, real_getauxval(7)); Push(emu, 7); //AT_BASE(7)=ld-2.27.so start (in memory) + Push(emu, 0); Push(emu, 8); //AT_FLAGS(8)=0 + Push(emu, R_RIP); Push(emu, 9); //AT_ENTRY(9)=entrypoint + Push(emu, real_getauxval(11)); Push(emu, 11); //AT_UID(11) + Push(emu, real_getauxval(12)); Push(emu, 12); //AT_EUID(12) + Push(emu, real_getauxval(13)); Push(emu, 13); //AT_GID(13) + Push(emu, real_getauxval(14)); Push(emu, 14); //AT_EGID(14) + Push(emu, p_x86_64); Push(emu, 15); //AT_PLATFORM(15)=&"x86_64" // Push HWCAP: - // FPU: 1<<0 ; VME: 1<<1 ; DE : 1<<2 ; PSE: 1<<3 ; TSC: 1<<4 - // MSR: 1<<5 : PAE: 1<<6 : MCE: 1<<7 ; CX8: 1<<8 : APIC:1<<9 - // SEP: 1<<11: MTRR:1<<12: PGE: 1<<13: MCA: 1<<14; CMOV:1<<15; FCMOV: 1<<16 - // MMX: 1<<23:OSFXR:1<<24: XMM: 1<<25:XMM2: 1<<26;AMD3D:1<<31 + // FPU: 1<<0 ; VME: 1<<1 ; DE : 1<<2 ; PSE: 1<<3 ; TSC: 1<<4 ; MSR: 1<<5 ; PAE: 1<<6 ; MCE: 1<<7 + // CX8: 1<<8 ; APIC:1<<9 ; SEP: 1<<11; MTRR:1<<12; PGE: 1<<13; MCA: 1<<14; CMOV:1<<15 + // FCMOV:1<<16; ; MMX: 1<<23 + // OSFXR:1<<24; XMM: 1<<25;XMM2: 1<<26; AMD3D:1<<31 Push(emu, (1<<0) | (1<<1) | (1<<2) | (1<<3) | (1<<4) | (1<<8) | (1<<15) | (1<<16) | (1<<23) | (1<<25) | (1<<26)); - Push(emu, 16); //AT_HWCAP(16)=... - Push(emu, p_arg0); Push(emu, 31); //AT_EXECFN(31)=p_arg0 - Push(emu, p_random); Push(emu, 25); //AT_RANDOM(25)=p_random - Push(emu, real_getauxval(23)); Push(emu, 23); //AT_SECURE(23)=0 - Push(emu, real_getauxval(14)); Push(emu, 14); //AT_EGID(14) - Push(emu, real_getauxval(13)); Push(emu, 13); //AT_GID(13) - Push(emu, real_getauxval(12)); Push(emu, 12); //AT_EUID(12) - Push(emu, real_getauxval(11)); Push(emu, 11); //AT_UID(11) - Push(emu, box64_pagesize); Push(emu, 6); //AT_PAGESZ(6) - Push(emu, R_RIP); Push(emu, 9); //AT_ENTRY(9)=entrypoint - Push(emu, 0/*emu->context->vsyscall*/); Push(emu, 32); //AT_SYSINFO(32)=vsyscall + Push(emu, 16); //AT_HWCAP(16)=... + //Push(emu, sysconf(_SC_CLK_TCK)); Push(emu, 17); //AT_CLKTCK(17)=times() frequency + Push(emu, real_getauxval(23)); Push(emu, 23); //AT_SECURE(23) + Push(emu, p_random); Push(emu, 25); //AT_RANDOM(25)=p_random + Push(emu, 0); Push(emu, 26); //AT_HWCAP2(26)=0 + Push(emu, p_arg0); Push(emu, 31); //AT_EXECFN(31)=p_arg0 + //Push(emu, ); Push(emu, 33); //AT_SYSINFO_EHDR(33)=address of vDSO if(!emu->context->auxval_start) // store auxval start if needed emu->context->auxval_start = (uintptr_t*)R_RSP; - // TODO: continue // push nil / envs / nil / args / argc Push(emu, 0); @@ -153,4 +179,4 @@ void SetupInitialStack(x64emu_t *emu) for (int i=emu->context->argc-1; i>=0; --i) Push(emu, p_argv[i]); Push(emu, emu->context->argc); -} \ No newline at end of file +} |