mprotect() requires page-aligned address

modified: stub/amd64-linux.elf-so_fold.h modified: stub/arm.v4a-linux.elf-so_fold.h modified: stub/arm.v5a-linux.elf-so_fold.h modified: stub/arm64-linux.elf-so_fold.h modified: stub/i386-linux.elf-so_fold.h modified: stub/src/amd64-linux.elf-so_fold.S modified: stub/src/arm.v4a-linux.elf-so_entry.S modified: stub/src/arm.v4a-linux.elf-so_fold.S modified: stub/src/arm64-linux.elf-so_fold.S modified: stub/src/i386-linux.elf-so_fold.S modified: stub/tmp/amd64-linux.elf-so_fold.bin.dump
2023-03-26 07:26:53 -07:00
parent ba447344d6
commit b5d1eba4c1
11 changed files with 5533 additions and 6310 deletions
@@ -154,8 +154,13 @@ write: .globl write
 read: .globl read
        push $ __NR_read; 5: jmp 5f
 munmap: .globl munmap
-        push $ __NR_munmap; 5: jmp 5f
+        push $ __NR_munmap; 5: jmp sysgo
+
+// Sometimes Linux enforces page-aligned address for mprotect
 mprotect: .globl mprotect
+        mov %rdi,%rax; and $-1+ (1<<12),%rax
+        sub %rax,%rdi
+        add %rax,%rsi
        push $ __NR_mprotect; 5: jmp sysgo

 // section SO_MAIN inserted here
@@ -139,7 +139,7 @@ _start: .globl _start  // in Thumb mode  (via PackLinuxElf32::pack3)
        .arm
        nop
 #if 0|DEBUG  //{
-        bkpt
+        bkpt  // DEBUG
 #endif  //}
        // argc,argv,envp, r3 convenience, r4-r7 callee-saved, lr ret_addr
        stmfd sp!,{r0,r1,r2, r3, r4,r5,r6,r7, lr}
@@ -187,9 +187,16 @@ readlink:
 munmap:
        do_sys __NR_munmap; ret

+// Sometimes Linux enforces page-aligned address
        .globl mprotect
 mprotect:
+        ldr r12,m_off4k
+        and r12,r12,r0
+        sub r0,r0,r12
+        add r1,r1,r12
        do_sys __NR_mprotect; ret
+m_off4k:
+        .word -1+ (1<<12)  // offset mask for 4KiB

        .globl __clear_cache
 __clear_cache:
@@ -165,8 +165,12 @@ readlink:
 munmap:
        do_sys __NR_munmap; ret

+// Sometimes Linux enforces page-aligned address
        .globl mprotect
 mprotect:
+        and x8,x0,#-1+ (1<<12)
+        sub x0,x0,x8
+        add x1,x1,x8
        do_sys __NR_mprotect; ret

        .globl __sync_cache_range
@@ -152,16 +152,19 @@ mmap: .globl mmap  // oldmmap: %ebx -> 6 word parameters
  pop %e10
 #endif  //}

+// Sometimes linux enforces page-aligned address
+mprotect: .globl mprotect
+        mov %ebx,%eax; and $-1+ (1<<12),%eax
+        sub %eax,%ebx
+        add %eax,%ecx
+        push $ __NR_mprotect; 5: jmp 5f
 exit: .globl exit
-        push $ __NR_exit; jmp 5f
+        push $ __NR_exit; 5: jmp 5f
 munmap: .globl munmap
        push $ __NR_munmap; 5: jmp 5f
-mprotect: .globl mprotect
-        push $ __NR_mprotect; 5: jmp sysgo
 write: .globl write
-        push $__NR_write
+        push $__NR_write; 5:
        pop %eax
-sysgo:
        int $0x80
        ret

@@ -2,19 +2,19 @@ file format elf64-x86-64

 Sections:
 Idx Name          Size      VMA               LMA               File off  Algn  Flags
-  0 SO_MAIN       0627  0  0  040  2**4  CONTENTS
-  1 EXP_HEAD      0dc  0  0  0667  2**0  CONTENTS
-  2 NRV2E         0e5  0  0  0743  2**0  CONTENTS
-  3 NRV2D         0d7  0  0  0828  2**0  CONTENTS
-  4 NRV2B         0c1  0  0  08ff  2**0  CONTENTS
-  5 SO_HEAD       01b  0  0  09c0  2**0  CONTENTS
-  6 ptr_NEXT      0  0  0  09db  2**0  CONTENTS
-  7 SO_TAIL       062  0  0  09db  2**0  CONTENTS
-  8 LZMA_ELF00    064  0  0  0a3d  2**0  CONTENTS
-  9 LZMA_DEC10    09f7  0  0  0aa1  2**0  CONTENTS
- 10 LZMA_DEC20    09f7  0  0  01498  2**0  CONTENTS
- 11 LZMA_DEC30    018  0  0  01e8f  2**0  CONTENTS
- 12 EXP_TAIL      0e  0  0  01ea7  2**0  CONTENTS
+  0 SO_MAIN       05cc  0  0  040  2**4  CONTENTS
+  1 EXP_HEAD      0dc  0  0  060c  2**0  CONTENTS
+  2 NRV2E         0e5  0  0  06e8  2**0  CONTENTS
+  3 NRV2D         0d7  0  0  07cd  2**0  CONTENTS
+  4 NRV2B         0c1  0  0  08a4  2**0  CONTENTS
+  5 SO_HEAD       01b  0  0  0965  2**0  CONTENTS
+  6 ptr_NEXT      0  0  0  0980  2**0  CONTENTS
+  7 SO_TAIL       071  0  0  0980  2**0  CONTENTS
+  8 LZMA_ELF00    064  0  0  09f1  2**0  CONTENTS
+  9 LZMA_DEC10    09f7  0  0  0a55  2**0  CONTENTS
+ 10 LZMA_DEC20    09f7  0  0  0144c  2**0  CONTENTS
+ 11 LZMA_DEC30    018  0  0  01e43  2**0  CONTENTS
+ 12 EXP_TAIL      0e  0  0  01e5b  2**0  CONTENTS
 SYMBOL TABLE:
 0000000000000000 l    d  EXP_HEAD 0 EXP_HEAD
 0000000000000000 l    d  LZMA_DEC30 0 LZMA_DEC30
@@ -43,7 +43,7 @@ SYMBOL TABLE:
 000000000000004b g       SO_TAIL 0 openat
 000000000000005e g       SO_TAIL 0 mprotect
 0000000000000047 g       SO_TAIL 0 close
-000000000000036b g     F SO_MAIN 02bc upx_so_main
+0000000000000368 g     F SO_MAIN 0264 upx_so_main

 RELOCATION RECORDS FOR [SO_MAIN]:
 OFFSET           TYPE              VALUE
@@ -56,14 +56,14 @@ OFFSET           TYPE              VALUE
 0000000000000268 R_X86_64_PLT32    openat+0xfffffffffffffffc
 0000000000000283 R_X86_64_PLT32    read+0xfffffffffffffffc
 0000000000000291 R_X86_64_PLT32    close+0xfffffffffffffffc
-0000000000000310 R_X86_64_PLT32    memcpy+0xfffffffffffffffc
-0000000000000331 R_X86_64_PLT32    mmap+0xfffffffffffffffc
-000000000000033f R_X86_64_PLT32    memcpy+0xfffffffffffffffc
-00000000000003de R_X86_64_PLT32    mmap+0xfffffffffffffffc
-00000000000003ef R_X86_64_PLT32    memcpy+0xfffffffffffffffc
-000000000000041c R_X86_64_PLT32    mprotect+0xfffffffffffffffc
-00000000000005df R_X86_64_PLT32    mprotect+0xfffffffffffffffc
-00000000000005f8 R_X86_64_PLT32    munmap+0xfffffffffffffffc
+000000000000030d R_X86_64_PLT32    memcpy+0xfffffffffffffffc
+000000000000032e R_X86_64_PLT32    mmap+0xfffffffffffffffc
+000000000000033c R_X86_64_PLT32    memcpy+0xfffffffffffffffc
+00000000000003d9 R_X86_64_PLT32    mmap+0xfffffffffffffffc
+00000000000003ea R_X86_64_PLT32    memcpy+0xfffffffffffffffc
+0000000000000417 R_X86_64_PLT32    mprotect+0xfffffffffffffffc
+0000000000000588 R_X86_64_PLT32    mprotect+0xfffffffffffffffc
+00000000000005a1 R_X86_64_PLT32    munmap+0xfffffffffffffffc

 RELOCATION RECORDS FOR [NRV2E]:
 OFFSET           TYPE              VALUE