From 6a1e70bf407e8bed09e02909ff64fcab27e57477 Mon Sep 17 00:00:00 2001 From: John Reiser Date: Sat, 20 Jul 2024 11:24:25 -0700 Subject: [PATCH] i386 filters 0x46 and 0x49 are the same modified: filter/filter_impl.cpp modified: stub/src/arch/i386/bxx.S --- src/filter/filter_impl.cpp | 1 + src/stub/src/arch/i386/bxx.S | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/filter/filter_impl.cpp b/src/filter/filter_impl.cpp index ed066a15..18e474ee 100644 --- a/src/filter/filter_impl.cpp +++ b/src/filter/filter_impl.cpp @@ -204,6 +204,7 @@ { 0x36, 6, 0x00ffffff, f_ctoj32_e8e9_bswap_le, u_ctoj32_e8e9_bswap_le, s_ctoj32_e8e9_bswap_le }, // 32-bit calltrick with jmp, optional jcc; runtime can unfilter more than one block + // 2024-07-18 Note: two tags for the same filter { 0x46, 6, 0x00ffffff, f_ctok32_e8e9_bswap_le, u_ctok32_e8e9_bswap_le, s_ctok32_e8e9_bswap_le }, { 0x49, 6, 0x00ffffff, f_ctok32_e8e9_bswap_le, u_ctok32_e8e9_bswap_le, s_ctok32_e8e9_bswap_le }, diff --git a/src/stub/src/arch/i386/bxx.S b/src/stub/src/arch/i386/bxx.S index 18739f4c..7f6771b0 100644 --- a/src/stub/src/arch/i386/bxx.S +++ b/src/stub/src/arch/i386/bxx.S @@ -29,7 +29,16 @@ i386bxx: # (*f_unf)(xo->buf, out_len, h.b_cto8, h.b_ftid); #ifndef NO_METHOD_CHECK - cmpl $0x49,4*NBPW(%esp); jne ckend0 # filter: JMP, CALL, 6-byte Jxx +// 2024-07-18 Filter 0x49 and 0x46 are the same! src/filter/filter_impl.cpp: +// // 32-bit calltrick with jmp, optional jcc; runtime can unfilter more than one block +// { 0x46, 6, 0x00ffffff, f_ctok32_e8e9_bswap_le, u_ctok32_e8e9_bswap_le, s_ctok32_e8e9_bswap_le }, +// { 0x49, 6, 0x00ffffff, f_ctok32_e8e9_bswap_le, u_ctok32_e8e9_bswap_le, s_ctok32_e8e9_bswap_le }, +// + mov 4*NBPW(%esp),%eax + cmpl $0x49,%eax; je cktop + cmpl $0x46,%eax; je cktop + jmp ckend0 +cktop: #endif push %ebp; movl %esp,%ebp push %ebx # C-language saved regs