From fb0f6c6a005a795a508ad765cddf164f2d8de37b Mon Sep 17 00:00:00 2001 From: John Reiser Date: Sun, 2 Mar 2025 11:22:05 -0800 Subject: [PATCH] Escape hatch needs 'notrack' to enter modified: stub/src/amd64-linux.elf-fold.S modified: stub/src/i386-linux.elf-fold.S --- src/stub/src/amd64-linux.elf-fold.S | 7 ++++++- src/stub/src/i386-linux.elf-fold.S | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/stub/src/amd64-linux.elf-fold.S b/src/stub/src/amd64-linux.elf-fold.S index cd3da36f..ebab5fc7 100644 --- a/src/stub/src/amd64-linux.elf-fold.S +++ b/src/stub/src/amd64-linux.elf-fold.S @@ -201,11 +201,16 @@ p_memsz= 5*NBPW mov %ebx,%edi # fd call close + +.macro NOTRACK + .byte 0x3e +.endm + no_pse_map: pop %arg1 # ADRU: unfolded upx_main2 etc. pop %arg2 # LENU push $__NR_munmap; pop %rax - /*notrack*/ jmp *(%r14) # goto: syscall; pop %rdx; ret + NOTRACK; jmp *(%r14) # goto: syscall; pop %rdx; ret get_page_mask: .globl get_page_mask mov PAGE_MASK(%rip),%rax diff --git a/src/stub/src/i386-linux.elf-fold.S b/src/stub/src/i386-linux.elf-fold.S index c3dfb03f..d52f7ed0 100644 --- a/src/stub/src/i386-linux.elf-fold.S +++ b/src/stub/src/i386-linux.elf-fold.S @@ -285,8 +285,11 @@ L60: push eax push eax // 32 bytes of zeroes now on stack, ready for 'popa' +.macro NOTRACK + .byte 0x3e +.endm mov al, __NR_munmap // eax was 0 from L60 - /*notrack*/ jmp [edi] // unmap ourselves via escape hatch, then goto entry + NOTRACK; jmp [edi] // unmap ourselves via escape hatch, then goto entry section SYSCALLS // Sometimes linux enforces page-aligned address