jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Escape hatch needs 'notrack' to enter

Browse Source 
modified:   stub/src/amd64-linux.elf-fold.S
	modified:   stub/src/i386-linux.elf-fold.S
This commit is contained in:
John Reiser 2025-03-02 11:22:05 -08:00
parent dbde75028c
commit fb0f6c6a00
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/stub/src/amd64-linux.elf-fold.S
View File

@ -201,11 +201,16 @@ p_memsz= 5*NBPW
mov %ebx,%edi # fd mov %ebx,%edi # fd
call close call close
.macro NOTRACK
.byte 0x3e
.endm
no_pse_map: no_pse_map:
pop %arg1 # ADRU: unfolded upx_main2 etc. pop %arg1 # ADRU: unfolded upx_main2 etc.
pop %arg2 # LENU pop %arg2 # LENU
push $__NR_munmap; pop %rax push $__NR_munmap; pop %rax
/*notrack*/ jmp *(%r14) # goto: syscall; pop %rdx; ret NOTRACK; jmp *(%r14) # goto: syscall; pop %rdx; ret
get_page_mask: .globl get_page_mask get_page_mask: .globl get_page_mask
mov PAGE_MASK(%rip),%rax mov PAGE_MASK(%rip),%rax

5
src/stub/src/i386-linux.elf-fold.S
View File

@ -285,8 +285,11 @@ L60:
push eax push eax
push eax // 32 bytes of zeroes now on stack, ready for 'popa' push eax // 32 bytes of zeroes now on stack, ready for 'popa'
.macro NOTRACK
.byte 0x3e
.endm
mov al, __NR_munmap // eax was 0 from L60 mov al, __NR_munmap // eax was 0 from L60
/*notrack*/ jmp [edi] // unmap ourselves via escape hatch, then goto entry NOTRACK; jmp [edi] // unmap ourselves via escape hatch, then goto entry
section SYSCALLS section SYSCALLS
// Sometimes linux enforces page-aligned address // Sometimes linux enforces page-aligned address