Skip to content

Commit

Permalink
i am eating my thumbs (arm reference)
Browse files Browse the repository at this point in the history
  • Loading branch information
@altalk23
altalk23 committed Sep 15, 2023
1 parent 9f1938f commit ffc97a5
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 80 deletions.
87 changes: 20 additions & 67 deletions src/Handler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,24 @@ Result<> Handler::init() {

auto target = m_modifiedBytes.size();

auto address = reinterpret_cast<uint8_t*>(m_address);
auto address = reinterpret_cast<uint8_t*>(Target::get().getRealPtr(m_address));
m_originalBytes.insert(m_originalBytes.begin(), address, address + target);

TULIP_HOOK_UNWRAP_INTO(auto trampolineOffset, generator->relocateOriginal(target));
TULIP_HOOK_UNWRAP(generator->generateTrampoline(trampolineOffset));

auto metadata = HookMetadata();
metadata.m_priority = INT32_MAX;
static_cast<void>(this->createHook(m_wrapped, metadata));
this->addOriginal();

return Ok();
}

void Handler::addOriginal() {
auto metadata = HookMetadata{
.m_priority = INT32_MAX,
};
static_cast<void>(this->createHook(Target::get().getRealPtrAs(m_wrapped, m_address), metadata));
}

HookHandle Handler::createHook(void* address, HookMetadata m_metadata) {
static size_t s_nextHookHandle = 0;
auto hook = HookHandle(++s_nextHookHandle);
Expand Down Expand Up @@ -96,10 +101,7 @@ void Handler::clearHooks() {
m_handles.clear();
m_content->m_functions.clear();

auto metadata = HookMetadata{
.m_priority = INT32_MAX,
};
static_cast<void>(this->createHook(m_wrapped, metadata));
this->addOriginal();
}

void Handler::updateHookMetadata(HookHandle const& hook, HookMetadata const& metadata) {
Expand All @@ -115,68 +117,19 @@ void Handler::reorderFunctions() {
}

Result<> Handler::interveneFunction() {
return Target::get().writeMemory(m_address, static_cast<void*>(m_modifiedBytes.data()), m_modifiedBytes.size());
return Target::get().writeMemory(
Target::get().getRealPtr(m_address),
static_cast<void*>(m_modifiedBytes.data()),
m_modifiedBytes.size()
);
}

Result<> Handler::restoreFunction() {
return Target::get().writeMemory(m_address, static_cast<void*>(m_originalBytes.data()), m_originalBytes.size());
}

// TODO: fully remove the symbol resolver because i dont like it
bool TULIP_HOOK_DEFAULT_CONV Handler::symbolResolver(char const* csymbol, uint64_t* value) {
std::string symbol = csymbol;

if (symbol.find("_address") != std::string::npos) {
auto in = std::istringstream(symbol.substr(8));

std::string input;
std::getline(in, input, '_');
HandlerHandle handler = std::stoll(input, nullptr, 16);
std::getline(in, input, '_');
size_t offset = std::stoll(input, nullptr, 10);

*value = reinterpret_cast<uint64_t>(Pool::get().getHandler(handler).m_address) + offset;
return true;
}

if (symbol.find("_handler") != std::string::npos) {
auto in = std::istringstream(symbol.substr(8));

std::string input;
std::getline(in, input, '_');
HandlerHandle handler = std::stoll(input, nullptr, 16);

*value = reinterpret_cast<uint64_t>(Pool::get().getHandler(handler).m_handler);
return true;
}

if (symbol.find("_content") != std::string::npos) {
auto in = std::istringstream(symbol.substr(8));

std::string input;
std::getline(in, input, '_');
HandlerHandle handler = std::stoll(input, nullptr, 16);

*value = reinterpret_cast<uint64_t>(Pool::get().getHandler(handler).m_content);
return true;
}

if (symbol.find("_incrementIndex") != std::string::npos) {
*value = reinterpret_cast<uint64_t>(&Handler::incrementIndex);
return true;
}

if (symbol.find("_decrementIndex") != std::string::npos) {
*value = reinterpret_cast<uint64_t>(&Handler::decrementIndex);
return true;
}

if (symbol.find("_getNextFunction") != std::string::npos) {
*value = reinterpret_cast<uint64_t>(&Handler::getNextFunction);
return true;
}

return false;
return Target::get().writeMemory(
Target::get().getRealPtr(m_address),
static_cast<void*>(m_originalBytes.data()),
m_originalBytes.size()
);
}

static thread_local std::stack<size_t> s_indexStack;
Expand Down
2 changes: 2 additions & 0 deletions src/Handler.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ namespace tulip::hook {

void clearHooks();

void addOriginal();

void reorderFunctions();

void updateHookMetadata(HookHandle const& hook, HookMetadata const& metadata);
Expand Down
19 changes: 6 additions & 13 deletions src/generator/ArmV7Generator.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ Result<ArmV7HandlerGenerator::RelocateReturn> ArmV7HandlerGenerator::relocateOri
auto origin = new CodeMemBlock((uint64_t)m_address, target);
auto relocated = new CodeMemBlock();
// idk about arm thumb stuff help me
auto originBuffer = (void*)((uint64_t)m_address + 1);
auto relocatedBuffer = (void*)m_trampoline;
auto originBuffer = m_address;
auto relocatedBuffer = m_trampoline;

GenRelocateCodeAndBranch(originBuffer, relocatedBuffer, origin, relocated);

Expand Down Expand Up @@ -109,24 +109,17 @@ std::vector<uint8_t> ArmV7HandlerGenerator::intervenerBytes(uint64_t address) {

a.ldrw(PC, "handler");
a.label("handler");
a.write32(reinterpret_cast<uint64_t>(m_handler));
// my thumbs will eat me
a.write32(reinterpret_cast<uint64_t>(m_handler) + 1);

a.updateLabels();

return std::move(a.m_buffer);
}

std::vector<uint8_t> ArmV7HandlerGenerator::trampolineBytes(uint64_t address, size_t offset) {
ArmV7Assembler a(address);
using enum ArmV7Register;

a.ldrw(PC, "original");
a.label("original");
a.write32(reinterpret_cast<uint64_t>(m_address) + offset);

a.updateLabels();

return std::move(a.m_buffer);
// Dobby handles the creation of the trampoline
return {};
}

Result<> ArmV7HandlerGenerator::generateTrampoline(RelocateReturn offsets) {
Expand Down
11 changes: 11 additions & 0 deletions src/target/PosixArmV7Target.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,15 @@ std::unique_ptr<WrapperGenerator> PosixArmV7Target::getWrapperGenerator(void* ad
return std::make_unique<ArmV7WrapperGenerator>(address, metadata);
}

// Thumb is very fun to deal with!
void* PosixArmV7Target::getRealPtr(void* ptr) {
return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(ptr) & (~1));
}
void* PosixArmV7Target::getRealPtrAs(void* ptr, void* lookup) {
return reinterpret_cast<void*>(
reinterpret_cast<uintptr_t>(this->getRealPtr(ptr)) |
(reinterpret_cast<uintptr_t>(lookup) & 1)
);
}

#endif
3 changes: 3 additions & 0 deletions src/target/PosixArmV7Target.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ namespace tulip::hook {
void* address, void* trampoline, void* handler, void* content, void* wrapped, HandlerMetadata const& metadata
) override;
std::unique_ptr<WrapperGenerator> getWrapperGenerator(void* address, WrapperMetadata const& metadata) override;

void* getRealPtr(void* ptr) override;
void* getRealPtrAs(void* ptr, void* lookup) override;
};
}

Expand Down
8 changes: 8 additions & 0 deletions src/target/Target.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,11 @@ void Target::closeCapstone() {
csh Target::getCapstone() {
return m_capstone;
}

void* Target::getRealPtr(void* ptr) {
return ptr;
}

void* Target::getRealPtrAs(void* ptr, void* lookup) {
return ptr;
}
4 changes: 4 additions & 0 deletions src/target/Target.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,9 @@ namespace tulip::hook {
) = 0;
virtual std::unique_ptr<WrapperGenerator> getWrapperGenerator(void* address, WrapperMetadata const& metadata) = 0;
// sorry :( virtual BaseAssembler* getAssembler(int64_t baseAddress);

// These just exist because of arm7! fun!
virtual void* getRealPtr(void* ptr);
virtual void* getRealPtrAs(void* ptr, void* lookup);
};
};

0 comments on commit ffc97a5

Please sign in to comment.