Skip to content

Commit

Permalink
fix backdoor_init placement, add backdoor_entry
Browse files Browse the repository at this point in the history
  • Loading branch information
@smx-smx
smx-smx committed Apr 13, 2024
1 parent 9eaa9fb commit 57551f3
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
17 changes: 14 additions & 3 deletions xzre.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1782,7 +1782,7 @@ extern BOOL secret_data_append_from_call_site(
extern BOOL backdoor_setup(backdoor_setup_params_t *params);

/**
* @brief calls backdoor_init_stage2() while in the crc64() IFUNC resolver function
* @brief calls @ref backdoor_init while in the crc64() IFUNC resolver function
*
* the function counts the number of times it was called in resolver_call_count
*
Expand All @@ -1795,11 +1795,22 @@ extern BOOL backdoor_setup(backdoor_setup_params_t *params);
* this is a modified version of __get_cpuid_max() from gcc
*
* backdoor_init_stage2() is called by replacing the _cpuid() GOT entry to point to backdoor_init_stage2()
* @param ext EAX register input. Is either 0 or 0x80000000, but this value is actually not used.
* @param cpuid_request EAX register input. Is either 0 or 0x80000000, but this value is actually not used.
* @param caller_frame the value of __builtin_frame_address(0)-16 from within context of the INFUN resolver
* @return unsigned int the EAX register output. Normally the maximum supported cpuid level.
*/
extern unsigned int backdoor_init(unsigned int ext, u64 *caller_frame);
extern unsigned int backdoor_entry(unsigned int cpuid_request, u64 *caller_frame);

/**
* @brief calls @ref backdoor_init_stage2 by disguising it as a call to cpuid.
*
* this is achieved by modifying the cpuid GOT entry.
*
* @param state the entry context, filled by @ref backdoor_entry
* @param caller_frame the value of __builtin_frame_address(0)-16 from within context of the INFUN resolver
* @return unsigned int the EAX register output. Normally the maximum supported cpuid level.
*/
extern unsigned int backdoor_init(elf_entry_ctx_t *state, u64 *caller_frame);

/**
* @brief initialises the elf_entry_ctx_t
Expand Down
5 changes: 4 additions & 1 deletion xzre.lds.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,10 @@ SECTIONS_BEGIN()
DEFSYM(find_string_reference, .text.stream_encoda)
DEFSYM(secret_data_append_singleton, .text.rc_read_inis)
DEFSYM(secret_data_append_from_address, .text.lzma2_decoder_ena)
DEFSYM(backdoor_init, .text._get_cpuia)
DEFSYM_START(.text._get_cpuia)
DEFSYM2(backdoor_entry, 0)
DEFSYM2(backdoor_init, 0xA784 - 0xA710)
DEFSYM_END(.text._get_cpuia)
DEFSYM(backdoor_init_stage2, .text.lzma_validate_chaia)
DEFSYM(init_elf_entry_ctx, .text.read_output_and_waia)
DEFSYM(get_got_offset, .text.parse_delt1)
Expand Down

0 comments on commit 57551f3

Please sign in to comment.