emit.c

二进制翻译的一个软件

  
  if(!M->ismmaped)
    panic("Signal's Mstate is NOT mmaped\n");
  
  DEBUG(sig_init_exit) {
    fprintf(DBG, "UNMAPPING -- sigreturn\n");
    fflush(DBG);
  }
  
  munmap(M, sizeof(machine_t));  
  
  asm volatile ("mov %1, %%esp\n\t"
		"int $0x80\n\t"
		:
		: "a" (__NR_sigreturn),
		  "m" (esp)
		);
  panic("sigreturn: \"unreachable\' code reached\n");  
}

void
rt_sigreturn_syscall(machine_t *M, fixregs_t regs)
{
  unsigned long esp = (unsigned long)&M;
  esp += sizeof(machine_t *) + sizeof(pushaf_t);
  
  if(!M->ismmaped)
    panic("Signal's Mstate is NOT mmaped\n");
  
  DEBUG(sig_init_exit) {
    fprintf(DBG, "UNMAPPING -- sigreturn\n");
    fflush(DBG);
  }
  
  munmap(M, sizeof(machine_t));
  
  asm volatile ("mov %1, %%esp\n\t"
		"int $0x80\n\t"
		:
		: "a" (__NR_rt_sigreturn),
		  "m" (esp)		  
		);  
  panic("rt_sigreturn: \"unreachable\' code reached\n");
}


#endif /* SIGNALS */


void 
emit_pusha_pushM_call(machine_t *M, void *proc) //[len 19b]
{
  // pusha [len 1b]
  bb_emit_byte(M, 0x60u);

  // Push M [len 5b]
  bb_emit_byte(M, 0x68u);
  bb_emit_w32(M, (unsigned long) M);
  
  // call stub [len 5b]
  bb_emit_call(M, (unsigned char *) proc);
  
  // esp += 4; leal 4(%esp), %esp [len 7b]
  bb_emit_byte(M, 0x8du);
  bb_emit_byte(M, 0xA4u); /* 10 100 100 */
  bb_emit_byte(M, 0x24u); /* 00 100 100 */
  bb_emit_w32(M, 0x4u);
  
  // popa [len 1b]
  bb_emit_byte(M, 0x61u);  
}


void
syscall_stub(machine_t *M, fixregs_t regs)
{
  fprintf(DBG, "syscall# = %ld, syscall = %s\n", 
	  regs.eax, syscall_names[regs.eax]);
  fprintf(DBG, "eax = %lx\n", regs.eax);
  fprintf(DBG, "ebx = %lx\n", regs.ebx);
  fprintf(DBG, "ecx = %lx\n", regs.ecx);
  fprintf(DBG, "edx = %lx\n", regs.edx);
  fprintf(DBG, "esi = %lx\n", regs.esi);
  fprintf(DBG, "edi = %lx\n", regs.edi);
  fprintf(DBG, "M  mapped? = %s\n", 
	  ((M->ismmaped) ? "true": "false"));        
  
  fprintf(DBG, " - - - - - - - - - - - - - - - - - - - - -\n\n");
  fflush(DBG);
}

void
emit_syscall_handler(machine_t *M, unsigned long which_syscall)
{  
  unsigned char b[2] = {0, 0};
  if(which_syscall == EMIT_INT80_SYSCALL) {
    // int 0x80
    b[0] = 0xCDu;
    b[1] = 0x80u;
  }
  else {    
    // sysenter
    b[0] = 0x0fu;
    b[1] = 0x34u;
  }

#if (!defined(EXIT_HANDLING_NECESSARY) &&	\
     !defined(THREADED_XLATE)         &&	\
     !defined(SIGNALS))				
  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  return;
#else
  
  // Pushf
  bb_emit_byte (M, 0x9Cu);
  
  DEBUG(show_all_syscalls)
    emit_pusha_pushM_call(M, ((void *)syscall_stub));
  
#ifdef THREADED_XLATE
#define CL_SKIP 56u
#define EXIT_SKIP 34u
#define EXEC_SKIP 56u
#else
#define CL_SKIP 0u
#define EXEC_SKIP 0u
#define EXIT_SKIP 0u
#endif   


#ifdef SIGNALS
#define RT_SA_SKIP 53u
#define SA_SKIP 53u
#define SIGNAL_SKIP 53u
#define SRET_SKIP 34u
#define RT_SRET_SKIP 34u
#else
#define RT_SA_SKIP 0u
#define SA_SKIP 0u
#define SIGNAL_SKIP 0u
#define SRET_SKIP 0u
#define RT_SRET_SKIP 0u
#endif
    
#ifdef EXIT_HANDLING_NECESSARY
  /***********************************************************/
  // exit_group  0xfc [len 34b]
  /***********************************************************/
  //1f:
  //cmp %eax, $__NR_exit_group [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_exit_group);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 27u);

  emit_pusha_pushM_call(M, ((void *)exit_stub)); //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, RT_SRET_SKIP + SRET_SKIP + RT_SA_SKIP + SA_SKIP + 
	      SIGNAL_SKIP + EXIT_SKIP + EXEC_SKIP + CL_SKIP + 3u);
#endif /* EXIT_HANDLING_NECESSARY */


#ifdef SIGNALS

  /***********************************************************/
  // sigaction ==   [len 34b]
  /***********************************************************/
  //cmp %eax, $__NR_sigreturn [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_sigreturn);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 27u);

  emit_pusha_pushM_call(M, ((void *)sigreturn_syscall)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, SRET_SKIP + RT_SA_SKIP + SA_SKIP + SIGNAL_SKIP + 
	      EXIT_SKIP + EXEC_SKIP + CL_SKIP + 3u);


  /***********************************************************/
  // sigaction ==   [len 34b]
  /***********************************************************/
  //cmp %eax, $__NR_sigreturn [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_sigreturn);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 27u);

  emit_pusha_pushM_call(M, ((void *)sigreturn_syscall)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, RT_SA_SKIP + SA_SKIP + SIGNAL_SKIP + EXIT_SKIP + 
	      EXEC_SKIP + CL_SKIP + 3u);


  /***********************************************************/
  // rt_sigaction ==   [len 53b]
  /***********************************************************/
  //cmp %eax, $__NR_rt_sigaction [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_rt_sigaction);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 46u);

  emit_pusha_pushM_call(M, ((void *)sigaction_syscall_pre)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);

  emit_pusha_pushM_call(M, ((void *)sigaction_syscall_post)); 
  //[len 19b]
  
  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, SA_SKIP + SIGNAL_SKIP + EXIT_SKIP + EXEC_SKIP + 
	      CL_SKIP + 3u);


  /***********************************************************/
  // sigaction ==   [len 53b]
  /***********************************************************/
  //cmp %eax, $__NR_sigaction [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_sigaction);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 46u);

  emit_pusha_pushM_call(M, ((void *)sigaction_syscall_pre)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  emit_pusha_pushM_call(M, ((void *)sigaction_syscall_post)); 
  //[len 19b]

  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, SIGNAL_SKIP + EXIT_SKIP + EXEC_SKIP + CL_SKIP + 3u);

  /***********************************************************/
  // signal ==   [len 53b]
  /***********************************************************/
  //cmp %eax, $__NR_signal [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_signal);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 46u);

  emit_pusha_pushM_call(M, ((void *)signal_syscall_pre)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  emit_pusha_pushM_call(M, ((void *)signal_syscall_post)); 
  //[len 19b]

  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, EXIT_SKIP + EXEC_SKIP + CL_SKIP + 3u);


#if 0
  /***********************************************************/
  // sigaltstack ==   [len 53b]
  /***********************************************************/
  //cmp %eax, $__NR_sigaltstack [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_sigaltstack);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 46u);

  emit_pusha_pushM_call(M, ((void *)sigaltstack_syscall_pre)); 
  //[len 19b]

  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  emit_pusha_pushM_call(M, ((void *)sigaltstack_syscall_post)); 
  //[len 19b]

  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, EXIT_SKIP + EXEC_SKIP + CL_SKIP + 3u);
#endif

#endif /* SIGNALS */


#ifdef THREADED_XLATE
  /***********************************************************/
  // exit ==  0x01 [len 34b]
  /***********************************************************/
  /* **** MUST FIX EXIT_SKIP IF THE SIZE OF THIS BLOCK CHANGES **** */

  //cmp %eax, $__NR_exit [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_exit);

  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 27u);

  emit_pusha_pushM_call(M, ((void *) exit_unmapper)); //[len 19b]
  
  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);    

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, CL_SKIP + EXEC_SKIP + 3u);

  /***********************************************************/
  // execve ==  0x0B [len 56b]
  /***********************************************************/
  /* **** MUST FIX EXEC_SKIP IF THE SIZE OF THIS BLOCK CHANGES **** */
  
  //cmp %eax, $__NR_execve [len 5b] 
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_execve);
    
  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 49u);

  //[len 19b]
  if(M->ismmaped) {
    emit_pusha_pushM_call(M, ((void *) execve_unmapper));
  }
  else {
    // jmp out [len 5b]
    bb_emit_byte(M, 0xe9u);
    bb_emit_w32(M, CL_SKIP + 30u + 14);    

    int i=0;
    for(i=0; i < 14; i++)
      bb_emit_byte (M, 0x90u); // nop
  }
  
  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);    
  
  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);
  
  // If execve() succeeds, we will NOT REACH HERE.
  // Now that we are here, execve() failed for whatever reason
  // but we *may* have removed the M state; now too late to
  // find out. So, start anew anyway ... 
  // If this was that thread with a static mmap() -- too bad?
  
  bb_setup_child_startup(M); //[len 22b]

  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, CL_SKIP + 3u);

  /***********************************************************/
  // clone 0x78 == 120 [len 56b]
  /***********************************************************/
  /* **** MUST FIX CL_SKIP IF THE SIZE OF THIS BLOCK CHANGES **** */

  /*   //1f: */
  //cmp %eax, $__NR_clone [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, __NR_clone);
  
  //jne 1f: [len 2b]
  bb_emit_byte(M, 0x75u);
  bb_emit_byte(M, 49u);
 
  // push %ebx [len 1b]
  bb_emit_byte(M, 0x53u);

  // and $CLONE_VM, %ebx [len 6b]  
  bb_emit_byte(M, 0x81u); // 81 / 4
  bb_emit_byte(M, 0xE3u); // 11 100 011
  bb_emit_w32(M, CLONE_VM);
  
  // pop %ebx [len 1b]
  bb_emit_byte(M, 0x5bu);
  
  // jz normal (other-syscalls)  [len 2b]
  bb_emit_byte(M, 0x74u);
  bb_emit_byte(M, 39u);  
  
  // mask all signals [len 19b]
  //emit_pusha_pushM_call(M, (void *)maskAllSignals);
  
  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);

  // Pushf [len 1b]
  bb_emit_byte (M, 0x9Cu);

  //cmp %eax, $0x0u [len 5b]
  bb_emit_byte(M, 0x3Du);
  bb_emit_w32(M, 0x00u);
  
  // jz parent  [len 2b]
  bb_emit_byte(M, 0x74u);
  bb_emit_byte(M, 22u);  
  
  bb_setup_child_startup(M); //[len 22b]
  
  // parent:
  // Restore masked signals //[len 19b]
  //emit_pusha_pushM_call(M, (void *)restoreSignals);
  
  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);  

  // jmp out [len 5b]
  bb_emit_byte(M, 0xe9u);
  bb_emit_w32(M, 3u);
  
#endif /* THREADED_XLATE */
  
  /***********************************************************/
  // All other syscalls [len 3b]
  /***********************************************************/
  // popf [len 1b]
  bb_emit_byte (M, 0x9Du);
  
  // the sys_call [len 2b]
  bb_emit_byte(M, b[0]);
  bb_emit_byte(M, b[1]);

  /***********************************************************/
  // out
  /***********************************************************/
  //1f:  
#endif /* No threading or exit Handling */
  
}

bool
emit_int(machine_t *M, decode_t *d)
{
  DEBUG(emits)
    fprintf(DBG, "Int ");

#ifdef PROFILE
  // Calls emit_normal.  
#endif

  unsigned i;
  
  if(d->instr[1] == 0x80u)  {   	
    emit_syscall_handler(M, EMIT_INT80_SYSCALL);
  }
  else {
    emit_normal(M, d);
  }