vbox的更動 66799 路徑 trunk/src/VBox/HostDrivers

時間撮記:

2017-5-4 下午07:03:27 (8 年 以前)

作者:

vboxsync

訊息:

Support: Save and restore the content of rax because it clobbered when converting relative calls

檔案:

• trunk/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp (修改) (3 筆差異)

trunk/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp

@@ -369 +369 @@
 
     /*
-     * Each relative call requires 7 extra bytes as it is converted to an absolute one
-     * using two instructions (mov raw, qword + call rax). */
-    cbPatchMem += cRelCalls * 7;
+     * Each relative call requires 9 extra bytes as it is converted to an absolute one
+     * using two instructions (push rax + mov rax, qword + call rax + pop rax). */
+    cbPatchMem += cRelCalls * 9;
     cbPatchMem += 14; /* jmp qword [$+8 wrt RIP] + 8 byte address to jump to. */
     cbPatchMem = RT_ALIGN_32(cbPatchMem, 8);
@@ -456 +456 @@
             uintptr_t uAddr = (uintptr_t)&pbTarget[offInsn + cbInstr] + (intptr_t)Dis.Param1.uValue;
 
-            *pbPatchMem++ = 0x48;
+            *pbPatchMem++ = 0x50; /* push rax */
+            *pbPatchMem++ = 0x48; /* mov rax, qword */
             *pbPatchMem++ = 0xb8;
             *(uint64_t *)pbPatchMem = uAddr;
@@ -463 +464 @@
             *pbPatchMem++ = 0xff; /* call rax */
             *pbPatchMem++ = 0xd0;
+            *pbPatchMem++ = 0x58; /* pop rax */
         }
         else