Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trampoline failures #43

Closed
p5-vbnekit opened this issue Sep 18, 2019 · 1 comment
Closed

Trampoline failures #43

p5-vbnekit opened this issue Sep 18, 2019 · 1 comment

Comments

@p5-vbnekit
Copy link

p5-vbnekit commented Sep 18, 2019
edited
Loading

Hi. May be it's same as x64 trampoline fail #15, but i'm not sure =)

Background

I tried to install hook on x86_64.elf shared object function and was disappointed with error #75 (EOVERFLOW). Next i tried to use SUBHOOK_64BIT_OFFSET flag and it became another grief for me. =)

Point of my problems

As i see subhook trampoline calls raises undefined undefined behaviour [always SIGSEGV? not sure] in two cases:

1. under x86_64 with SUBHOOK_64BIT_OFFSET

(gdb) run
Starting program: /tmp/build/subhook-trampoline-test/x86_64-desktop/debug/test 
main: hook = 0x555555570e70
main: executing foo...
foo: value = 1
main: hook installed
main: executing foo...
foo_replacement: value = 1, trampoline = 0
main: trampoline = 0x555555570ee0
main: executing foo...
foo_replacement: value = 1, trampoline = 0x555555570ee0
foo_replacement: executing trampoline [0x555555570ee0]...

Program received signal SIGSEGV, Segmentation fault.
0x0000555555570eec in ?? ()
(gdb) bt
#0  0x0000555555570eec in ?? ()
#1  0x0000000000000000 in ?? ()
(gdb) generate-core-file 
Saved corefile core.15694

core.15694.gz

2. under x86 with size-optimized foo function build (gcc "-Os" flag)

(gdb) run
Starting program: /tmp/build/subhook-trampoline-test/x86-desktop/release+min_size/test 
main: hook = 0x56560b70
main: executing foo...
foo: value = 1
main: hook installed
main: executing foo...
foo_replacement: value = 1, trampoline = 0
main: trampoline = 0x56560bb0
main: executing foo...
foo_replacement: value = 1, trampoline = 0x56560bb0
foo_replacement: executing trampoline [0x56560bb0]...

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0xf7fc5273 in foo () from /tmp/build/subhook-trampoline-test/x86-desktop/release+min_size/libfoo.so
#2  0x5655784a in foo_replacement(int) ()
#3  0x56557ff2 in routine() ()
#4  0x56557294 in main ()
(gdb) generate-core-file 
Saved corefile core.15628

core.15628.gz

Test project on github

I published a test project on github to demonstrate this problem. Please check it.

Can you fix this bugs?
Thanks a lot!
@Zeex
Copy link
Owner

Zeex commented Nov 1, 2020
edited
Loading

I think this bug is fixed now. Trampline code should be allocated within 32-bit address space of the process.

@Zeex Zeex closed this as completed Nov 1, 2020
@jdbool jdbool mentioned this issue Nov 16, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zeex @p5-vbnekit