-
Notifications
You must be signed in to change notification settings - Fork 245
/
libc_amd64.go
41 lines (33 loc) · 1023 Bytes
/
libc_amd64.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
//go:build amd64
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Apache License 2.0.
* See the file "LICENSE" for details.
*/
package tpbase
import (
"errors"
"unsafe"
)
// #cgo CFLAGS: -g -Wall
// #cgo LDFLAGS: -lZydis
// #include <stdlib.h>
// #include "libc_decode_amd64.h"
import "C"
func ExtractTSDInfoX64_64(code []byte) (TSDInfo, error) {
// function in order to properly analyze the code and deduce the fsbase offset.
// The underlying logic uses the zydis library, hence the cgo call.
val := uint32(C.decode_pthread_getspecific(
(*C.uint8_t)(unsafe.Pointer(&code[0])), C.size_t(len(code))))
if val == 0 {
return TSDInfo{}, errors.New("unable to determine libc info")
}
return TSDInfo{
Offset: int16(val & 0xffff),
Multiplier: uint8(val >> 16),
Indirect: uint8((val >> 24) & 1),
}, nil
}
func ExtractTSDInfoNative(code []byte) (TSDInfo, error) {
return ExtractTSDInfoX64_64(code)
}