Add support for hooking functions with more than 6 arguments (#5)

This makes a copy of on-stack arguments before calling the hook function so it's possible to access them.
milabs · Jun 9, 2019 · a6e7f39 · a6e7f39
1 parent 5fb1918
commit a6e7f39
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 6 deletions.
diff --git a/khook/internal.h b/khook/internal.h
@@ -31,7 +31,7 @@ typedef struct {
 		unsigned char orig[0];
 	};
 	union {
-		unsigned char _0x30_[ 0x40 ];
+		unsigned char _0x30_[ 0x80 ];
 		unsigned char hook[0];
 	};
 #pragma pack(pop)

diff --git a/khook/x86/stub.S b/khook/x86/stub.S
@@ -16,11 +16,30 @@ KHOOK_STUB_orig:
 	.byte 0x00
 	.endr
 
+#
+# Hooking of function with more than N arguments requires us to
+# make a local copy of all arguments starting from N as they are
+# passed through the stack as per the ABI.
+#
+# TODO: x86-32 implementation of CALL_COPY_N_ARGS macro
+#
+
 #ifdef __x86_64__
-KHOOK_STUB_hook:
-	lock incl KHOOK_STUB_atomic_use_count(%rip)
+.macro CALL_COPY_N_ARGS n
+	sub $(\n * 8), %rsp
+	.set i, 0
+	.rept \n
+		mov ((\n + i + 1) * 8)(%rsp), %rax
+		mov %rax, (i * 8)(%rsp)
+		.set i, i + 1
+	.endr
 	movabs $0xcacacacacacacaca, %rax
 	call *%rax
+	add $(\n * 8), %rsp
+.endm
+KHOOK_STUB_hook:
+	lock incl KHOOK_STUB_atomic_use_count(%rip)
+	CALL_COPY_N_ARGS 8
 	lock decl KHOOK_STUB_atomic_use_count(%rip)
 	ret
 #else

diff --git a/khook/x86/stub.inc b/khook/x86/stub.inc
@@ -2,6 +2,13 @@
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0xf0, 0xff, 0x05, 0xc9, 0xff, 0xff, 0xff, 0x48, 0xb8, 0xca, 0xca, 0xca,
-  0xca, 0xca, 0xca, 0xca, 0xca, 0xff, 0xd0, 0xf0, 0xff, 0x0d, 0xb6, 0xff,
-  0xff, 0xff, 0xc3
+  0xf0, 0xff, 0x05, 0xc9, 0xff, 0xff, 0xff, 0x48, 0x83, 0xec, 0x40, 0x48,
+  0x8b, 0x44, 0x24, 0x48, 0x48, 0x89, 0x04, 0x24, 0x48, 0x8b, 0x44, 0x24,
+  0x50, 0x48, 0x89, 0x44, 0x24, 0x08, 0x48, 0x8b, 0x44, 0x24, 0x58, 0x48,
+  0x89, 0x44, 0x24, 0x10, 0x48, 0x8b, 0x44, 0x24, 0x60, 0x48, 0x89, 0x44,
+  0x24, 0x18, 0x48, 0x8b, 0x44, 0x24, 0x68, 0x48, 0x89, 0x44, 0x24, 0x20,
+  0x48, 0x8b, 0x44, 0x24, 0x70, 0x48, 0x89, 0x44, 0x24, 0x28, 0x48, 0x8b,
+  0x44, 0x24, 0x78, 0x48, 0x89, 0x44, 0x24, 0x30, 0x48, 0x8b, 0x84, 0x24,
+  0x80, 0x00, 0x00, 0x00, 0x48, 0x89, 0x44, 0x24, 0x38, 0x48, 0xb8, 0xca,
+  0xca, 0xca, 0xca, 0xca, 0xca, 0xca, 0xca, 0xff, 0xd0, 0x48, 0x83, 0xc4,
+  0x40, 0xf0, 0xff, 0x0d, 0x5c, 0xff, 0xff, 0xff, 0xc3