GLOBAL VOID LOOPNE16 IFN1( IU32, rel_offset ) { SET_CX(GET_CX() - 1); if ( GET_CX() != 0 && !GET_ZF() ) update_relative_ip(rel_offset); }
static void libbf_save_state(DynAllocDesc* desc, void* ptr) { cast_ptr_to_context(ptr, context); long pagesize = libbf_getpagesize(); long regIP = (long)GET_IP(context); int relative_ip = regIP - (long)desc->current_executable_code; void* data_ptr = (void*)GET_DATA_PTR_REG(context); void* base_data_ptr = desc->executableCodeData.base_data_ptr; int relative_data_ptr = (long)data_ptr - (long)base_data_ptr; /* Restore regular protection for user data pages */ int ret = libbf_mprotect(desc->current_mem, (COUNT_LOW_ACT_HIGH_PAGES(desc)) * pagesize, PROT_READ | PROT_WRITE); if (ret != 0) fatal("mprotect failed\n"); assert (regIP >= (long)desc->current_executable_code && regIP < (long)desc->current_executable_code + desc->size_of_executable_code); #if defined(__i386__) { int eax = GET_AX(context); int ebx = GET_BX(context); int ecx = GET_CX(context); int edx = GET_DX(context); int flags = GET_FL(context); int i; unsigned char* c = (unsigned char*) desc->current_executable_code; FILE* f; if (desc->options->suspend_file && (f = fopen(desc->options->suspend_file, "wb")) != NULL) { fwrite(desc->current_executable_code, desc->size_of_executable_code, 1, f); fwrite(&relative_ip, sizeof(int), 1, f); fwrite(&eax, sizeof(int), 1, f); fwrite(&ebx, sizeof(int), 1, f); fwrite(&ecx, sizeof(int), 1, f); fwrite(&edx, sizeof(int), 1, f); fwrite(&flags, sizeof(int), 1, f); fwrite(&relative_data_ptr, sizeof(int), 1, f); fwrite(&desc->count_active_pages, sizeof(int), 1, f); fwrite(base_data_ptr, desc->count_active_pages * pagesize, 1, f); fclose(f); } else { warning("Can't write in suspend file\n"); } /* seek : 83 c4 0c add $12,%esp */ for(i=desc->size_of_executable_code-3-1;i>=0;i--) { if (c[i] == 0x83 && c[i+1] == 0xc4 && c[i+2] == 4*3) { GET_IP(context) = (int)(c + i); return; } } SHOULDNT_HAPPEN(); } #else { long rax = GET_AX(context); long rdi = GET_DI(context); long rsi = GET_SI(context); long rcx = GET_CX(context); long rdx = GET_DX(context); long flags = GET_FL(context); int i; unsigned char* c = (unsigned char*) desc->current_executable_code; FILE* f; if (desc->options->suspend_file && (f = fopen(desc->options->suspend_file, "wb")) != NULL) { fwrite(desc->current_executable_code, desc->size_of_executable_code, 1, f); fwrite(&relative_ip, sizeof(int), 1, f); fwrite(&rax, sizeof(rax), 1, f); fwrite(&rdi, sizeof(rdi), 1, f); fwrite(&rsi, sizeof(rsi), 1, f); fwrite(&rcx, sizeof(rcx), 1, f); fwrite(&rdx, sizeof(rdx), 1, f); fwrite(&flags, sizeof(flags), 1, f); fwrite(&relative_data_ptr, sizeof(int), 1, f); fwrite(&desc->count_active_pages, sizeof(int), 1, f); fwrite(base_data_ptr, desc->count_active_pages * pagesize, 1, f); fclose(f); } else { warning("Can't write in suspend file\n"); } /* seek : 48 83 c4 18 add $24,%rsp */ for(i=desc->size_of_executable_code-4-1;i>=0;i--) { if (c[i] == 0x48 && c[i+1] == 0x83 && c[i+2] == 0xc4 && c[i+3] == 8*3) { GET_IP(context) = (long)(c + i); return; } } SHOULDNT_HAPPEN(); } #endif }