Summary:
In a 32-bit address space, PC-relative jump targets are wrapped, so a
direct branch at 0x90000001 can reach address 0x10000000 with a
displacement of 0x7FFFFFFFF. This can happen in applications, such as
Chrome, that are linked with /LARGEADDRESSAWARE.
Reviewers: etienneb
Subscribers: mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D26650
llvm-svn: 286997
Summary:
This patch is fixing a broken unittest which make the win64 bot failing.
The bug was introduce here:
https://reviews.llvm.org/D23046
The interception code is not the same in 32-bit and in 64-bit.
The added unittest can only be patched on 32-bits.
Reviewers: rnk
Subscribers: llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D23099
llvm-svn: 277560
Summary:
On my install of Windows 10, RaiseException is a tail call to
kernelbase!RaiseException. Obviously, we fail to intercept that.
Instead, try hooking at the ntdll!RtlRaiseException layer. It is
unlikely that this layer will contain control flow.
Intercepting at this level requires adding a decoding for
'LEA ESP, [ESP + 0xXXXXXXXX]', which is a really obscure way to write
'SUB ESP, 0xXXXXXXXX' that avoids clobbering EFLAGS.
Reviewers: etienneb
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D23046
llvm-svn: 277518
mov edi,edi is _not_ NOP in 64-bit, use 66,90h instead.
This bug was causing interception unittest to crash on
Windows64 (windows 8 and windows 10).
Credits to etienneb for finding the root cause.
Patch by: Wei Wang
Differential Revision: http://reviews.llvm.org/D22274
llvm-svn: 275207
Summary:
This is a cleanup and refactoring of the interception code on windows
Enhancement:
* Adding the support for 64-bits code
* Adding several hooking technique:
* Detour
* JumpRedirect
* HotPatch
* Trampoline
* Adding a trampoline memory pool (64-bits) and release the allocated memory in unittests
Cleanup:
* Adding unittests for 64-bits hooking techniques
* Enhancing the RoundUpInstruction by sharing common decoder
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D22111
llvm-svn: 275123
Summary:
This patch is adding more unittests for testing the interception
of 32-bits code.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D22077
llvm-svn: 274775
Summary:
The CMake generation is not working on Apple.
This patch is disabling the generation until it's fixed.
Reviewers: rnk
Subscribers: tberghammer, chrisha, danalbert, llvm-commits, srhines
Differential Revision: http://reviews.llvm.org/D22066
llvm-svn: 274667
Reid Kleckner