Skip to content

Commit 71cf4b6

Browse files
wfdewithwfdewith
committed
librasan: Simplify assembly patches
1 parent ec734c7 commit 71cf4b6

File tree

1 file changed

+48
-68
lines changed
  • libafl_qemu/librasan/asan/src/patch

1 file changed

+48
-68
lines changed

libafl_qemu/librasan/asan/src/patch/raw.rs

+48-68
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ impl Patch for RawPatch {
1919
if target == destination {
2020
Err(RawPatchError::IdentityPatch(target))?;
2121
}
22-
let patch = Self::get_patch(target, destination)?;
22+
let patch = Self::get_patch(target, destination);
2323

2424
// Mask the thumb mode indicator bit
2525
#[cfg(target_arch = "arm")]
@@ -34,108 +34,88 @@ impl Patch for RawPatch {
3434

3535
impl RawPatch {
3636
#[cfg(target_arch = "x86_64")]
37-
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
37+
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Vec<u8> {
3838
// mov rax, 0xdeadfacef00dd00d
3939
// jmp rax
40-
let insns = [
41-
[0x48, 0xb8, 0x0d, 0xd0, 0x0d, 0xf0, 0xce, 0xfa, 0xad, 0xde].to_vec(),
42-
[0xff, 0xe0].to_vec(),
40+
let addr = destination.to_ne_bytes();
41+
#[rustfmt::skip]
42+
let insns: &[&[u8]] = &[
43+
&[0x48, 0xb8], &addr,
44+
&[0xff, 0xe0],
4345
];
44-
let addr = destination.to_le_bytes();
45-
let insn0_mod = [
46-
insns[0][0],
47-
insns[0][1],
48-
addr[0],
49-
addr[1],
50-
addr[2],
51-
addr[3],
52-
addr[4],
53-
addr[5],
54-
addr[6],
55-
addr[7],
56-
]
57-
.to_vec();
58-
let insns_mod = [&insn0_mod, &insns[1]];
59-
Ok(insns_mod.into_iter().flatten().cloned().collect())
46+
insns.concat()
6047
}
6148

6249
#[cfg(target_arch = "x86")]
63-
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
50+
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Vec<u8> {
6451
// mov eax, 0xdeadface
6552
// jmp eax
66-
let insns = [
67-
[0xb8, 0xce, 0xfa, 0xad, 0xde].to_vec(),
68-
[0xff, 0xe0].to_vec(),
53+
let addr = destination.to_ne_bytes();
54+
#[rustfmt::skip]
55+
let insns: &[&[u8]] = &[
56+
&[0xb8], &addr,
57+
&[0xff, 0xe0],
6958
];
70-
let addr = destination.to_le_bytes();
71-
let insn0_mod = [insns[0][0], addr[0], addr[1], addr[2], addr[3]].to_vec();
72-
let insns_mod = [&insn0_mod, &insns[1]];
73-
Ok(insns_mod.into_iter().flatten().cloned().collect())
59+
insns.concat()
7460
}
7561

7662
#[cfg(target_arch = "arm")]
77-
fn get_patch(target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
63+
fn get_patch(target: GuestAddr, destination: GuestAddr) -> Vec<u8> {
64+
let addr = destination.to_ne_bytes();
7865
// If our target is in thumb mode
79-
if target & 1 == 1 {
66+
#[rustfmt::skip]
67+
let insns: &[&[u8]] = if target & 1 == 1 {
8068
// ldr ip, [pc, #2]
8169
// bx ip
8270
// .long 0xdeadface
83-
let insns = [
84-
[0xdf, 0xf8, 0x02, 0xc0].to_vec(),
85-
[0x60, 0x47].to_vec(),
86-
[0xce, 0xfa, 0xad, 0xde].to_vec(),
87-
];
88-
let addr = destination.to_ne_bytes().to_vec();
89-
let insns_mod = [&insns[0], &insns[1], &addr];
90-
Ok(insns_mod.into_iter().flatten().cloned().collect())
71+
&[
72+
&[0xdf, 0xf8, 0x02, 0xc0],
73+
&[0x60, 0x47],
74+
&addr,
75+
]
9176
} else {
9277
// ldr ip, [pc]
9378
// bx ip
9479
// .long 0xdeadface
95-
let insns = [
96-
[0x00, 0xc0, 0x9f, 0xe5].to_vec(),
97-
[0x1c, 0xff, 0x2f, 0xe1].to_vec(),
98-
[0xce, 0xfa, 0xad, 0xde].to_vec(),
99-
];
100-
let addr = destination.to_ne_bytes().to_vec();
101-
let insns_mod = [&insns[0], &insns[1], &addr];
102-
Ok(insns_mod.into_iter().flatten().cloned().collect())
103-
}
80+
&[
81+
&[0x00, 0xc0, 0x9f, 0xe5],
82+
&[0x1c, 0xff, 0x2f, 0xe1],
83+
&addr,
84+
]
85+
};
86+
insns.concat()
10487
}
10588

10689
#[cfg(target_arch = "aarch64")]
107-
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
90+
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Vec<u8> {
10891
// ldr x16, #8
10992
// br x16
11093
// .quad 0xdeadfacef00dd00d
111-
let insns = [
112-
[0x50, 0x00, 0x00, 0x58].to_vec(),
113-
[0x00, 0x02, 0x1f, 0xd6].to_vec(),
114-
[0x0d, 0xd0, 0x0d, 0xf0].to_vec(),
115-
[0xce, 0xfa, 0xad, 0xde].to_vec(),
94+
let addr = destination.to_ne_bytes();
95+
#[rustfmt::skip]
96+
let insns: &[&[u8]] = &[
97+
&[0x50, 0x00, 0x00, 0x58],
98+
&[0x00, 0x02, 0x1f, 0xd6],
99+
&addr
116100
];
117-
let addr = destination.to_ne_bytes().to_vec();
118-
let insns_mod = [&insns[0], &insns[1], &addr];
119-
Ok(insns_mod.into_iter().flatten().cloned().collect())
101+
insns.concat()
120102
}
121103

122104
#[cfg(target_arch = "powerpc")]
123-
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Result<Vec<u8>, RawPatchError> {
105+
fn get_patch(_target: GuestAddr, destination: GuestAddr) -> Vec<u8> {
124106
// lis 12, 0xdead
125107
// ori 12, 12, 0xface
126108
// mtctr 12
127109
// bctr
128-
let insns = [
129-
[0x3d, 0x80, 0xde, 0xad].to_vec(),
130-
[0x61, 0x8c, 0xfa, 0xce].to_vec(),
131-
[0x7d, 0x89, 0x03, 0xa6].to_vec(),
132-
[0x4e, 0x80, 0x04, 0x20].to_vec(),
110+
let addr = destination.to_ne_bytes();
111+
#[rustfmt::skip]
112+
let insns: &[&[u8]] = &[
113+
&[0x3d, 0x80], &addr[..2],
114+
&[0x61, 0x8c], &addr[2..],
115+
&[0x7d, 0x89, 0x03, 0xa6],
116+
&[0x4e, 0x80, 0x04, 0x20],
133117
];
134-
let addr = destination.to_be_bytes().to_vec();
135-
let insn0_mod = [insns[0][0], insns[0][1], addr[0], addr[1]].to_vec();
136-
let insn1_mod = [insns[1][0], insns[1][1], addr[2], addr[3]].to_vec();
137-
let insns_mod = [&insn0_mod, &insn1_mod, &insns[2], &insns[3]];
138-
Ok(insns_mod.into_iter().flatten().cloned().collect())
118+
insns.concat()
139119
}
140120
}
141121

0 commit comments

Comments
 (0)