ed/raddebugger
1
0
Fork 0
mirror of https://github.com/Ed94/raddebugger.git synced 2026-06-13 07:32:23 -07:00
Code Issues Packages Projects Releases Wiki Activity

add shadow stack register and read it in win32 thread context

Browse Source
This commit is contained in:
Mārtiņš Možeiko
2025-08-19 18:53:47 -07:00
committed by Ryan Fleury
parent c35c14dadb
commit d8bb8c76c6
7 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/demon/win32/demon_core_win32.c
+14 -2
View File
@@ -690,7 +690,7 @@ dmn_w32_thread_read_reg_block(Arch arch, HANDLE thread, void *reg_block)
//- rjf: unpack info about available features
U32 feature_mask = GetEnabledXStateFeatures();
B32 xstate_enabled = (feature_mask & (XSTATE_MASK_AVX | XSTATE_MASK_AVX512)) != 0;
B32 xstate_enabled = (feature_mask & (XSTATE_MASK_AVX | XSTATE_MASK_AVX512 | XSTATE_MASK_CET_U)) != 0;
//- rjf: set up context
CONTEXT *ctx = 0;
@@ -709,7 +709,7 @@ dmn_w32_thread_read_reg_block(Arch arch, HANDLE thread, void *reg_block)
//- rjf: unpack features available on this context
if (xstate_enabled)
{
SetXStateFeaturesMask(ctx, XSTATE_MASK_AVX | XSTATE_MASK_AVX512);
SetXStateFeaturesMask(ctx, XSTATE_MASK_AVX | XSTATE_MASK_AVX512 | XSTATE_MASK_CET_U);
}
//- rjf: get thread context
@@ -866,6 +866,18 @@ dmn_w32_thread_read_reg_block(Arch arch, HANDLE thread, void *reg_block)
MemoryZero(zmm_d, sizeof(*zmm_d));
}
}
// CET / Shadow Stack
if(xstate_mask & XSTATE_MASK_CET_U)
{
DWORD cet_length = 0;
XSAVE_CET_U_FORMAT *cet = LocateXStateFeature(ctx, XSTATE_CET_U, &cet_length);
if (cet_length == sizeof(*cet))
{
dst->cetmsr.u64 = cet->Ia32CetUMsr;
dst->cetssp.u64 = cet->Ia32Pl3SspMsr;
}
}
scratch_end(scratch);
}break;
src/lib_rdi/rdi.h
+4
View File
@@ -293,6 +293,8 @@ RDI_RegCodeX64_fds = 97,
RDI_RegCodeX64_fip = 98,
RDI_RegCodeX64_fdp = 99,
RDI_RegCodeX64_mxcsr_mask = 100,
RDI_RegCodeX64_cetmsr = 101,
RDI_RegCodeX64_cetssp = 102,
} RDI_RegCodeX64Enum;
typedef RDI_U32 RDI_BinarySectionFlags;
@@ -765,6 +767,8 @@ X(fds, 97)\
X(fip, 98)\
X(fdp, 99)\
X(mxcsr_mask, 100)\
X(cetmsr, 101)\
X(cetssp, 102)\
#define RDI_TopLevelInfo_XList \
X(RDI_Arch, arch)\
src/rdi/rdi.mdesk
+2
View File
@@ -438,6 +438,8 @@ RDI_RegCodeX64Table:
{fip 98}
{fdp 99}
{mxcsr_mask 100}
{cetmsr 101}
{cetssp 102}
}
@enum(RDI_U32) RDI_Arch:
src/regs/generated/regs.meta.c
+9 -3
View File
@@ -103,7 +103,7 @@ case Arch_x86:{result = regs_g_alias_code_x86_usage_kind_table;}break;
return result;
}
C_LINKAGE_BEGIN
REGS_UsageKind regs_g_reg_code_x64_usage_kind_table[101] =
REGS_UsageKind regs_g_reg_code_x64_usage_kind_table[103] =
{
REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
@@ -206,6 +206,8 @@ REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
};
REGS_UsageKind regs_g_alias_code_x64_usage_kind_table[96] =
@@ -308,7 +310,7 @@ REGS_UsageKind_Normal,
REGS_UsageKind_Normal,
};
String8 regs_g_reg_code_x64_string_table[101] =
String8 regs_g_reg_code_x64_string_table[103] =
{
str8_lit_comp(""),
str8_lit_comp("rax"),
@@ -411,6 +413,8 @@ str8_lit_comp("k4"),
str8_lit_comp("k5"),
str8_lit_comp("k6"),
str8_lit_comp("k7"),
str8_lit_comp("cetmsr"),
str8_lit_comp("cetssp"),
};
String8 regs_g_alias_code_x64_string_table[96] =
@@ -513,7 +517,7 @@ str8_lit_comp("mm6"),
str8_lit_comp("mm7"),
};
REGS_Rng regs_g_reg_code_x64_rng_table[101] =
REGS_Rng regs_g_reg_code_x64_rng_table[103] =
{
{0},
{(U16)OffsetOf(REGS_RegBlockX64, rax), 8},
@@ -616,6 +620,8 @@ REGS_Rng regs_g_reg_code_x64_rng_table[101] =
{(U16)OffsetOf(REGS_RegBlockX64, k5), 8},
{(U16)OffsetOf(REGS_RegBlockX64, k6), 8},
{(U16)OffsetOf(REGS_RegBlockX64, k7), 8},
{(U16)OffsetOf(REGS_RegBlockX64, cetmsr), 8},
{(U16)OffsetOf(REGS_RegBlockX64, cetssp), 8},
};
REGS_Slice regs_g_alias_code_x64_slice_table[96] =
src/regs/generated/regs.meta.h
+7 -3
View File
@@ -109,6 +109,8 @@ REGS_RegCodeX64_k4,
REGS_RegCodeX64_k5,
REGS_RegCodeX64_k6,
REGS_RegCodeX64_k7,
REGS_RegCodeX64_cetmsr,
REGS_RegCodeX64_cetssp,
REGS_RegCodeX64_COUNT,
} REGS_RegCodeX64;
@@ -423,6 +425,8 @@ REGS_Reg64 k4;
REGS_Reg64 k5;
REGS_Reg64 k6;
REGS_Reg64 k7;
REGS_Reg64 cetmsr;
REGS_Reg64 cetssp;
};
typedef struct REGS_RegBlockX86 REGS_RegBlockX86;
@@ -491,11 +495,11 @@ REGS_Reg256 ymm7;
};
C_LINKAGE_BEGIN
extern REGS_UsageKind regs_g_reg_code_x64_usage_kind_table[101];
extern REGS_UsageKind regs_g_reg_code_x64_usage_kind_table[103];
extern REGS_UsageKind regs_g_alias_code_x64_usage_kind_table[96];
extern String8 regs_g_reg_code_x64_string_table[101];
extern String8 regs_g_reg_code_x64_string_table[103];
extern String8 regs_g_alias_code_x64_string_table[96];
extern REGS_Rng regs_g_reg_code_x64_rng_table[101];
extern REGS_Rng regs_g_reg_code_x64_rng_table[103];
extern REGS_Slice regs_g_alias_code_x64_slice_table[96];
extern REGS_UsageKind regs_g_reg_code_x86_usage_kind_table[61];
extern REGS_UsageKind regs_g_alias_code_x86_usage_kind_table[36];
src/regs/rdi/generated/regs_rdi.meta.c
+4
View File
@@ -114,6 +114,8 @@ case REGS_RegCodeX64_k4:{result = RDI_RegCodeX64_k4;}break;
case REGS_RegCodeX64_k5:{result = RDI_RegCodeX64_k5;}break;
case REGS_RegCodeX64_k6:{result = RDI_RegCodeX64_k6;}break;
case REGS_RegCodeX64_k7:{result = RDI_RegCodeX64_k7;}break;
case REGS_RegCodeX64_cetmsr:{result = RDI_RegCodeX64_cetmsr;}break;
case REGS_RegCodeX64_cetssp:{result = RDI_RegCodeX64_cetssp;}break;
}
}break;
case Arch_x86:
@@ -297,6 +299,8 @@ case RDI_RegCodeX64_k4:{result = REGS_RegCodeX64_k4;}break;
case RDI_RegCodeX64_k5:{result = REGS_RegCodeX64_k5;}break;
case RDI_RegCodeX64_k6:{result = REGS_RegCodeX64_k6;}break;
case RDI_RegCodeX64_k7:{result = REGS_RegCodeX64_k7;}break;
case RDI_RegCodeX64_cetmsr:{result = REGS_RegCodeX64_cetmsr;}break;
case RDI_RegCodeX64_cetssp:{result = REGS_RegCodeX64_cetssp;}break;
}
}break;
case Arch_x86:
src/regs/regs.mdesk
+2
View File
@@ -107,6 +107,8 @@ REGS_RegTableX64:
{k5 64 Normal}
{k6 64 Normal}
{k7 64 Normal}
{cetmsr 64 Normal}
{cetssp 64 Normal}
}
@table(name base off size usage)