SUPR3HardenedMainA-win.asm revision 8302394f164acb4adb187954f6ac8ef7a9efa629
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; $Id$
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;; @file
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; VirtualBox Support Library - Hardened main(), Windows assembly bits.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; Copyright (C) 2012-2014 Oracle Corporation
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; This file is part of VirtualBox Open Source Edition (OSE), as
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; available from http://www.virtualbox.org. This file is free software;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; you can redistribute it and/or modify it under the terms of the GNU
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; General Public License (GPL) as published by the Free Software
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; Foundation, in version 2 as it comes in the "COPYING" file of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; VirtualBox OSE distribution. VirtualBox OSE is distributed in the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; The contents of this file may alternatively be used under the terms
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; of the Common Development and Distribution License Version 1.0
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; (CDDL) only, as it comes in the "COPYING.CDDL" file of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; VirtualBox OSE distribution, in which case the provisions of the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; CDDL are applicable instead of those of the GPL.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; You may elect to license modified versions of this file under the
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; terms and conditions of either the GPL or the CDDL or both.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;*******************************************************************************
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;* Header Files *
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;*******************************************************************************
8302394f164acb4adb187954f6ac8ef7a9efa629vboxsync%define RT_ASM_WITH_SEH64
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync%include "iprt/asmdefs.mac"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; External data.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncextern NAME(g_pfnNtCreateSectionJmpBack)
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsyncBEGINCODE
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; 64-bit
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync%ifdef RT_ARCH_AMD64
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %macro supR3HardenedJmpBack_NtCreateSection_Xxx 1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync BEGINPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
8302394f164acb4adb187954f6ac8ef7a9efa629vboxsync SEH64_END_PROLOGUE
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ; The code we replaced.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync mov r10, rcx
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync mov eax, %1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ; Jump back to the original code.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync jmp [NAME(g_pfnNtCreateSectionJmpBack) wrt RIP]
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ENDPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %endm
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %define SYSCALL(a_Num) supR3HardenedJmpBack_NtCreateSection_Xxx a_Num
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %include "NtCreateSection-template-amd64-syscall-type-1.h"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync%endif
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync; 32-bit.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync;
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync%ifdef RT_ARCH_X86
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %macro supR3HardenedJmpBack_NtCreateSection_Xxx 1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync BEGINPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ; The code we replaced.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync mov eax, %1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ; Jump back to the original code.
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync jmp [NAME(g_pfnNtCreateSectionJmpBack)]
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync ENDPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %endm
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %define SYSCALL(a_Num) supR3HardenedJmpBack_NtCreateSection_Xxx a_Num
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync %include "NtCreateSection-template-x86-syscall-type-1.h"
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync%endif
13493ab7596e827b8d0caab2c89e635dd65f78f9vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync;;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync; Composes a standard call name.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%ifdef RT_ARCH_X86
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync %define SUPHNTIMP_STDCALL_NAME(a,b) _ %+ a %+ @ %+ b
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%else
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync %define SUPHNTIMP_STDCALL_NAME(a,b) NAME(a)
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%endif
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync;;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync; Import data and code for an API call.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync; @param 1 The plain API name.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync; @param 2 The parameter frame size on x86. Multiple of dword.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync; @param 3 Non-zero expression if system call.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%define SUPHNTIMP_SYSCALL 1
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%macro SupHardNtImport 3
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ; The data.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncBEGINDATA
74f7805911fff84c2dec0fb3b727ef9ddc4df8b0vboxsyncglobal __imp_ %+ SUPHNTIMP_STDCALL_NAME(%1,%2) ; The import name used via dllimport.
74f7805911fff84c2dec0fb3b727ef9ddc4df8b0vboxsync__imp_ %+ SUPHNTIMP_STDCALL_NAME(%1,%2):
74f7805911fff84c2dec0fb3b727ef9ddc4df8b0vboxsyncGLOBALNAME g_pfn %+ %1 ; The name we like to refer to.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync RTCCPTR_DEF 0
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%if %3
74f7805911fff84c2dec0fb3b727ef9ddc4df8b0vboxsyncGLOBALNAME g_uApiNo %+ %1
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync RTCCPTR_DEF 0
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%endif
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ; The code: First a call stub.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncBEGINCODE
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncglobal SUPHNTIMP_STDCALL_NAME(%1, %2)
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncSUPHNTIMP_STDCALL_NAME(%1, %2):
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync jmp RTCCPTR_PRE [NAME(g_pfn %+ %1) xWrtRIP]
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%if %3
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ; Make system calls.
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ;
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync %ifdef RT_ARCH_AMD64
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncBEGINPROC %1 %+ _SyscallType1
8302394f164acb4adb187954f6ac8ef7a9efa629vboxsync SEH64_END_PROLOGUE
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov r10, rcx
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync syscall
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ret
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncENDPROC %1 %+ _SyscallType1
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync %else
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncBEGINPROC %1 %+ _SyscallType1
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov edx, 07ffe0300h ; SharedUserData!SystemCallStub
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
0b8ed19cf8df49d6fcd144b43ae4af5c21316ce9vboxsync call dword [edx]
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ret %2
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncENDPROC %1 %+ _SyscallType1
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncBEGINPROC %1 %+ _SyscallType2
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync push .return
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov edx, esp
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync sysenter
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync add esp, 4
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync.return:
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync ret %2
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsyncENDPROC %1 %+ _SyscallType2
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync %endif
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%endif
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%endmacro
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%define SUPHARNT_COMMENT(a_Comment)
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%define SUPHARNT_IMPORT_SYSCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, SUPHNTIMP_SYSCALL
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%define SUPHARNT_IMPORT_STDCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, 0
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%include "import-template-ntdll.h"
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync%include "import-template-kernel32.h"
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45vboxsync
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync;
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync; For simplified LdrLoadDll patching we define a special writable, readable and
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync; exectuable section of 4KB where we can put jump back code.
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync;
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsyncsection .rwxpg bss execute read write align=4096
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsyncGLOBALNAME g_abSupHardReadWriteExecPage
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync resb 4096
a60be2c64ea23bb7ce4c9998bcd541c4db879fbavboxsync