Changeset 2508Tweet

Timestamp:

07/01/08 01:26:46 (5 years ago)

Author:

sam

Message:

• Fix memcpy_from_target() and memcpy_to_target() alignment issues.

File:

• neercs/trunk/src/grab.c (modified) (4 diffs)

neercs/trunk/src/grab.c

@@ -112 +112 @@
 }
 
-/* FIXME: this function and the following have alignment issues */
-static int memcpy_from_target(pid_t pid, void* dest, long src, size_t n)
-{
-    long *d = (long*)dest;
-    unsigned int i;
-
-    for(i = 0; i < n / sizeof(long); i++)
-    {
-        d[i] = ptrace(PTRACE_PEEKTEXT, pid, src + i * sizeof(long), 0);
+static int memcpy_from_target(pid_t pid, char* dest, long src, size_t n)
+{
+    while(n)
+    {
+        long data;
+        int align = sizeof(long) - 1;
+        size_t todo = sizeof(long) - (src & align);
+
+        if(n < todo)
+            todo = n;
+
+        data = ptrace(PTRACE_PEEKTEXT, pid, src - (src & align), 0);
         if(errno)
         {
@@ -126 +129 @@
             return -1;
         }
-    }
+        memcpy(dest, (char *)&data + (src & align), todo);
+
+        dest += todo;
+        src += todo;
+        n -= todo;
+    }
+
     return 0;
 }
 
-static int memcpy_into_target(pid_t pid, long dest, void* src, size_t n)
-{
-    long *s = (long*) src;
-    unsigned int i;
-
-    for(i = 0; i < n / sizeof(long); i++)
-    {
-        if(ptrace(PTRACE_POKETEXT, pid, dest + i * sizeof(long), s[i]) == -1)
+static int memcpy_into_target(pid_t pid, long dest, char* src, size_t n)
+{
+    while(n)
+    {
+        long data;
+        int align = sizeof(long) - 1;
+        size_t todo = sizeof(long) - (dest & align);
+
+        if(n < todo)
+            todo = n;
+        if(todo != sizeof(long))
+        {
+            data = ptrace(PTRACE_PEEKTEXT, pid, dest - (dest & align), 0);
+            if(errno)
+            {
+                perror("ptrace_peektext");
+                return -1;
+            }
+        }
+
+        memcpy((char *)&data + (dest & align), src, todo);
+        ptrace(PTRACE_POKETEXT, pid, dest - (dest & align), data);
+        if(errno)
         {
             perror("ptrace_poketext");
             return -1;
         }
-    }
+
+        src += todo;
+        dest += todo;
+        n -= todo;
+    }
+
     return 0;
 }
@@ -247 +276 @@
 static int do_open(pid_t pid, char *path, int mode)
 {
-    char path_data[4096], backup_data[4096];
+    char backup_data[4096];
     struct user_regs_struct regs;
-    long target_data;
-    size_t size = (strlen(path) + sizeof(long)) & ~(sizeof(long) - 1L);
+    size_t size = strlen(path) + 1;
     int ret;
 
@@ -259 +287 @@
     }
 
-    target_data = (regs.RSP - size) & ~(sizeof(long) - 1L);
-
     /* Backup the data that we will use */
-    if(memcpy_from_target(pid, backup_data, target_data, size) < 0)
+    if(memcpy_from_target(pid, backup_data, regs.RSP, size) < 0)
         return -1;
 
     /* +4 (or 8) because it's truncated on a multiple of 4 (or 8)
      * and we need 1 */
-    sprintf(path_data, "%s", path);
-    memcpy_into_target(pid, target_data, path_data, size);
-
-    ret = do_syscall(pid, SYS_open, target_data, O_RDWR, 0755);
+    sprintf(path, "%s", path);
+    memcpy_into_target(pid, regs.RSP, path, size);
+
+    ret = do_syscall(pid, SYS_open, regs.RSP, O_RDWR, 0755);
 
     /* Restore the datas */
-    memcpy_into_target(pid, target_data, backup_data, size);
+    memcpy_into_target(pid, regs.RSP, backup_data, size);
 
     if(ret < 0)