[compiler-rt] r273176 - Add missing decoding patterns toRoundUpToInstrBoundary

Mon Jun 20 11:00:03 PDT 2016

Author: etienneb
Date: Mon Jun 20 13:00:03 2016
New Revision: 273176

URL: http://llvm.org/viewvc/llvm-project?rev=273176&view=rev
Log:
Add missing decoding patterns toRoundUpToInstrBoundary

Summary:
The RoundUpToInstrBoundary determines intructions boundary and it's used to determine how to patch (intercept) functions.

The current x64-bit implementation is incomplete. This patch is adding patterns observed when trying to sanitize a 64-bit executable on my computer.

Thw two current functions not intercepted are:
```
RaiseExceptionStub:
000000007720C3B0 EB 06                jmp         RaiseException (07720C3B8h)  
000000007720C3B2 90                   nop  
000000007720C3B3 90                   nop  
000000007720C3B4 90                   nop  
000000007720C3B5 90                   nop  
000000007720C3B6 90                   nop  
000000007720C3B7 90                   nop  
RaiseException:
000000007720C3B8 FF 25 3A 18 09 00    jmp         qword ptr [__imp_RaiseException (07729DBF8h)]  
000000007720C3BE 8B 44 24 54          mov         eax,dword ptr [rsp+54h]  
000000007720C3C2 85 C0                test        eax,eax  
000000007720C3C4 0F 84 F5 05 00 00    je          Wow64NtCreateKey+12Fh (07720C9BFh)  
```

```
CreateThreadStub:
0000000077215A10 48 83 EC 48          sub         rsp,48h  
0000000077215A14 48 8B 44 24 78       mov         rax,qword ptr [rsp+78h]  
0000000077215A19 48 89 44 24 38       mov         qword ptr [rsp+38h],rax  
0000000077215A1E 8B 44 24 70          mov         eax,dword ptr [rsp+70h]  
```

Reviewers: rnk

Subscribers: wang0109, chrisha

Differential Revision: http://reviews.llvm.org/D21519

Modified:
    compiler-rt/trunk/lib/interception/interception_win.cc

Modified: compiler-rt/trunk/lib/interception/interception_win.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/interception/interception_win.cc?rev=273176&r1=273175&r2=273176&view=diff
==============================================================================

--- compiler-rt/trunk/lib/interception/interception_win.cc (original)
+++ compiler-rt/trunk/lib/interception/interception_win.cc Mon Jun 20 13:00:03 2016
@@ -121,6 +121,9 @@ static size_t RoundUpToInstrBoundary(siz
       case '\x57':  // 57 : push rdi
         cursor++;
         continue;
+      case '\x90':  // 90 : nop
+        cursor++;
+        continue;
       case '\xb8':  // b8 XX XX XX XX : mov eax, XX XX XX XX
         cursor += 5;
         continue;
@@ -168,6 +171,12 @@ static size_t RoundUpToInstrBoundary(siz
         continue;
     }
 
+    switch (*(unsigned int*)(code + cursor)) {
+      case 0x24448b48:  // 48 8b 44 24 XX : mov rax, qword ptr [rsp + 0xXX]
+        cursor += 5;
+        continue;
+    }
+
     // Check first 5 bytes.
     switch (0xFFFFFFFFFFull & *(unsigned long long*)(code + cursor)) {
       case 0x08245c8948:    // 48 89 5c 24 08 : mov QWORD PTR [rsp+0x8], rbx
@@ -176,6 +185,13 @@ static size_t RoundUpToInstrBoundary(siz
         continue;
     }
 
+    // Check 8 bytes.
+    switch (*(unsigned long long*)(code + cursor)) {
+      case 0x90909090909006EBull:  // JMP +6,  6x NOP
+        cursor += 8;
+        continue;
+    }
+
     // Unknown instructions!
     __debugbreak();
   }


