Lets see what generates gcc for arm64 - for example gcc7.5 and linux kernel
Function do_sysinstr:
ADRP X0, #__func__.48604@PAGE ; "arm64_show_signal"
ADD X0, X0, #__func__.48604@PAGEOFF
ADRP X3, #ctr_read_handler@PAGE
ADD X0, X0, #0x218
ADD X3, X3, #ctr_read_handler@PAGEOFF
Wtf happened here? Instead of loading x0 with address of sys64_hooks we have two consecutive loads and no value x0 used between. You can peek some random functions - this is very common pattern, I personally think this is bug in gcc arm64 codegen. Anyway, it does not allow to see right xrefs so I wrote simple plugin for IDA Pro to fix this
Plugin just try to find instructions "add add reg, reg, imm" without data xref and backtrack if this register was loaded somewhere above - sure code is not sample of elegance. You can add to plugins.cfg string like this
process_all_poor_gcc_functions poorgcc64 0 1
Some results - after applying plugin to function do_sysinstr code looks like:
ADRP X0, #__func__.48604@PAGE ; "arm64_show_signal"
ADD X0, X0, #__func__.48604@PAGEOFF
ADRP X3, #ctr_read_handler@PAGE
ADD X0, X0, #0x218 ; FFFFFFC010C116C8
ADD X3, X3, #ctr_read_handler@PAGEOFF
FFFFFFC010C116C8 is address of sys64_hooks and now it has right xref
Комментариев нет:
Отправить комментарий