堆栈内存溢出
  简体   繁体   English

如何在 linux x86_64 上模拟 iret

[英]how to simulate a iret on linux x86_64

 原文  2012-08-01 09:22:08       linux/ assembly/ linux-kernel/ x86

问题描述

I am writing a debugger based on Intel VT.我正在编写一个基于 Intel VT 的调试器。

As the iret instruction's performance in vmx-guest is changed while NMI-Exiting=1.由于 iret 指令在 vmx-guest 中的性能在 NMI-Exiting=1 时发生了变化。 So I should handle NMI in the vmx-host myself,otherwise,guest will have nmi reentrant bugs.所以我应该自己在vmx-host中处理NMI,否则,guest会有nmi reentrant bugs。

I checked the Intel manual :我检查了英特尔手册:

While an NMI interrupt handler is executing, the processor disables additional calls to the NMI handler until the next IRET instruction is executed.在执行 NMI 中断处理程序时,处理器会禁用对 NMI 处理程序的额外调用,直到执行下一条 IRET 指令。 This blocking of subse-quent NMIs prevents stacking up calls to the NMI handler.这种对后续 NMI 的阻塞防止了对 NMI 处理程序的调用堆积。

So I am trying to simulate a iret in the vmx-host myself.所以我试图自己在 vmx-host 中模拟一个 iret。 the CPL remains ring0 and keep stack and code segment no change. CPL 保持 ring0 并保持堆栈和代码段不变。

I write a sample code below,it was after vmx-exit caused by NMI:我在下面写了一个示例代码,它是在 NMI 导致的 vmx-exit 之后:

asm volatile(
    "pushfq \n\t"
    "mov %%cs.%%ax \n\t"
    "push  %%rax\n\t"
    "mov $._restart_code,%%rax \n\t"
    "push %%rax \n\t"
    "iret \n\t"/*manully iret in the host before vmx-entry.*/
    "._restart_code:"
    "nop":);

Anyone can show some guides?任何人都可以显示一些指南?

1 个解决方案

解决方案1
 0  2022-07-23 05:15:37

Looks like your code is missing pushing SS and RSP.看起来您的代码缺少推送 SS 和 RSP。 Here is my code for both i386 and x86_64: https://github.com/lxylxy123456/uberxmhf/blob/6b56acef71528b29e503ec66a2d305ba1b0c65f9/xmhf/src/xmhf-core/xmhf-runtime/xmhf-smpguest/arch/x86/vmx/smpg-x86vmx.c#L500这是 i386 和 x86_64 的代码: https ://github.com/lxylxy123456/uberxmhf/blob/6b56acef71528b29e503ec66a2d305ba1b0c65f9/xmhf/src/xmhf-core/xmhf-runtime/xmhf-smpguest/arch/x86/vmx/smpg x86vmx.c#L500

void xmhf_smpguest_arch_x86vmx_unblock_nmi(void) {
#ifdef __AMD64__
    asm volatile (
        "movq    %%rsp, %%rsi   \r\n"
        "xorq    %%rax, %%rax   \r\n"
        "movw    %%ss, %%ax     \r\n"
        "pushq   %%rax          \r\n"
        "pushq   %%rsi          \r\n"
        "pushfq                 \r\n"
        "xorq    %%rax, %%rax   \r\n"
        "movw    %%cs, %%ax     \r\n"
        "pushq   %%rax          \r\n"
        "pushq   $1f            \r\n"
        "iretq                  \r\n"
        "1: nop                 \r\n"
        : // no output
        : // no input
        : "%rax", "%rsi", "cc", "memory");
#elif defined(__I386__)
    asm volatile (
        "pushfl                 \r\n"
        "xorl    %%eax, %%eax   \r\n"
        "movw    %%cs, %%ax     \r\n"
        "pushl   %%eax          \r\n"
        "pushl   $1f            \r\n"
        "iretl                  \r\n"
        "1: nop                 \r\n"
        : // no output
        : // no input
        : "%eax", "cc", "memory");
#else /* !defined(__I386__) && !defined(__AMD64__) */
    #error "Unsupported Arch"
#endif /* !defined(__I386__) && !defined(__AMD64__) */
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Linux x86_64 系统上获取 VDSO 的大小 - How to get the size of the VDSO on a Linux x86_64 system x86_64 Linux 系统调用参数 - x86_64 Linux syscall arguments 如何使用ptrace(linux,x86 / x86_64)获得“回溯”(如gdb) - How to get a “backtrace” (like gdb) using only ptrace (linux, x86/x86_64) 使用 64 位 Linux 在汇编中为 x86_64 编写 putchar? - Writing a putchar in Assembly for x86_64 with 64 bit Linux? 在 x86 (32bit) Linux 上启动 x86_64 代码,在 x86_64 CPU 上运行 - Start x86_64 code on x86 (32bit) Linux, running on x86_64 CPU x86_64上的缓冲区溢出 - 返回libc攻击(linux) - buffer overflow on x86_64 - return to libc attack (linux) Linux x86_64 汇编套接字编程 - Linux x86_64 assembly socket programming 适用于i386和x86_64的Linux单个二进制文件 - Linux single binary for i386 and x86_64 来自x86_64 Linux中的内联asm的Syscall? - Syscall from inline asm in x86_64 Linux? 在linux x86_64程序集中生成一个shell - spawning a shell in linux x86_64 assembly
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM