Closed dannyp303 closed 1 year ago
Figured I would leave the IRSB for the current code
t0:Ity_I64 t1:Ity_I64 t2:Ity_I64 t3:Ity_I16 t4:Ity_I16 t5:Ity_I64 t6:Ity_I64 t7:Ity_I64
00 | ------ IMark(0x4134, 1, 0) ------
01 | t0 = GET:I64(rsp)
02 | t1 = LDle:I64(t0)
03 | t5 = Add64(t0,0x0000000000000008)
04 | t4 = LDle:I16(t5)
05 | t2 = Add64(t0,0x000000000000000a)
06 | PUT(rsp) = t2
07 | PUT(cs_seg) = t4
08 | t6 = Sub64(t0,0x0000000000000080)
09 | ====== AbiHint(0xt6, 128, t1) ======
NEXT: PUT(rip) = t1; Ijk_Ret
}
Looks great, thanks!
This is the simplest possible form of RETF for my current use case.
The difference between this implementation and the RET implementation is RETF additionally pops R_CS from the stack.
To complete the implementation RETF should check for protected_mode (currently unimplemented in AMD64) and if protected, check the privilege level of the code segment using the selector (Also unimplemented in AMD64). Additional values are popped from the stack if the PL is different from the current one, making this impl invalid for that scenario.
See this explination of the RETF procedure from The AMD64 user manual
Protected mode and segment selectors are implemented in x86 already, they should be at least similar.