search

beehive-lab / mambo

A low-overhead dynamic binary instrumentation and modification tool for ARM (both AArch32 and AArch64 support) and RISC-V (RV64GC).
Apache License 2.0
318 stars 69 forks source link

clone3 handling for ARM and RISC-V #119

Closed jkressel closed 5 months ago

jkressel commented 6 months ago

This commit adds handling for the clone3 syscall

Where clone takes all parameters as arguments, clone3 accepts arguments packaged in a struct clone_args. As a result, handling differs from clone handling since we first need to unpack clone_args into mambo's struct sys_clone_args.

IMPORTANT: the child stack pointer passed to clone points to the bottom of the child stack. The child stack pointer passed to clone3 points to the top of the child stack and needs to be manually set to point to the bottom of the stack.

IgWod commented 5 months ago

Looks good to me! Thanks for fixing compiler warnings!