0

I'm not really experienced with x86 assembler and try to debug a problem related to a bug in mach_inject.

The original code looks like this (function mach_inject in mach_inject.c):

#if defined(__x86_64__)
        imageOffset = 0; // RIP-relative addressing
#else
        ASSERT_CAST( void*, remoteCode );
        imageOffset = ((void*) remoteCode) - image;
#endif

and then somewhat later (function INJECT_ENTRY of mach_inject_bundle_stub.c):

pthread_create( &thread,
                &attr,
                (void* (*)(void*))((long)some_local_function + imageOffset),
                (void*) param );

It seems, for me, when I compile this for x86, it fails. If I change the code so that I have imageOffset = 0; on just every architecture (i.e. also for x86), it all works fine.

So, some questions:

  • RIP-relative addressing is also available for 32bit/x86 mode?
  • What was (probably) the initial intention for this code if we anyway have also RIP-relative addressing for 32bit mode?
  • Is RIP-relative addressing a compiler setting? Or in what way can I control if my code uses RIP-relative addressing or not? (Or more related to this bug: Is imageOffset = 0; always correct? Or when is it not?)
Albert
  • 65,406
  • 61
  • 242
  • 386
  • A brief scan of the source code seems to indicate that `imageOffset` is passed as the first parameter to the injected code, so I'm not sure how it relates to RIP-relative addressing (which doesn't exist in 32-bit mode). – user786653 Sep 07 '11 at 14:36
  • @user786653: I extended it a bit. – Albert Sep 07 '11 at 15:29
  • Maybe I'm not getting the code (could you add some file:line number references so it's possible to follow along?), but isn't it `threadEntryOffset` rather than `imageOffset` that's used to determine the entry point? To me it still looks like imageOffset is only used as the first parameter to `thread_create_running`. – user786653 Sep 07 '11 at 15:42
  • @user786653: Yes. The function called by `thread_create_running` gets called correctly. In my case, it is that `INJECT_ENTRY` of mach_inject_bundle_stub.c. In that file, you see several places where the adress of local functions is modified by the `imageOffset` (like the posted code). – Albert Sep 07 '11 at 16:15
  • 1
    Ah, now I see it. If mach_inject_bundle_stub gets compiled position independently I don't think `imageOffset` should be needed (not 100% sure though and I don't know how to check how the different stuff is getting compiled/linked). – user786653 Sep 07 '11 at 16:35

0 Answers0