mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Update util_asm.asm

This commit is contained in:
DavidXanatos 2022-01-05 14:06:01 +01:00
parent bf90bb539e
commit 6aea2af125
1 changed files with 89 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
Sandboxie/core/drv/util_asm.asm
View File

@ -234,34 +234,34 @@ EXTERN Token_SepFilterToken : QWORD
Sbie_SepFilterTokenHandler_asm PROC Sbie_SepFilterTokenHandler_asm PROC
mov qword ptr [rsp+20h],r9 mov qword ptr [rsp+20h],r9
mov qword ptr [rsp+18h],r8 mov qword ptr [rsp+18h],r8
mov qword ptr [rsp+10h],rdx mov qword ptr [rsp+10h],rdx
mov qword ptr [rsp+8],rcx mov qword ptr [rsp+8],rcx
sub rsp,78h sub rsp,78h
mov dword ptr [rsp+60h],0 mov dword ptr [rsp+60h],0
mov rax,qword ptr [rsp+0A0h] ; NewToken mov rax,qword ptr [rsp+0A0h] ; NewToken
mov qword ptr [rsp+50h],rax mov qword ptr [rsp+50h],rax
mov rax,qword ptr [rsp+098h] ; LengthIncrease mov rax,qword ptr [rsp+098h] ; LengthIncrease
mov qword ptr [rsp+48h],rax mov qword ptr [rsp+48h],rax
mov rax,qword ptr [rsp+090h] ; SidPtr mov rax,qword ptr [rsp+090h] ; SidPtr
mov qword ptr [rsp+40h],rax mov qword ptr [rsp+40h],rax
mov rax,qword ptr [rsp+088h] ; SidCount mov rax,qword ptr [rsp+088h] ; SidCount
mov qword ptr [rsp+38h],rax mov qword ptr [rsp+38h],rax
mov qword ptr [rsp+30h],0 mov qword ptr [rsp+30h],0
mov qword ptr [rsp+28h],0 mov qword ptr [rsp+28h],0
mov qword ptr [rsp+20h],0 mov qword ptr [rsp+20h],0
mov r9d,0 mov r9d,0
mov r8d,0 mov r8d,0
mov edx,0 mov edx,0
mov rcx,qword ptr [rsp+080h] ; TokenObject mov rcx,qword ptr [rsp+080h] ; TokenObject
call Token_SepFilterToken call Token_SepFilterToken
add rsp,78h add rsp,78h
ret ret
Sbie_SepFilterTokenHandler_asm ENDP Sbie_SepFilterTokenHandler_asm ENDP
@ -274,56 +274,56 @@ ifdef _WIN64
; NTSTATUS Sbie_InvokeSyscall_asm(void* func, ULONG count, void* args); ; NTSTATUS Sbie_InvokeSyscall_asm(void* func, ULONG count, void* args);
Sbie_InvokeSyscall_asm PROC FRAME Sbie_InvokeSyscall_asm PROC FRAME
; prolog ; prolog
push rsi push rsi
.allocstack 8 .pushreg rsi
push rdi push rdi
.allocstack 8 .pushreg rdi
sub rsp, 98h ; 8 * 19 - prepare enough stack for up to 19 arguments sub rsp, 98h ; 8 * 19 - prepare enough stack for up to 19 arguments
.allocstack 98h .allocstack 98h
.endprolog .endprolog
; quick sanity check ; quick sanity check
cmp rdx, 13h ; if count > 19 cmp rdx, 13h ; if count > 19
jle arg_count_ok jle arg_count_ok
mov rax, 0C000001Ch ; return STATUS_INVALID_SYSTEM_SERVICE mov rax, 0C000001Ch ; return STATUS_INVALID_SYSTEM_SERVICE
jmp func_return jmp func_return
arg_count_ok: arg_count_ok:
; save our 3 relevant arguments to spare registers ; save our 3 relevant arguments to spare registers
mov r11, r8 ; args mov r11, r8 ; args
mov r10, rdx ; count mov r10, rdx ; count
mov rax, rcx ; func mov rax, rcx ; func
; check if we have higher arguments and if not skip ; check if we have higher arguments and if not skip
cmp r10, 4 cmp r10, 4
jle copy_reg_args jle copy_reg_args
; copy arguments 5-19 ; copy arguments 5-19
mov rsi, r11 ; source mov rsi, r11 ; source
add rsi, 20h add rsi, 20h
mov rdi, rsp ; destination mov rdi, rsp ; destination
add rdi, 20h add rdi, 20h
mov rcx, r10 ; arg count mov rcx, r10 ; arg count
sub rcx, 4 ; skip the register passed args sub rcx, 4 ; skip the register passed args
rep movsq rep movsq
copy_reg_args: copy_reg_args:
; copy arguments 1-4 ; copy arguments 1-4
mov r9, qword ptr [r11+18h] mov r9, qword ptr [r11+18h]
mov r8, qword ptr [r11+10h] mov r8, qword ptr [r11+10h]
mov rdx, qword ptr [r11+08h] mov rdx, qword ptr [r11+08h]
mov rcx, qword ptr [r11+00h] mov rcx, qword ptr [r11+00h]
; call the function ; call the function
call rax call rax
func_return: func_return:
; epilog ; epilog
add rsp, 98h add rsp, 98h
pop rdi pop rdi
pop rsi pop rsi
ret ret
Sbie_InvokeSyscall_asm ENDP Sbie_InvokeSyscall_asm ENDP
@ -332,37 +332,37 @@ else
; NTSTATUS Sbie_InvokeSyscall_asm(void* func, ULONG count, void* args); ; NTSTATUS Sbie_InvokeSyscall_asm(void* func, ULONG count, void* args);
_Sbie_InvokeSyscall_asm@12 PROC _Sbie_InvokeSyscall_asm@12 PROC
; prolog ; prolog
push ebp push ebp
push esi push esi
push edi push edi
mov ebp, esp mov ebp, esp
sub esp, 4Ch ; 4 * 19 - prepare enough stack for up to 19 arguments sub esp, 4Ch ; 4 * 19 - prepare enough stack for up to 19 arguments
; quick sanity check ; quick sanity check
cmp dword ptr [ebp+10h+4h], 13h ; arg count @count cmp dword ptr [ebp+10h+4h], 13h ; arg count @count
jle arg_count_ok jle arg_count_ok
mov eax, 0C000001Ch ; return STATUS_INVALID_SYSTEM_SERVICE mov eax, 0C000001Ch ; return STATUS_INVALID_SYSTEM_SERVICE
jmp func_return jmp func_return
arg_count_ok: arg_count_ok:
; copy arguments 0-19 ; copy arguments 0-19
mov esi, dword ptr [ebp+10h+8h] ; source @args mov esi, dword ptr [ebp+10h+8h] ; source @args
mov edi, esp ; destination mov edi, esp ; destination
mov ecx, dword ptr [ebp+10h+4h] ; arg count @count mov ecx, dword ptr [ebp+10h+4h] ; arg count @count
rep movsd rep movsd
; call the function ; call the function
mov eax, dword ptr [ebp+10h+0h] ; @func mov eax, dword ptr [ebp+10h+0h] ; @func
call eax call eax
func_return: func_return:
; epilog ; epilog
mov esp,ebp mov esp,ebp
pop edi pop edi
pop esi pop esi
pop ebp pop ebp
ret 0Ch ret 0Ch
_Sbie_InvokeSyscall_asm@12 ENDP _Sbie_InvokeSyscall_asm@12 ENDP
PUBLIC _Sbie_InvokeSyscall_asm@12 PUBLIC _Sbie_InvokeSyscall_asm@12