Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86&x64: adding endbr32 and endbr64 (Intel CET_IBT) #93

Open
LRGH opened this issue Mar 2, 2024 · 1 comment
Open

x86&x64: adding endbr32 and endbr64 (Intel CET_IBT) #93

LRGH opened this issue Mar 2, 2024 · 1 comment

Comments

@LRGH
Copy link
Contributor

LRGH commented Mar 2, 2024

Here the patch I use.

diff --git a/amoco/arch/x64/asm.py b/amoco/arch/x64/asm.py
index b891d1f..201bb7d 100644
--- a/amoco/arch/x64/asm.py
+++ b/amoco/arch/x64/asm.py
@@ -1819,3 +1819,6 @@ def i_XLATB(i, fmap):
     fmap[rip] = fmap[rip] + i.length
     _b = fmap(mem(rbx + al.zeroextend(64), 8))
     fmap[al] = _b
+
+i_ENDBR32 = i_NOP
+i_ENDBR64 = i_NOP
diff --git a/amoco/arch/x64/spec_ia32e.py b/amoco/arch/x64/spec_ia32e.py
index e8eb5fb..ce976ea 100644
--- a/amoco/arch/x64/spec_ia32e.py
+++ b/amoco/arch/x64/spec_ia32e.py
@@ -1090,6 +1090,13 @@ def ia32_movbe_crc32(obj, s, Mod, RM, REG, data):
     obj.type = type_data_processing
 
 
+# ENDBR (added by Intel in 2017 to protect against ROP)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fb} ]", mnemonic="ENDBR32", type=type_cpu_state)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fa} ]", mnemonic="ENDBR64", type=type_cpu_state)
+def ia32_endbr(obj):
+    pass
+
+
 # FPU instructions:
 # -----------------
 
diff --git a/amoco/arch/x86/asm.py b/amoco/arch/x86/asm.py
index 496838a..bd64866 100644
--- a/amoco/arch/x86/asm.py
+++ b/amoco/arch/x86/asm.py
@@ -1800,3 +1800,6 @@ def i_PEXTRW(i, fmap):
     else:
         v = top(16)
     fmap[op1] = v.zeroextend(op1.size)
+
+i_ENDBR32 = i_NOP
+i_ENDBR64 = i_NOP
diff --git a/amoco/arch/x86/spec_ia32.py b/amoco/arch/x86/spec_ia32.py
index 6970e49..f343675 100644
--- a/amoco/arch/x86/spec_ia32.py
+++ b/amoco/arch/x86/spec_ia32.py
@@ -1012,6 +1012,13 @@ def ia32_movbe_crc32(obj, s, Mod, RM, REG, data):
     obj.operands = [op1, op2]
     obj.type = type_data_processing
 
+# ENDBR (added by Intel in 2017 to protect against ROP)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fb} ]", mnemonic="ENDBR32", type=type_cpu_state)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fa} ]", mnemonic="ENDBR64", type=type_cpu_state)
+def ia32_endbr(obj):
+    pass
+
+
 # FPU instructions:
 # -----------------
 
diff --git a/tests/test_arch_x64.py b/tests/test_arch_x64.py
index 36e6e7c..8758829 100644
--- a/tests/test_arch_x64.py
+++ b/tests/test_arch_x64.py
@@ -202,3 +202,8 @@ def test_decoder_028():
   assert i.mnemonic=='MOVHPD'
   assert i.operands[0].ref == 'xmm2'
   assert i.operands[1].size == 64
+
+def test_decoder_029():
+  i = cpu.disassemble(b'\xf3\x0f\x1e\xfa')
+  assert i.mnemonic=='ENDBR64'
+  assert str(i) == 'endbr64     '
@bdcht
Copy link
Owner

bdcht commented Mar 4, 2024

Thanks, added in fa1eb9d.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bdcht @LRGH