Arm64位汇编怎么做状态保存和恢复?

对汇编不熟悉,不知道64位的状态保存和恢复怎么做,有没有代码能给我看一下?

推荐 https://store.raywenderlich.com/products/advanced-apple-debugging-and-reverse-engineering

看完就明白了

extern "C" void OOOOOOOOOOO(PARM64_REGISTERS regs)
{
    void* buffer;

    regs->x22 = (intptr_t)buffer;
    *(intptr_t *)regs->x24 = regs->x22;
    regs->returnAddress = FUCK;
}

__attribute__((naked)) int nakedXXXXXXXXXX()
{
    __asm__ volatile("\n\
        sub     sp,  sp,  #0x120                            \n\
        stp     x0,  x1,  [sp, #0x00]                       \n\
        stp     x2,  x3,  [sp, #0x10]                       \n\
        stp     x4,  x5,  [sp, #0x20]                       \n\
        stp     x6,  x7,  [sp, #0x30]                       \n\
        stp     x8,  x9,  [sp, #0x40]                       \n\
        stp     x10, x11, [sp, #0x50]                       \n\
        stp     x12, x13, [sp, #0x60]                       \n\
        stp     x14, x15, [sp, #0x70]                       \n\
        stp     x16, x17, [sp, #0x80]                       \n\
        stp     x18, x19, [sp, #0x90]                       \n\
        stp     x20, x21, [sp, #0xA0]                       \n\
        stp     x22, x23, [sp, #0xB0]                       \n\
        stp     x24, x25, [sp, #0xC0]                       \n\
        stp     x26, x27, [sp, #0xD0]                       \n\
        stp     x28, x29, [sp, #0xE0]                       \n\
        str     x30, [sp, #0xF0]                            \n\
\
        mov     x0, sp                                      \n\
        bl      _OOOOOOOOOO                      \n\
\
        ldp     x0,  x1,  [sp, #0x00]                       \n\
        ldp     x2,  x3,  [sp, #0x10]                       \n\
        ldp     x4,  x5,  [sp, #0x20]                       \n\
        ldp     x6,  x7,  [sp, #0x30]                       \n\
        ldp     x8,  x9,  [sp, #0x40]                       \n\
        ldp     x10, x11, [sp, #0x50]                       \n\
        ldp     x12, x13, [sp, #0x60]                       \n\
        ldp     x14, x15, [sp, #0x70]                       \n\
        ldp     x16, x17, [sp, #0x80]                       \n\
        ldp     x18, x19, [sp, #0x90]                       \n\
        ldp     x20, x21, [sp, #0xA0]                       \n\
        ldp     x22, x23, [sp, #0xB0]                       \n\
        ldp     x24, x25, [sp, #0xC0]                       \n\
        ldp     x26, x27, [sp, #0xD0]                       \n\
        ldp     x28, x29, [sp, #0xE0]                       \n\
        ldr     x30, [sp, #0xF0]                            \n\
\
        ldr     x10, [sp, #0xF8]                            \n\
        add     sp,  sp,  #0x120                            \n\
\
        cmp     x22, #0                                     \n\
        cset    w8, ne                                      \n\
        add     w9, w28, #0xd4                              \n\
        madd    w8, w8, w9, w2                              \n\
\
        br      x10                                         \n\
    ");
}

我是这样简单手写的

4 个赞

x86-64

objc4-709/runtime/Messengers.subproj/objc-msg-x86_64.s:421(.macro MethodTableLookup)

arm64

objc4-709/runtime/Messengers.subproj/objc-msg-arm64.s:432(.macro MethodTableLookup)

跟我写的有什么区别吗? 它甚至没保存完

如果根据函数调用约定的话, 不需要保存那么多哇. 而且有保存浮点寄存器哇.

之前在这里也踩了坑. :joy:

他没说什么应用场景, 如果是在函数中部hook呢, 浮点的就自己看情况了

就是在function中部hook。

对啊, 所以这里保存所有的才是正确的, 任何一个寄存器都可能被使用
我记得你是在另一个帖子里说在函数中部