Skip to content

Handle -fpic thunks#110

Open
Kenzzer wants to merge 1 commit into
cursey:mainfrom
Kenzzer:k/fpic_fix
Open

Handle -fpic thunks#110
Kenzzer wants to merge 1 commit into
cursey:mainfrom
Kenzzer:k/fpic_fix

Conversation

@Kenzzer
Copy link
Copy Markdown

@Kenzzer Kenzzer commented Oct 22, 2025

Close #90

On linux, the x86 binaries compiled with gcc's -fPIC option will often have a function prologue like this

push    ebp
mov     ebp, esp
push    edi
call    __x86_get_pc_thunk_di

This is unfortunate, because call __x86_get_pc_thunk_di gets moved into the trampoline. For any other kind of function this would be fine, but here it isn't because here's what __x86_get_pc_thunk does :

mov reg, [esp]
ret

The reg is the one that corresponds to the function name. EAX for AX, ECX for CX, etc...
Now the return address in esp is that of the trampoline not the original function, so when jumping back to the original function the register contains an invalid value..

This is what this PR fixes. If a call to __x86_get_pc_thunk is identified as being moved into the trampoline, instead of copying the original bytes, we copy the opcodes for mov reg, 0xSomeValue where reg is the register that would have been assigned by __x86_get_pc_thunk and 0xSomeValue is the value the register would have had in the original non-detour'd function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Problem with thunk functions

1 participant

@Kenzzer