From 754eaf5b8b65c9764abe67ec2d599036cd51e381 Mon Sep 17 00:00:00 2001 From: Vaxry Date: Wed, 24 Jan 2024 13:53:06 +0000 Subject: pluginapi: fix hooks with negative rip offsets fixes #4484 --- src/plugins/HookSystem.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/plugins/HookSystem.cpp b/src/plugins/HookSystem.cpp index a7625ffe..ca38fe95 100644 --- a/src/plugins/HookSystem.cpp +++ b/src/plugins/HookSystem.cpp @@ -74,9 +74,10 @@ CFunctionHook::SAssembly CFunctionHook::fixInstructionProbeRIPCalls(const SInstr std::string code = probe.assembly.substr(lastAsmNewline, probe.assembly.find("\n", lastAsmNewline) - lastAsmNewline); if (code.contains("%rip")) { CVarList tokens{code, 0, 's'}; - size_t plusPresent = tokens[1][0] == '+' ? 1 : 0; - std::string addr = tokens[1].substr(plusPresent, tokens[1].find("(%rip)") - plusPresent); - const uint64_t OFFSET = configStringToInt(addr); + size_t plusPresent = tokens[1][0] == '+' ? 1 : 0; + size_t minusPresent = tokens[1][0] == '-' ? 1 : 0; + std::string addr = tokens[1].substr((plusPresent || minusPresent), tokens[1].find("(%rip)") - (plusPresent || minusPresent)); + const uint64_t OFFSET = (minusPresent ? -1 : 1) * configStringToInt(addr); if (OFFSET == 0) return {}; const uint64_t DESTINATION = currentAddress + OFFSET + len; -- cgit v1.2.3