amoco icon indicating copy to clipboard operation
amoco copied to clipboard
verified publisher icon bdcht

x86&x64: adding endbr32 and endbr64 (Intel CET_IBT)

Open LRGH opened this issue 1 year ago • 1 comments

Here the patch I use.

diff --git a/amoco/arch/x64/asm.py b/amoco/arch/x64/asm.py
index b891d1f..201bb7d 100644
--- a/amoco/arch/x64/asm.py
+++ b/amoco/arch/x64/asm.py
@@ -1819,3 +1819,6 @@ def i_XLATB(i, fmap):
     fmap[rip] = fmap[rip] + i.length
     _b = fmap(mem(rbx + al.zeroextend(64), 8))
     fmap[al] = _b
+
+i_ENDBR32 = i_NOP
+i_ENDBR64 = i_NOP
diff --git a/amoco/arch/x64/spec_ia32e.py b/amoco/arch/x64/spec_ia32e.py
index e8eb5fb..ce976ea 100644
--- a/amoco/arch/x64/spec_ia32e.py
+++ b/amoco/arch/x64/spec_ia32e.py
@@ -1090,6 +1090,13 @@ def ia32_movbe_crc32(obj, s, Mod, RM, REG, data):
     obj.type = type_data_processing
 
 
+# ENDBR (added by Intel in 2017 to protect against ROP)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fb} ]", mnemonic="ENDBR32", type=type_cpu_state)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fa} ]", mnemonic="ENDBR64", type=type_cpu_state)
+def ia32_endbr(obj):
+    pass
+
+
 # FPU instructions:
 # -----------------
 
diff --git a/amoco/arch/x86/asm.py b/amoco/arch/x86/asm.py
index 496838a..bd64866 100644
--- a/amoco/arch/x86/asm.py
+++ b/amoco/arch/x86/asm.py
@@ -1800,3 +1800,6 @@ def i_PEXTRW(i, fmap):
     else:
         v = top(16)
     fmap[op1] = v.zeroextend(op1.size)
+
+i_ENDBR32 = i_NOP
+i_ENDBR64 = i_NOP
diff --git a/amoco/arch/x86/spec_ia32.py b/amoco/arch/x86/spec_ia32.py
index 6970e49..f343675 100644
--- a/amoco/arch/x86/spec_ia32.py
+++ b/amoco/arch/x86/spec_ia32.py
@@ -1012,6 +1012,13 @@ def ia32_movbe_crc32(obj, s, Mod, RM, REG, data):
     obj.operands = [op1, op2]
     obj.type = type_data_processing
 
+# ENDBR (added by Intel in 2017 to protect against ROP)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fb} ]", mnemonic="ENDBR32", type=type_cpu_state)
+@ispec_ia32("32>[ {f3}{0f}{1e}{fa} ]", mnemonic="ENDBR64", type=type_cpu_state)
+def ia32_endbr(obj):
+    pass
+
+
 # FPU instructions:
 # -----------------
 
diff --git a/tests/test_arch_x64.py b/tests/test_arch_x64.py
index 36e6e7c..8758829 100644
--- a/tests/test_arch_x64.py
+++ b/tests/test_arch_x64.py
@@ -202,3 +202,8 @@ def test_decoder_028():
   assert i.mnemonic=='MOVHPD'
   assert i.operands[0].ref == 'xmm2'
   assert i.operands[1].size == 64
+
+def test_decoder_029():
+  i = cpu.disassemble(b'\xf3\x0f\x1e\xfa')
+  assert i.mnemonic=='ENDBR64'
+  assert str(i) == 'endbr64     '

LRGH avatar Mar 02 '24 09:03 LRGH

Thanks, added in fa1eb9d.

bdcht avatar Mar 04 '24 14:03 bdcht