Ryan elfmaster O'Neill
Ryan elfmaster O'Neill
The patch image is loaded further than 2gb away in memory and thus we cannot re-link call instructions with an offset that fits in 4 bytes
Currently Shiva supports x86_64 for loading ELF micro-programs (See https://github.com/elfmaster/shiva) but does not support x86_64 microcode patching. Support for x86_64 microcode patching will be easiest to implement since much of...
GOT poisoning on PIE binaries from Shiva is tricky, if Shiva updates the GOT then it will be overwritten by RTLD afterwards due to strict linking. The solution we used...
shiva_tf_relink_local_branch_x86_64 re-writes short branch with offset that becomes negative in splice patches larger than 127 bytes in length. In short... the two byte instruction "\x74\0x00" can only hold a one...
1. Remove the global reference to context. Currently we have: ```struct shiva_ctx *ctx_global``` defined as a global initialized variable in shiva.c. This global variable is predictable in the AARCH64 version...
Currently we cannot patch global variables that are locally binded. This should only take an hour or so to handle. ``` int foo(void) { static int data_var = 5; printf("%d\n",...
Debugging programs that have been patched in memory can sometimes be difficult to debug if the bug is within the patch code path. We must generate .eh_frame that is updated...
Transformed functions will not properly re-link recursive functions yet. If the function is transformed, calls to itself will call the non-transformed version of the function. Must fix.
Shiva allows for Transform operations. Currently this basically means "Function splicing". Shiva can splice relocatable code into a function at any point, and fully extend, relocate, and transform the function...
Currently Shiva supports ET_DYN executable only. This needs to eventually support ET_EXEC binaries as well. And static executable (Which we know it already will but haven't tested with).