fix: hook functions starts with pac (#222)

bmax121 · bmax · web-flow · commit 11b09f8dcff7 · 2025-12-05T08:55:49.000+08:00
* added BTI in trampoline head for support hook "BR/BLR
 -&gt; PACIXSP"

* 0.12.3

---------

Co-authored-by: bmax &lt;placeholder@outlook.com&gt;
diff --git a/kernel/base/hook.c b/kernel/base/hook.c
@@ -566,11 +566,17 @@ hook_err_t hook_prepare(hook_t *hook)
     if (is_bad_address((void *)hook->relo_addr)) return -HOOK_BAD_ADDRESS;
 
     // backup origin instruction
-    for (int i = 0; i < TRAMPOLINE_NUM; i++) {
+    for (int i = 0; i < TRAMPOLINE_MAX_NUM; i++) {
         hook->origin_insts[i] = *((uint32_t *)hook->origin_addr + i);
     }
     // trampline to replace_addr
-    hook->tramp_insts_num = branch_from_to(hook->tramp_insts, hook->origin_addr, hook->replace_addr);
+    if (hook->origin_insts[0] == ARM64_PACIASP || hook->origin_insts[0] == ARM64_PACIBSP) {
+        hook->tramp_insts_num = branch_from_to(&hook->tramp_insts[1], hook->origin_addr, hook->replace_addr);
+        hook->tramp_insts[0] = ARM64_BTI_JC;
+        hook->tramp_insts_num++;
+    } else {
+        hook->tramp_insts_num = branch_from_to(hook->tramp_insts, hook->origin_addr, hook->replace_addr);
+    }
 
     // relocate
     for (int i = 0; i < sizeof(hook->relo_insts) / sizeof(hook->relo_insts[0]); i++) {
diff --git a/kernel/include/hook.h b/kernel/include/hook.h
@@ -40,8 +40,8 @@ typedef int8_t chain_item_state;
 #define local_container_of(ptr, type, member) ({ (type *)((char *)(ptr) - local_offsetof(type, member)); })
 
 #define HOOK_MEM_REGION_NUM 4
-#define TRAMPOLINE_NUM 4
-#define RELOCATE_INST_NUM (TRAMPOLINE_NUM * 8 + 8)
+#define TRAMPOLINE_MAX_NUM 6
+#define RELOCATE_INST_NUM (TRAMPOLINE_MAX_NUM * 8 + 8)
 
 #define HOOK_CHAIN_NUM 0x10
 #define TRANSIT_INST_NUM 0x60
@@ -52,6 +52,8 @@ typedef int8_t chain_item_state;
 #define ARM64_BTI_C 0xd503245f
 #define ARM64_BTI_J 0xd503249f
 #define ARM64_BTI_JC 0xd50324df
+#define ARM64_PACIASP 0xd503233f
+#define ARM64_PACIBSP 0xd503237f
 
 typedef struct
 {
@@ -63,8 +65,8 @@ typedef struct
     // out
     int32_t tramp_insts_num;
     int32_t relo_insts_num;
-    uint32_t origin_insts[TRAMPOLINE_NUM] __attribute__((aligned(8)));
-    uint32_t tramp_insts[TRAMPOLINE_NUM] __attribute__((aligned(8)));
+    uint32_t origin_insts[TRAMPOLINE_MAX_NUM] __attribute__((aligned(8)));
+    uint32_t tramp_insts[TRAMPOLINE_MAX_NUM] __attribute__((aligned(8)));
     uint32_t relo_insts[RELOCATE_INST_NUM] __attribute__((aligned(8)));
 } hook_t __attribute__((aligned(8)));
 
diff --git a/version b/version
@@ -1,3 +1,3 @@
 #define MAJOR 0
 #define MINOR 12
-#define PATCH 2
+#define PATCH 3
