short: synthesize PLATFORM_DATA in ELF (not stub)

Author: byeongkeunahn

scripts/static-pie-gen.py

@@ -68,7 +68,9 @@
 sol = "".join(sol)
 
 # binary (raw)
-code_raw_b91 = base91.encode(memory_bin, use_rle=True).decode('ascii')
+code_raw = memory_bin[:-8]
+code_raw += (len(code_raw) + 8 - loader_fdict['entrypoint_offset']).to_bytes(8, byteorder='little')
+code_raw_b91 = base91.encode(code_raw, use_rle=True).decode('ascii')
 code_raw_b91_len = len(code_raw_b91)
 code_raw_b91 = '"' + code_raw_b91 + '"'
 

scripts/static-pie-prestub-amd64-shorter.asm

@@ -11,11 +11,6 @@ BITS 64
 ORG 0
 section .text
 
-; Align stack to 16 byte boundary
-; [rsp+ 32, rsp+120): PLATFORM_DATA
-; [rsp+  0, rsp+ 32): (shadow space for win64 calling convention)
-    enter   56, 0
-
 ; svc_alloc_rwx for Linux
 _svc_alloc_rwx:
     push    9
@@ -34,15 +29,7 @@ _svc_alloc_rwx:
     syscall
     pop     rsi                     ; restore rsi
 
-; PLATFORM_DATA
-_t:                                 ; PLATFORM_DATA[32..39] = ptr_alloc_rwx
-    push    rdx                     ; PLATFORM_DATA[24..31] = win_GetProcAddress
-    push    rax                     ; PLATFORM_DATA[16..23] = win_kernel32
-    push    1                       ; PLATFORM_DATA[ 8..15] = env_flags (0=None, 1=ENV_FLAGS_LINUX_STYLE_CHKSTK)
-    push    2                       ; PLATFORM_DATA[ 0.. 7] = env_id (1=Windows, 2=Linux)
-
 ; Current state: rax = new buffer
-    push    rax
     xchg    rax, rdi                ; rdi = new buffer
 
 ; Base91 decoder
@@ -78,8 +65,5 @@ _decode_zeros:
 
 ; Jump to entrypoint
 _jump_to_entrypoint:
-    pop     rax
-    add     rax, qword [rdi-8]
-    push    rsp
-    pop     rcx
-    call    rax
+    sub     rdi, qword [rdi-8]
+    jmp     rdi

scripts/static-pie-prestub-amd64-shorter.bin

@@ -5,4 +5,4 @@
 $$$$solution_src$$$$
 }
 // SOLUTION END
-#[no_link]extern crate std;#[no_mangle]unsafe fn _start(){std::arch::asm!(".quad 9958096a000038c8h,16aff3156c93145h,6a5a41226a07b25eh,50525e050f5841ffh,0b0974850026a016ah,99232cac0de0c11fh,0ac92c8fe16742572h,0aad0015bc06b242ch,0f77510c4f608e8c1h,48ff4fb60f92dfebh,58d5eb92aaf3cfffh,0d0ff5954f8470348h",in("rsi")r$$$$binary_raw_base91$$$$.as_ptr())}
+#[no_link]extern crate std;#[no_mangle]unsafe fn _start(){std::arch::asm!(".quad 56c931459958096ah,6a07b25e016aff31h,0f5841ff6a5a4122h,0e0c11fb097485e05h,74257299232cac0dh,6b242cac92c8fe16h,8e8c1aad0015bc0h,92dfebf77510c4f6h,0f3cfff48ff4fb60fh,0f87f2b48d5eb92aah,59391",in("rsi")r$$$$binary_raw_base91$$$$.as_ptr())}

scripts/static-pie-template-amd64-shorter.rs

@@ -86,12 +86,14 @@ unsafe extern "win64" fn _start() -> ! {
     #[cfg(feature = "short")]
     asm!(
         "clc",                              // Not needed but packager wants it
-        "push   rcx",                       // Align stack
-        "mov    rbx, rcx",                  // Save PLATFORM_DATA table
+        "sub    rsp, 80",                   // 16 + 80 = 96 = 16*6 -> stack alignment preserved
+        "push   1",                         // env_flags = 1 (ENV_FLAGS_LINUX_STYLE_CHKSTK)
+        "push   2",                         // env_id = 2 (ENV_ID_LINUX)
         "lea    rdi, [rip + __ehdr_start]",
         "lea    rsi, [rip + _DYNAMIC]",
         "call   {0}",
-        "mov    rdi, rbx",
+        "push   rsp",
+        "pop    rcx",
         "call   {1}",                       // This won't return since on Linux we invoke SYS_exitgroup in binary
         sym loader::amd64_elf::relocate,
         sym _start_rust,