diff options
author | Tavis Ormandy <taviso@gmail.com> | 2019-06-20 00:02:27 +0300 |
---|---|---|
committer | Tavis Ormandy <taviso@gmail.com> | 2019-06-20 00:02:27 +0300 |
commit | bcef39830093b6152ce0cfc87851c58bbe802df5 (patch) | |
tree | b001e740d157dc8b691982e5929bb0e6c651230b | |
parent | 2f1ac6b3a20a993fe4b720123e8a8444c04661ee (diff) |
make tls slots accessible via teb
-rw-r--r-- | peloader/pe_linker.c | 19 | ||||
-rw-r--r-- | peloader/pe_linker.h | 16 | ||||
-rw-r--r-- | peloader/winapi/TlsAlloc.c | 2 |
3 files changed, 28 insertions, 9 deletions
diff --git a/peloader/pe_linker.c b/peloader/pe_linker.c index ee4b1c9..19b83ea 100644 --- a/peloader/pe_linker.c +++ b/peloader/pe_linker.c @@ -622,16 +622,19 @@ error: return false; } +uintptr_t LocalStorage[1024] = {0}; + bool setup_nt_threadinfo(PEXCEPTION_HANDLER ExceptionHandler) { static EXCEPTION_FRAME ExceptionFrame; - static NT_TIB ThreadInfo = { - .Self = &ThreadInfo, + static TEB ThreadEnvironment = { + .Tib.Self = &ThreadEnvironment.Tib, + .ThreadLocalStoragePointer = LocalStorage, // https://github.com/taviso/loadlibrary/issues/65 }; struct user_desc pebdescriptor = { .entry_number = -1, - .base_addr = (uintptr_t) &ThreadInfo, - .limit = sizeof ThreadInfo, + .base_addr = (uintptr_t) &ThreadEnvironment, + .limit = sizeof ThreadEnvironment, .seg_32bit = 1, .contents = 0, .read_exec_only = 0, @@ -641,12 +644,12 @@ bool setup_nt_threadinfo(PEXCEPTION_HANDLER ExceptionHandler) }; if (ExceptionHandler) { - if (ThreadInfo.ExceptionList) { + if (ThreadEnvironment.Tib.ExceptionList) { DebugLog("Resetting ThreadInfo.ExceptionList"); } - ExceptionFrame.handler = ExceptionHandler; - ExceptionFrame.prev = NULL; - ThreadInfo.ExceptionList = &ExceptionFrame; + ExceptionFrame.handler = ExceptionHandler; + ExceptionFrame.prev = NULL; + ThreadEnvironment.Tib.ExceptionList = &ExceptionFrame; } if (syscall(__NR_set_thread_area, &pebdescriptor) != 0) { diff --git a/peloader/pe_linker.h b/peloader/pe_linker.h index d5a248f..ac202a9 100644 --- a/peloader/pe_linker.h +++ b/peloader/pe_linker.h @@ -981,6 +981,22 @@ typedef struct _NT_TIB { PVOID Self; } NT_TIB, *PNT_TIB; +typedef struct _CLIENT_ID { + HANDLE UniqueProcess; + HANDLE UniqueThread; +} CLIENT_ID; + +typedef struct _TEB { + NT_TIB Tib; + PVOID EnvironmentPointer; + CLIENT_ID Cid; + PVOID ActiveRpcInfo; + PVOID ThreadLocalStoragePointer; + // The fields below this are deliberately omitted so that access causes a + // crash (because of the segment limit). This lets me know I have to fix + // it, otherwise the error is very difficult to track down. +} TEB, *PTEB; + struct user_desc { unsigned int entry_number; unsigned long base_addr; diff --git a/peloader/winapi/TlsAlloc.c b/peloader/winapi/TlsAlloc.c index 2b76bf1..81d5ddf 100644 --- a/peloader/winapi/TlsAlloc.c +++ b/peloader/winapi/TlsAlloc.c @@ -17,7 +17,7 @@ #endif static int TlsIndex; -uintptr_t LocalStorage[1024]; +extern uintptr_t LocalStorage[1024]; STATIC DWORD WINAPI TlsAlloc(void) { |