On Wed, 2022-03-30 at 22:03 +0300, Jarkko Sakkinen wrote:
On Wed, 2022-03-30 at 10:40 -0700, Reinette Chatre wrote:
Could you please elaborate how the compiler will fix it up?
Sure.
Here's the disassembly of the RBX version:
[0x000021a9]> pi 1 lea rax, [rbx + loc.encl_stack]
Here's the same with s/RBX/RIP/:
[0x000021a9]> pi 5 lea rax, loc.encl_stack Compiler will substitute correct offset relative to the RIP, well, because it can and it makes sense.
It is treated differently than other registers, e.g. when LEA is assembled.
BR, Jarkko
To demonstrate this I did a couple of simple sessions with Rizin (fork/continuation/something of Radare2):
jarkko@suppilovahvero ~/Downloads (main)> rizin test_encl.rbx.elf -- Temporally drop the verbosity prefixing the commands with ':' [0x00002000]> aaa [x] Analyze all flags starting with sym. and entry0 (aa) [x] Analyze function calls (aac) [x] Analyze len bytes of instructions for references (aar) [x] Check for classes [x] Type matching analysis for all functions (aaft) [x] Propagate noreturn information [x] Use -AA or aaaa to perform additional experimental analysis. [0x00002000]> /ad lea 0x0000206e # 7: lea rax, [rip + 0xf8b] 0x0000206f # 6: lea eax, [rip + 0xf8b] 0x0000207e # 1: leave 0x000020a1 # 7: lea rcx, [rip + 0xf58] 0x000020a2 # 6: lea ecx, [rip + 0xf58] 0x000020b4 # 1: leave 0x000020ee # 1: leave 0x00002128 # 1: leave 0x00002145 # 7: lea rax, [rip - 0x102] 0x00002146 # 6: lea eax, [rip - 0x102] 0x00002150 # 7: lea rax, [rip - 0xd7] 0x00002151 # 6: lea eax, [rip - 0xd7] 0x0000215b # 7: lea rax, [rip - 0xac] 0x0000215c # 6: lea eax, [rip - 0xac] 0x00002166 # 7: lea rax, [rip - 0x7d] 0x00002167 # 6: lea eax, [rip - 0x7d] 0x00002171 # 7: lea rax, [rip - 0x4e] 0x00002172 # 6: lea eax, [rip - 0x4e] 0x000021a7 # 1: leave 0x000021a9 # 7: lea rax, [rbx + loc.encl_stack] 0x000021aa # 6: lea eax, [rbx + loc.encl_stack] [0x00002000]> s 0x21a9 [0x000021a9]> pi 1 lea rax, [rbx + loc.encl_stack] [0x000021a9]>
jarkko@suppilovahvero ~/Downloads (main)> rizin test_encl.elf -- Use V! to enter into the visual panels mode (dwm style) [0x00002000]> aaa [x] Analyze all flags starting with sym. and entry0 (aa) [x] Analyze function calls (aac) [x] Analyze len bytes of instructions for references (aar) [x] Check for classes [x] Type matching analysis for all functions (aaft) [x] Propagate noreturn information [x] Use -AA or aaaa to perform additional experimental analysis. [0x00002000]> /ad lea 0x0000206e # 7: lea rax, [rip + 0xf8b] 0x0000206f # 6: lea eax, [rip + 0xf8b] 0x0000207e # 1: leave 0x000020a1 # 7: lea rcx, [rip + 0xf58] 0x000020a2 # 6: lea ecx, [rip + 0xf58] 0x000020b4 # 1: leave 0x000020ee # 1: leave 0x00002128 # 1: leave 0x00002145 # 7: lea rax, [rip - 0x102] 0x00002146 # 6: lea eax, [rip - 0x102] 0x00002150 # 7: lea rax, [rip - 0xd7] 0x00002151 # 6: lea eax, [rip - 0xd7] 0x0000215b # 7: lea rax, [rip - 0xac] 0x0000215c # 6: lea eax, [rip - 0xac] 0x00002166 # 7: lea rax, [rip - 0x7d] 0x00002167 # 6: lea eax, [rip - 0x7d] 0x00002171 # 7: lea rax, [rip - 0x4e] 0x00002172 # 6: lea eax, [rip - 0x4e] 0x000021a7 # 1: leave 0x000021a9 # 7: lea rax, [rip + 0x5e50] 0x000021aa # 6: lea eax, [rip + 0x5e50] [0x00002000]> s 0x21a9 [0x000021a9]> pi 1 lea rax, loc.encl_stack [0x000021a9]>
BR, Jarkko