npm - frida-java-bridge - Versions diffs - 6.1.2 → 6.1.3 - Mend

frida-java-bridge 6.1.2 → 6.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib/android.js +48 -14
package/package.json +1 -1

package/lib/android.js CHANGED Viewed

@@ -2786,7 +2786,7 @@ const artQuickCodeReplacementTrampolineWriters = {
   arm64: writeArtQuickCodeReplacementTrampolineArm64
 };
-function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirectSize, constraints, vm) {
   const threadOffsets = getArtThreadSpec(vm).offset;
   const artMethodOffsets = getArtMethodSpec(vm).offset;
@@ -2849,7 +2849,7 @@ function writeArtQuickCodeReplacementTrampolineIA32 (trampoline, target, redirec
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirectSize, constraints, vm) {
   const threadOffsets = getArtThreadSpec(vm).offset;
   const artMethodOffsets = getArtMethodSpec(vm).offset;
@@ -2912,7 +2912,7 @@ function writeArtQuickCodeReplacementTrampolineX64 (trampoline, target, redirect
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirectSize, constraints, vm) {
   const artMethodOffsets = getArtMethodSpec(vm).offset;
   const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK);
@@ -2999,7 +2999,7 @@ function writeArtQuickCodeReplacementTrampolineArm (trampoline, target, redirect
   return offset;
 }
-function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redirectSize, vm) {
+function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redirectSize, { availableScratchRegs }, vm) {
   const artMethodOffsets = getArtMethodSpec(vm).offset;
   let offset;
@@ -3068,8 +3068,9 @@ function writeArtQuickCodeReplacementTrampolineArm64 (trampoline, target, redire
     relocator.writeAll();
     if (!relocator.eoi) {
-      writer.putLdrRegAddress('x17', target.add(offset));
-      writer.putBrReg('x17');
+      const scratchReg = Array.from(availableScratchRegs)[0];
+      writer.putLdrRegAddress(scratchReg, target.add(offset));
+      writer.putBrReg(scratchReg);
     }
     writer.putLabel('invoke_replacement');
@@ -3146,7 +3147,7 @@ class ArtQuickCodeInterceptor {
     this.overwrittenPrologueLength = 0;
   }
-  _canRelocateCode (relocationSize) {
+  _canRelocateCode (relocationSize, constraints) {
     const Writer = thunkWriters[Process.arch];
     const Relocator = thunkRelocators[Process.arch];
@@ -3156,14 +3157,44 @@ class ArtQuickCodeInterceptor {
     const relocator = new Relocator(quickCodeAddress, writer);
     let offset;
-    do {
-      offset = relocator.readOne();
-    } while (offset < relocationSize && !relocator.eoi);
+    if (Process.arch === 'arm64') {
+      let availableScratchRegs = new Set(['x16', 'x17']);
+      do {
+        const nextOffset = relocator.readOne();
+        const nextScratchRegs = new Set(availableScratchRegs);
+        const { read, written } = relocator.input.regsAccessed;
+        for (const regs of [read, written]) {
+          for (const reg of regs) {
+            let name;
+            if (reg.startsWith('w')) {
+              name = 'x' + reg.substring(1);
+            } else {
+              name = reg;
+            }
+            nextScratchRegs.delete(name);
+          }
+        }
+        if (nextScratchRegs.size === 0) {
+          break;
+        }
+        offset = nextOffset;
+        availableScratchRegs = nextScratchRegs;
+      } while (offset < relocationSize && !relocator.eoi);
+      constraints.availableScratchRegs = availableScratchRegs;
+    } else {
+      do {
+        offset = relocator.readOne();
+      } while (offset < relocationSize && !relocator.eoi);
+    }
     return offset >= relocationSize;
   }
-  _createTrampoline () {
+  _allocateTrampoline () {
     if (trampolineAllocator === null) {
       const trampolineSize = (pointerSize === 4) ? 128 : 256;
       trampolineAllocator = makeCodeAllocator(trampolineSize);
@@ -3173,7 +3204,8 @@ class ArtQuickCodeInterceptor {
     let redirectSize, spec;
     let alignment = 1;
-    if (pointerSize === 4 || this._canRelocateCode(maxRedirectSize)) {
+    const constraints = {};
+    if (pointerSize === 4 || this._canRelocateCode(maxRedirectSize, constraints)) {
       redirectSize = maxRedirectSize;
       spec = {};
@@ -3193,6 +3225,8 @@ class ArtQuickCodeInterceptor {
     this.redirectSize = redirectSize;
     this.trampoline = trampolineAllocator.allocateSlice(spec, alignment);
+    return constraints;
   }
   _destroyTrampoline () {
@@ -3200,12 +3234,12 @@ class ArtQuickCodeInterceptor {
   }
   activate (vm) {
-    this._createTrampoline();
+    const constraints = this._allocateTrampoline();
     const { trampoline, quickCode, redirectSize } = this;
     const writeTrampoline = artQuickCodeReplacementTrampolineWriters[Process.arch];
-    const prologueLength = writeTrampoline(trampoline, quickCode, redirectSize, vm);
+    const prologueLength = writeTrampoline(trampoline, quickCode, redirectSize, constraints, vm);
     this.overwrittenPrologueLength = prologueLength;
     this.overwrittenPrologue = Memory.dup(this.quickCodeAddress, prologueLength);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "frida-java-bridge",
-  "version": "6.1.2",
+  "version": "6.1.3",
   "description": "Java runtime interop from Frida",
   "main": "index.js",
   "files": [