1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
/** @file
Implementation of _LongJump() on IA-32.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "BaseLibInternals.h"
/**
Restores the CPU context that was saved with SetJump().
Restores the CPU context from the buffer specified by JumpBuffer.
This function never returns to the caller.
Instead is resumes execution based on the state of JumpBuffer.
@param JumpBuffer A pointer to CPU context buffer.
@param Value The value to return when the SetJump() context is restored.
**/
__declspec (naked)
VOID
EFIAPI
InternalLongJump (
IN BASE_LIBRARY_JUMP_BUFFER *JumpBuffer,
IN UINTN Value
)
{
_asm {
mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
test eax, eax
jz CetDone
_emit 0x0F
_emit 0x20
_emit 0xE0 ; mov eax, cr4
bt eax, 23 ; check if CET is enabled
jnc CetDone
mov edx, [esp + 4] ; edx = JumpBuffer
mov edx, [edx + 24] ; edx = target SSP
_emit 0xF3
_emit 0x0F
_emit 0x1E
_emit 0xC8 ; READSSP EAX
sub edx, eax ; edx = delta
mov eax, edx ; eax = delta
shr eax, 2 ; eax = delta/sizeof(UINT32)
_emit 0xF3
_emit 0x0F
_emit 0xAE
_emit 0xE8 ; INCSSP EAX
CetDone:
pop eax ; skip return address
pop edx ; edx <- JumpBuffer
pop eax ; eax <- Value
mov ebx, [edx]
mov esi, [edx + 4]
mov edi, [edx + 8]
mov ebp, [edx + 12]
mov esp, [edx + 16]
jmp dword ptr [edx + 20]
}
}
|
