tmp save

.github/workflows/build.yml

@@ -215,6 +215,52 @@ jobs:
           allowUpdates: true
           replacesArtifacts: true
 
+  Build-kptools-windows:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Check out
+        uses: actions/checkout@v3
+      - name: Install mingw32 cross toolchains
+        run: |
+          MINGW_LLVM_URL="https://github.com/mstorsjo/llvm-mingw/releases/download/20231128/llvm-mingw-20231128-msvcrt-ubuntu-20.04-x86_64.tar.xz"
+          mkdir -p $HOME/mingw-llvm
+          wget $MINGW_LLVM_URL -O $HOME/mingw-llvm/llvm.tar.xz
+          cd $HOME/mingw-llvm
+          tar -xvf llvm.tar.xz --strip-components 1
+      - name: Generate version
+        id: parse_version
+        run: |
+          MAJOR=$(grep '#define MAJOR' version | awk '{print $3}')
+          MINOR=$(grep '#define MINOR' version | awk '{print $3}')
+          PATCH=$(grep '#define PATCH' version | awk '{print $3}')
+          VERSION="$MAJOR.$MINOR.$PATCH"
+          echo "Generated Version: $VERSION"
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+      - name: Build kptools
+        run: |
+          export PATH="$HOME/mingw-llvm/bin:$PATH"
+          export ANDROID=1
+          ABIS="x86_64 i686 aarch64 armv7"
+          for i in $ABIS; do
+            make -C kernel hdr TARGET_COMPILE=placeholder
+            echo "- Compiling kptools-$i-win.exe"
+            make -C tools CC=$i-w64-mingw32-clang
+            mv tools/kptools.exe kptools-$i-win.exe
+            make -C tools clean
+          done
+          7za a kptools-win.zip -tZIP *.exe
+      - name: Release
+        uses: ncipollo/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ steps.parse_version.outputs.VERSION }}
+          artifacts: |
+            kptools-win.zip
+          allowUpdates: true
+          replacesArtifacts: true
+
   Build-kptools-mac:
     runs-on: macos-latest
     permissions:

README.md

@@ -38,7 +38,7 @@ Linux 6.3+ (not yet adapted)
 
 ## More Information
 
-[Documentation](./doc/en/)
+[Documentation](./doc/)
 
 ## Credits
 

kernel/base/fphook.c

@@ -281,8 +281,7 @@ KP_EXPORT_SYMBOL(fp_hook_wrap);
 
 void fp_hook_unwrap(uintptr_t fp_addr, void *before, void *after)
 {
-    uint64_t origin = branch_func_addr(fp_addr);
-    fp_hook_chain_t *chain = (fp_hook_chain_t *)hook_get_mem_from_origin(origin);
+    fp_hook_chain_t *chain = (fp_hook_chain_t *)hook_get_mem_from_origin(fp_addr);
     if (!chain) return;
     for (int i = 0; i < FP_HOOK_CHAIN_NUM; i++) {
         if (chain->states[i] == CHAIN_ITEM_STATE_READY)

kernel/base/hook.c

@@ -280,8 +280,6 @@ int32_t branch_relative(uint32_t *buf, uint64_t src_addr, uint64_t dst_addr)
         buf[1] = ARM64_NOP;
         return 2;
     }
-    // todo: add bit c or bit cj here
-    // d503245f        bti     c
     return 0;
 }
 KP_EXPORT_SYMBOL(branch_relative);
@@ -292,19 +290,28 @@ int32_t branch_absolute(uint32_t *buf, uint64_t addr)
     buf[1] = 0xd61f0220; // BR X17
     buf[2] = addr & 0xFFFFFFFF;
     buf[3] = addr >> 32u;
-    // todo: add bit c or bit cj here
-    // d503245f        bti     c
     return 4;
 }
 KP_EXPORT_SYMBOL(branch_absolute);
 
+int32_t ret_absolute(uint32_t *buf, uint64_t addr)
+{
+    buf[0] = 0x58000051; // LDR X17, #8
+    buf[1] = 0xd65f0220; // RET X17
+    buf[2] = addr & 0xFFFFFFFF;
+    buf[3] = addr >> 32u;
+    return 4;
+}
+KP_EXPORT_SYMBOL(ret_absolute);
+
 int32_t branch_from_to(uint32_t *tramp_buf, uint64_t src_addr, uint64_t dst_addr)
 {
-#if 1
+#if 0
     uint32_t len = branch_relative(tramp_buf, src_addr, dst_addr);
     if (len) return len;
 #endif
-    return branch_absolute(tramp_buf, dst_addr);
+    // return branch_absolute(tramp_buf, dst_addr);
+    return ret_absolute(tramp_buf, dst_addr);
 }
 KP_EXPORT_SYMBOL(branch_from_to);
 
@@ -572,8 +579,7 @@ void hook_install(hook_t *hook)
         *((uint32_t *)hook->origin_addr + i) = hook->tramp_insts[i];
     }
     flush_icache_all();
-    // todo: this is temporary fix for bit
-    *entry = ori_prot & 0xFFFBFFFFFFFFFFFF;
+    *entry = ori_prot;
     flush_tlb_kernel_page(va);
 }
 KP_EXPORT_SYMBOL(hook_install);

kernel/include/hook.h

@@ -232,15 +232,7 @@ typedef struct _fphook_chain
 int32_t branch_from_to(uint32_t *tramp_buf, uint64_t src_addr, uint64_t dst_addr);
 int32_t branch_relative(uint32_t *buf, uint64_t src_addr, uint64_t dst_addr);
 int32_t branch_absolute(uint32_t *buf, uint64_t addr);
-
-#ifdef HOOK_INTO_BRANCH_FUNC
-uint64_t branch_func_addr(uint64_t addr);
-#else
-static inline uint64_t branch_func_addr(uint64_t addr)
-{
-    return addr;
-}
-#endif
+int32_t ret_absolute(uint32_t *buf, uint64_t addr);
 
 hook_err_t hook_prepare(hook_t *hook);
 void hook_install(hook_t *hook);

kernel/include/preset.h

@@ -181,4 +181,12 @@ typedef struct _setup_preset_t
 #define setup_end (setup_patch_config_offset + PATCH_CONFIG_LEN)
 #endif
 
+#ifndef __ASSEMBLY__
+typedef struct _preset
+{
+    setup_header_t header;
+    setup_preset_t preset;
+} preset_t;
+#endif
+
 #endif // _KP_PRESET_H_

kernel/patch/patch.c

@@ -48,42 +48,42 @@ void before_panic(hook_fargs12_t *args, void *udata)
 
 static void before_rest_init(hook_fargs4_t *args, void *udata)
 {
-    int err = 0;
+    int rc = 0;
     log_boot("entering init ...\n");
 
-    if ((err = linux_libs_symbol_init())) goto out;
-    log_boot("linux_libs_symbol_init done: %d\n", err);
+    if ((rc = linux_libs_symbol_init())) goto out;
+    log_boot("linux_libs_symbol_init done: %d\n", rc);
 
-    if ((err = linux_misc_symbol_init())) goto out;
-    log_boot("linux_misc_symbol_init done: %d\n", err);
+    if ((rc = linux_misc_symbol_init())) goto out;
+    log_boot("linux_misc_symbol_init done: %d\n", rc);
 
-    if ((err = bypass_kcfi())) goto out;
-    log_boot("bypass_kcfi done: %d\n", err);
+    if ((rc = bypass_kcfi())) goto out;
+    log_boot("bypass_kcfi done: %d\n", rc);
 
-    if ((err = syscall_init())) goto out;
-    log_boot("syscall_init done: %d\n", err);
+    if ((rc = syscall_init())) goto out;
+    log_boot("syscall_init done: %d\n", rc);
 
-    if ((err = resolve_struct())) goto out;
-    log_boot("resolve_struct done: %d\n", err);
+    if ((rc = resolve_struct())) goto out;
+    log_boot("resolve_struct done: %d\n", rc);
 
-    if ((err = task_observer())) goto out;
-    log_boot("task_observer done: %d\n", err);
+    if ((rc = task_observer())) goto out;
+    log_boot("task_observer done: %d\n", rc);
 
-    if ((err = selinux_hook_install())) goto out;
-    log_boot("selinux_hook_install done: %d\n", err);
+    if ((rc = selinux_hook_install())) goto out;
+    log_boot("selinux_hook_install done: %d\n", rc);
 
-    if ((err = module_init())) goto out;
-    log_boot("module_init done: %d\n", err);
+    if ((rc = module_init())) goto out;
+    log_boot("module_init done: %d\n", rc);
 
-    if ((err = supercall_install())) goto out;
-    log_boot("supercall_install done: %d\n", err);
+    if ((rc = supercall_install())) goto out;
+    log_boot("supercall_install done: %d\n", rc);
 
 #ifdef ANDROID
-    if ((err = kpuserd_init())) goto out;
-    log_boot("kpuserd_init done: %d\n", err);
+    if ((rc = kpuserd_init())) goto out;
+    log_boot("kpuserd_init done: %d\n", rc);
 
-    if ((err = su_compat_init())) goto out;
-    log_boot("su_compat_init done: %d\n", err);
+    if ((rc = su_compat_init())) goto out;
+    log_boot("su_compat_init done: %d\n", rc);
 #endif
 
 out:
@@ -105,7 +105,6 @@ int patch()
     int rc = 0;
 
     unsigned long panic_addr = get_preset_patch_sym()->panic;
-    logkd("panic: %llx\n", panic_addr);
     if (panic_addr) {
         hook_err_t err = hook_wrap12((void *)panic_addr, before_panic, 0, 0);
         if (err) {

tools/Makefile

@@ -5,11 +5,6 @@ ifdef DEBUG
 	CFLAGS += -DDEBUG -g
 endif
 
-ifdef ANDROID
-	CFLAGS += -DANDROID
-endif
-
-
 objs := image.o kallsym.o kptools.o order.o insn.o
 
 .PHONY: all
@@ -26,4 +21,4 @@ kptools: ${objs}
 clean:
 	rm -rf preset.h
 	rm -rf kptools
-	find . -name "*.o" | xargs rm -f
+	find . -name "*.o" | xargs rm -f

tools/kallsym.c

@@ -719,8 +719,8 @@ static int correct_addresses_or_offsets_by_banner(kallsym_t *info, char *img, in
         fprintf(stdout, "[-] kallsyms no linux_banner in names table\n");
         return -1;
     }
-
     info->symbol_banner_idx = -1;
+
     // find correct addresses or offsets
     for (int i = 0; i < info->banner_num; i++) {
         int32_t target_offset = info->linux_banner_offset[i];
@@ -758,7 +758,6 @@ static int correct_addresses_or_offsets_by_banner(kallsym_t *info, char *img, in
 static int correct_addresses_or_offsets(kallsym_t *info, char *img, int32_t imglen)
 {
     int rc = correct_addresses_or_offsets_by_banner(info, img, imglen);
-    rc = -1;
     if (rc) {
         fprintf(stdout, "[?] kallsyms no linux_banner? maybe CONFIG_KALLSYMS_ALL=n?\n");
     }

tools/kallsym.h

@@ -107,6 +107,27 @@ typedef struct
 
 } kallsym_t;
 
+#ifdef _WIN32
+#include <string.h>
+static void *memmem(const void *haystack, size_t haystack_len, 
+    const void * const needle, const size_t needle_len)
+{
+    if (haystack == NULL) return NULL; // or assert(haystack != NULL);
+    if (haystack_len == 0) return NULL;
+    if (needle == NULL) return NULL; // or assert(needle != NULL);
+    if (needle_len == 0) return NULL;
+
+    for (const char *h = haystack;
+            haystack_len >= needle_len;
+            ++h, --haystack_len) {
+        if (!memcmp(h, needle, needle_len)) {
+            return (void*)h;
+        }
+    }
+    return NULL;
+}
+#endif
+
 int analyze_kallsym_info(kallsym_t *info, char *img, int32_t imglen, enum arch_type arch, int32_t is_64);
 int dump_all_symbols(kallsym_t *info, char *img);
 int get_symbol_index_offset(kallsym_t *info, char *img, int32_t index);

tools/kptools.c

@@ -53,6 +53,7 @@ static char image[FILENAME_MAX] = { '\0' };
 static char out[FILENAME_MAX] = { '\0' };
 static char kpimg[FILENAME_MAX] = { '\0' };
 static char superkey[SUPER_KEY_LEN] = { '\0' };
+static char configReserved[256] = { '\0' };
 
 static kernel_info_t kinfo;
 static kallsym_t kallsym;
@@ -67,6 +68,7 @@ void print_usage()
               "    Print this message.\n"
               "\n"
               "  -p, --patch <kernel_image> <--kpimg kpimg> <--skey super_key> [--out image_patched]\n"
+              "  -t, --targetOS <name>, name: Android or Linux, default: Android\n"
               "  Patch kernel_image with kpimg.\n"
               "    If --out is not specified, default ${kernel_image}__patched will be used.\n"
               "    super_key: Authentication key for supercall system call.\n"
@@ -281,8 +283,22 @@ void select_map_area(kallsym_t *kallsym, char *image_buf, int32_t *map_start, in
     *max_size = 0x800;
 }
 
+void set_config_reserved(const char *osName)
+{
+    if (strcmp(osName, "Android") == 0) {
+        strncpy(configReserved, "/data/adb/ap/init.ini", sizeof(configReserved) - 1);
+    } else if (strcmp(osName, "Linux") == 0) {
+        strncpy(configReserved, "/etc/kp/init.ini", sizeof(configReserved) - 1);
+    }
+}
+
 int patch_image()
 {
+    if (!strlen(configReserved)) {
+        set_config_reserved("Android");
+    }
+    fprintf(stdout, "[+] kptools patch config reserved is %s\n", configReserved);
+
     if (!strlen(out)) {
         strcpy(out, image);
         strcat(out, "_patched");
@@ -312,8 +328,8 @@ int patch_image()
         fprintf(stdout, "[-] kptools open file %s error\n", kpimg);
         return EXIT_FAILURE;
     }
-    fseek(fimage, 0, SEEK_END);
-    long kpimg_len = ftell(fimage);
+    fseek(fkpimg, 0, SEEK_END);
+    long kpimg_len = ftell(fkpimg);
     fseek(fkpimg, 0, SEEK_SET);
     fprintf(stdout, "[+] kptools kernel patch image size: 0x%08lx\n", kpimg_len);
 
@@ -388,11 +404,7 @@ int patch_image()
     }
 
     patch_config_t *config = &preset->patch_config;
-#ifdef ANDROID
-    strncpy(config->config_reserved, "/data/adb/ap/init.ini", sizeof(config->config_reserved) - 1);
-#else
-    strncpy(config->config_reserved, "/etc/kp/init.ini", sizeof(config->config_reserved) - 1);
-#endif
+    strncpy(config->config_reserved, configReserved, sizeof(config->config_reserved) - 1);
 
     // todo:
     // kernel_resize(&kinfo, out_buf, align_kernel_size + align_image_len);
@@ -418,11 +430,16 @@ int main(int argc, char *argv[])
     version = (MAJOR << 16) + (MINOR << 8) + PATCH;
     fprintf(stdout, "[+] kptools version: %x\n", version);
 
-    struct option longopts[] = { { "version", no_argument, NULL, 'v' },     { "help", no_argument, NULL, 'h' },
-                                 { "patch", required_argument, NULL, 'p' }, { "skey", required_argument, NULL, 's' },
-                                 { "out", required_argument, NULL, 'o' },   { "kpimg", required_argument, NULL, 'k' },
-                                 { "dump", required_argument, NULL, 'd' },  { 0, 0, 0, 0 } };
-    char *optstr = "vhp:d:o:";
+    struct option longopts[] = { { "version", no_argument, NULL, 'v' },
+                                 { "help", no_argument, NULL, 'h' },
+                                 { "patch", required_argument, NULL, 'p' },
+                                 { "skey", required_argument, NULL, 's' },
+                                 { "out", required_argument, NULL, 'o' },
+                                 { "kpimg", required_argument, NULL, 'k' },
+                                 { "dump", required_argument, NULL, 'd' },
+                                 { "targetOS", required_argument, NULL, 't' },
+                                 { 0, 0, 0, 0 } };
+    char *optstr = "vhp:d:o:t:";
 
     int cmd = '\0';
     int opt = -1;
@@ -449,6 +466,11 @@ int main(int argc, char *argv[])
         case 's':
             strncpy(superkey, optarg, SUPER_KEY_LEN);
             break;
+        case 't':
+            if (optarg && strlen(optarg) > 0) {
+                set_config_reserved(optarg);
+            }
+            break;
         default:
             break;
         }