| 1 | /* Force .got aligned to 4K, so it very likely gets at 0x804a100
|
|---|
| 2 | (0x60 bytes .tdata and 0xa0 bytes .dynamic) */
|
|---|
| 3 | .data
|
|---|
| 4 | .balign 4096
|
|---|
| 5 | .section ".tdata", "awT", @progbits
|
|---|
| 6 | .globl sg1, sg2, sg3, sg4, sg5, sg6, sg7, sg8
|
|---|
| 7 | .globl sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8
|
|---|
| 8 | .hidden sh1, sh2, sh3, sh4, sh5, sh6, sh7, sh8
|
|---|
| 9 | sg1: .long 17
|
|---|
| 10 | sg2: .long 18
|
|---|
| 11 | sg3: .long 19
|
|---|
| 12 | sg4: .long 20
|
|---|
| 13 | sg5: .long 21
|
|---|
| 14 | sg6: .long 22
|
|---|
| 15 | sg7: .long 23
|
|---|
| 16 | sg8: .long 24
|
|---|
| 17 | sl1: .long 65
|
|---|
| 18 | sl2: .long 66
|
|---|
| 19 | sl3: .long 67
|
|---|
| 20 | sl4: .long 68
|
|---|
| 21 | sl5: .long 69
|
|---|
| 22 | sl6: .long 70
|
|---|
| 23 | sl7: .long 71
|
|---|
| 24 | sl8: .long 72
|
|---|
| 25 | sh1: .long 257
|
|---|
| 26 | sh2: .long 258
|
|---|
| 27 | sh3: .long 259
|
|---|
| 28 | sh4: .long 260
|
|---|
| 29 | sh5: .long 261
|
|---|
| 30 | sh6: .long 262
|
|---|
| 31 | sh7: .long 263
|
|---|
| 32 | sh8: .long 264
|
|---|
| 33 | /* Force .text aligned to 4K, so it very likely gets at 0x8049000. */
|
|---|
| 34 | .text
|
|---|
| 35 | .balign 4096
|
|---|
| 36 | .globl fn2
|
|---|
| 37 | .type fn2,@function
|
|---|
| 38 | fn2:
|
|---|
| 39 | pushl %ebp
|
|---|
| 40 | movl %esp, %ebp
|
|---|
| 41 | pushl %ebx
|
|---|
| 42 | pushl %eax
|
|---|
| 43 | call 1f
|
|---|
| 44 | 1: popl %ebx
|
|---|
| 45 | addl $_GLOBAL_OFFSET_TABLE_+[.-1b], %ebx
|
|---|
| 46 | nop;nop;nop;nop
|
|---|
| 47 |
|
|---|
| 48 | /* GD -> IE because variable is not defined in executable */
|
|---|
| 49 | leal sG1@tlsgd(,%ebx,1), %eax
|
|---|
| 50 | call ___tls_get_addr@plt
|
|---|
| 51 | nop;nop;nop;nop
|
|---|
| 52 |
|
|---|
| 53 | /* GD -> IE because variable is not defined in executable where
|
|---|
| 54 | the variable is referenced through @gottpoff too */
|
|---|
| 55 | leal sG2@tlsgd(,%ebx,1), %eax
|
|---|
| 56 | call ___tls_get_addr@plt
|
|---|
| 57 | nop;nop;nop;nop
|
|---|
| 58 |
|
|---|
| 59 | /* GD -> IE because variable is not defined in executable where
|
|---|
| 60 | the variable is referenced through @gotntpoff too */
|
|---|
| 61 | leal sG3@tlsgd(,%ebx,1), %eax
|
|---|
| 62 | call ___tls_get_addr@plt
|
|---|
| 63 | nop;nop;nop;nop
|
|---|
| 64 |
|
|---|
| 65 | /* GD -> IE because variable is not defined in executable where
|
|---|
| 66 | the variable is referenced through @gottpoff and @gotntpoff too */
|
|---|
| 67 | leal sG4@tlsgd(,%ebx,1), %eax
|
|---|
| 68 | call ___tls_get_addr@plt
|
|---|
| 69 | nop;nop;nop;nop
|
|---|
| 70 |
|
|---|
| 71 | /* GD -> LE with global variable defined in executable */
|
|---|
| 72 | leal sg1@tlsgd(,%ebx,1), %eax
|
|---|
| 73 | call ___tls_get_addr@plt
|
|---|
| 74 | nop;nop;nop;nop
|
|---|
| 75 |
|
|---|
| 76 | /* GD -> LE with local variable defined in executable */
|
|---|
| 77 | leal sl1@tlsgd(,%ebx,1), %eax
|
|---|
| 78 | call ___tls_get_addr@plt
|
|---|
| 79 | nop;nop;nop;nop
|
|---|
| 80 |
|
|---|
| 81 | /* GD -> LE with hidden variable defined in executable */
|
|---|
| 82 | leal sh1@tlsgd(,%ebx,1), %eax
|
|---|
| 83 | call ___tls_get_addr@plt
|
|---|
| 84 | nop;nop;nop;nop
|
|---|
| 85 |
|
|---|
| 86 | /* LD -> LE */
|
|---|
| 87 | leal sl1@tlsldm(%ebx), %eax
|
|---|
| 88 | call ___tls_get_addr@PLT
|
|---|
| 89 | nop;nop
|
|---|
| 90 | leal sl1@dtpoff(%eax), %edx
|
|---|
| 91 | nop;nop
|
|---|
| 92 | leal sl2@dtpoff(%eax), %ecx
|
|---|
| 93 | nop;nop;nop;nop
|
|---|
| 94 |
|
|---|
| 95 | /* LD -> LE against hidden variables */
|
|---|
| 96 | leal sh1@tlsldm(%ebx), %eax
|
|---|
| 97 | call ___tls_get_addr@PLT
|
|---|
| 98 | nop;nop
|
|---|
| 99 | leal sh1@dtpoff(%eax), %edx
|
|---|
| 100 | nop;nop
|
|---|
| 101 | leal sh2@dtpoff(%eax), %ecx
|
|---|
| 102 | nop;nop;nop;nop
|
|---|
| 103 |
|
|---|
| 104 | /* @gottpoff IE against global var */
|
|---|
| 105 | movl %gs:0, %ecx
|
|---|
| 106 | nop;nop
|
|---|
| 107 | subl sG2@gottpoff(%ebx), %ecx
|
|---|
| 108 | nop;nop;nop;nop
|
|---|
| 109 |
|
|---|
| 110 | /* @gottpoff IE against global var */
|
|---|
| 111 | movl %gs:0, %eax
|
|---|
| 112 | nop;nop
|
|---|
| 113 | subl sG4@gottpoff(%ebx), %eax
|
|---|
| 114 | nop;nop;nop;nop
|
|---|
| 115 |
|
|---|
| 116 | /* @gotntpoff IE against global var */
|
|---|
| 117 | movl %gs:0, %ecx
|
|---|
| 118 | nop;nop
|
|---|
| 119 | addl sG3@gotntpoff(%ebx), %ecx
|
|---|
| 120 | nop;nop;nop;nop
|
|---|
| 121 |
|
|---|
| 122 | /* @gotntpoff IE against global var */
|
|---|
| 123 | movl %gs:0, %eax
|
|---|
| 124 | nop;nop
|
|---|
| 125 | addl sG4@gotntpoff(%ebx), %eax
|
|---|
| 126 | nop;nop;nop;nop
|
|---|
| 127 |
|
|---|
| 128 | /* @gottpoff IE -> LE against global var defined in exec */
|
|---|
| 129 | movl %gs:0, %ecx
|
|---|
| 130 | nop;nop
|
|---|
| 131 | subl sg1@gottpoff(%ebx), %ecx
|
|---|
| 132 | nop;nop;nop;nop
|
|---|
| 133 |
|
|---|
| 134 | /* @gotntpoff IE -> LE against local var */
|
|---|
| 135 | movl %gs:0, %ecx
|
|---|
| 136 | nop;nop
|
|---|
| 137 | addl sl1@gotntpoff(%ebx), %eax
|
|---|
| 138 | nop;nop;nop;nop
|
|---|
| 139 |
|
|---|
| 140 | /* @gottpoff IE -> LE against hidden var */
|
|---|
| 141 | movl %gs:0, %ecx
|
|---|
| 142 | nop;nop
|
|---|
| 143 | subl sh1@gottpoff(%ebx), %ecx
|
|---|
| 144 | nop;nop;nop;nop
|
|---|
| 145 |
|
|---|
| 146 | /* Direct access through %gs */
|
|---|
| 147 |
|
|---|
| 148 | /* @gotntpoff IE against global var */
|
|---|
| 149 | movl sG5@gotntpoff(%ebx), %ecx
|
|---|
| 150 | nop;nop
|
|---|
| 151 | movl %gs:(%ecx), %edx
|
|---|
| 152 | nop;nop;nop;nop
|
|---|
| 153 |
|
|---|
| 154 | /* @gotntpoff IE->LE against local var */
|
|---|
| 155 | movl sl5@gotntpoff(%ebx), %eax
|
|---|
| 156 | nop;nop
|
|---|
| 157 | movl %gs:(%eax), %edx
|
|---|
| 158 | nop;nop;nop;nop
|
|---|
| 159 |
|
|---|
| 160 | /* @gotntpoff IE->LE against hidden var */
|
|---|
| 161 | movl sh5@gotntpoff(%ebx), %edx
|
|---|
| 162 | nop;nop
|
|---|
| 163 | movl %gs:(%edx), %edx
|
|---|
| 164 | nop;nop;nop;nop
|
|---|
| 165 |
|
|---|
| 166 | movl -4(%ebp), %ebx
|
|---|
| 167 | leave
|
|---|
| 168 | ret
|
|---|
