Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ; nasm syntax
- BITS 64
- ; patch start at 0x486ff5 (call getpid in atiddxCheckXserverVersion)
- %define patch_start (0x486ff5)
- %define patch_end (0x4871ff)
- %define patch_size (patch_end-patch_start)
- %define dlopen_plt_offset (0x463470-patch_start)
- %define dlsym_plt_offset (0x47aa50-patch_start)
- %define dlclose_plt_offset (0x473420-patch_start)
- %define iXfMajor_got_offset (0x13e1a28-patch_start)
- %define iXfMinor_got_offset (0x13e0f08-patch_start)
- %define iXfPatch_got_offset (0x13dfb70-patch_start)
- %define xorg_rodata_offset (0xb8e33a-patch_start)
- %define iXName_got_offset (0x13e9ed0-patch_start)
- ; %define iXfSnap_got_offset (0x13efbf0-patch_start)
- push rdi
- push rsi
- push rdx
- push rbx
- sub rsp, 0x20
- ; "xorgGetVersion"
- mov rax, 0x5674654767726f78
- mov qword [rsp+0], rax
- mov rax, 0x00006e6f69737265
- mov qword [rsp+8], rax
- ; dl = dlopen(NULL, RTLD_LAZY);
- xor rdi, rdi
- mov rsi, 0x1
- call $+dlopen_plt_offset-($-$$)
- mov qword [rsp+0x10], rax
- ; dlsym(dl, "xorgGetVersion");
- mov rdi, rax
- lea rsi, [rsp+0]
- call $+dlsym_plt_offset-($-$$)
- call rax
- mov qword [rsp+0x18], rax
- ; dlclose(dl);
- mov rdi, qword [rsp+0x10]
- call $+dlclose_plt_offset-($-$$)
- mov rax, qword [rsp+0x18]
- ; major version ((vers) / 10000000)
- xor edx, edx
- mov ebx, 10000000
- div ebx
- mov rdi, [rel $ +iXfMajor_got_offset-($-$$)]
- mov dword [rdi], eax
- ; minor (((vers) % 10000000) / 100000)
- mov eax, edx
- xor edx, edx
- mov ebx, 100000
- div ebx
- mov rdi, [rel $ +iXfMinor_got_offset-($-$$)]
- mov dword [rdi], eax
- ; patch (((vers) % 100000) / 1000)
- mov eax, edx
- xor edx, edx
- mov ebx, 1000
- div ebx
- mov rdi, [rel $ +iXfPatch_got_offset-($-$$)]
- mov dword [rdi], eax
- ; snap ((vers) % 1000)
- mov eax, edx
- lea r13, [rel $ +xorg_rodata_offset-($-$$)]
- mov rdi, [rel $ +iXName_got_offset-($-$$)]
- mov qword [rdi], r13
- add rsp, 0x20
- pop rbx
- pop rdx
- pop rsi
- pop rdi
- jmp $+patch_size-($-$$)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement