interceptor: Branch to trampoline using computed scratch register

Instead of unconditionally using X16. In this way we may avoid clobbering a register that is used as input to the hooked target. Co-authored-by: Håvard Sørbø <[email protected]>
frida · Sep 19, 2023 · b2a8171 · b2a8171
1 parent 3efb405
commit b2a8171
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/gum/backend-arm64/guminterceptor-arm64.c b/gum/backend-arm64/guminterceptor-arm64.c
@@ -950,12 +950,12 @@ _gum_interceptor_backend_activate_trampoline (GumInterceptorBackend * self,
         gum_arm64_writer_put_b_imm (aw, on_enter);
         break;
       case 8:
-        gum_arm64_writer_put_adrp_reg_address (aw, ARM64_REG_X16, on_enter);
-        gum_arm64_writer_put_br_reg_no_auth (aw, ARM64_REG_X16);
+        gum_arm64_writer_put_adrp_reg_address (aw, data->scratch_reg, on_enter);
+        gum_arm64_writer_put_br_reg_no_auth (aw, data->scratch_reg);
         break;
       case 16:
-        gum_arm64_writer_put_ldr_reg_address (aw, ARM64_REG_X16, on_enter);
-        gum_arm64_writer_put_br_reg (aw, ARM64_REG_X16);
+        gum_arm64_writer_put_ldr_reg_address (aw, data->scratch_reg, on_enter);
+        gum_arm64_writer_put_br_reg (aw, data->scratch_reg);
         break;
       default:
         g_assert_not_reached ();