[CDG5] MPW code mysteries

Fri Dec 28 12:07:44 AWST 2018

Interesting suggestion. Many thanks!

Do you surely mean

(*(unsigned long **)funcPtr)[1] = 0xdeadbeefUL;

?

Am Fr., 28. Dez. 2018 um 05:03 Uhr schrieb Elliot Nunn <
elliotnunn at fastmail.com>:

> I have to re-learn the AIX-style ABI every time I touch it, so bear with
> me.
>
> Apple's docs reveal the implementation detail that every C function
> pointer is actually a pointer to a TVector.
>
> (For those following along, a Transition Vector is an 8-byte structure
> consisting of a true code pointer and a pointer to the "Table of
> Contents" for that code. The TOC is analogous to an old-style 68k A5
> world, except that a called function can assume that r2 already points
> to the TOC on entry. Therefore functions that call outside their own
> code fragment must do so through glue code that sets r2 to the callee's
> TOC, and each such bl instruction must be followed by an instruction to
> restore r2 to sanity.)
>
> So I'd just cast the function ptr to a TVector pointer and modify it
> that way:
>
> (*(unsigned long **)funcPtr)[0] = 0xdeadbeefUL;
>
> > On 28 Dec 2018, at 11:15 am, Max Poliakovski <
> maximumspatium at googlemail.com> wrote:
> >
> > Fellow hackers,
> >
> > I'm currently trying to get MPW 3.5 (from EMPW) to generate code closely
> resembling the original Trampoline.
> >
> > While doing so, I immediately stumbled across two issues I cannot
> resolve. I must admit that my MPW skills are limited. I therefore hope to
> get some help from you.
> >
> > 1) Trampoline's startup code initializes the RTOC as follows:
> >
> >     mflr r11
> >     bl setup_rtoc
> >     DC.L 0x1001E8
> > setup_rtoc:
> >     mflr RTOC
> >     lwz RTOC, 0(RTOC)
> >
> > The word in the 3rd line contains the base address of TOC. The value
> shown above is from Apple's binary. I replaced it with DC.L TOC[TC0] to
> make PPCAsm/PPCLink to stuff the correct value there. That unfortunately
> doesn't work. PPCAsm says:
> >
> > ### Warning 3171 ### Treating 'TOC[TC0]' as a csect relative offset.
> Make sure to add it to its csect's TOC entry.
> >
> > I don't understand this message. What do I need to put there in order to
> get the base address of TOC placed there?
> >
> > 2) Trampoline's main() initializes the pointer to OF client interface
> right at the beginning. The code of interest looks like that:
> >
> > lwz r9, CIPtr_TC(RTOC)
> > lisori r3, 0xdeadbeef
> > stw r5, 0(r9)
> > stw r3, 4(r9)
> >
> > The pointer to the OF client dispatcher is in R5 (3rd argument of main).
> The TOC pointer is initialized to 0xDEADBEEF. That's exactly what I cannot
> reproduce. I defined a correct function pointer like that:
> >
> > typedef long (*OfCiPtr)(CIArgs *args);
> > static OfCIPtr gCIPtr;
> >
> > void main(int argc, int arg[], OfCiPtr ciPtr)
> > {
> >     gCIPtr = ciPtr;
> > }
> >
> > When I initialize that global pointer gCIPtr with value from ciPtr (3rd
> argument), only the function address is written while the TOC value remains
> untouched. The compiled code looks like that:
> >
> > lwz r9, CIPtr_TC(RTOC)
> > stw r5, 0(r9)
> >
> > I wonder how Apple guys managed to put 0xDEADBEEF into TVector's TOC? Do
> you have any clue?
> > _______________________________________________
> > cdg5 mailing list
> > cdg5 at ucc.asn.au
> > https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
>
> _______________________________________________
> cdg5 mailing list
> cdg5 at ucc.asn.au
> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/cdg5/attachments/20181228/b686c7cb/attachment.htm 