<div dir="ltr"><div dir="ltr">Interesting suggestion. Many thanks!<div><br></div><div>Do you surely mean</div><div><br></div><div>(*(unsigned long **)funcPtr)[1] = 0xdeadbeefUL;</div><div><br></div><div>?</div></div></div><br><div class="gmail_quote"><div dir="ltr">Am Fr., 28. Dez. 2018 um 05:03 Uhr schrieb Elliot Nunn <<a href="mailto:elliotnunn@fastmail.com">elliotnunn@fastmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">I have to re-learn the AIX-style ABI every time I touch it, so bear with<br>
me.<br>
<br>
Apple's docs reveal the implementation detail that every C function<br>
pointer is actually a pointer to a TVector.<br>
<br>
(For those following along, a Transition Vector is an 8-byte structure<br>
consisting of a true code pointer and a pointer to the "Table of<br>
Contents" for that code. The TOC is analogous to an old-style 68k A5<br>
world, except that a called function can assume that r2 already points<br>
to the TOC on entry. Therefore functions that call outside their own<br>
code fragment must do so through glue code that sets r2 to the callee's<br>
TOC, and each such bl instruction must be followed by an instruction to<br>
restore r2 to sanity.)<br>
<br>
So I'd just cast the function ptr to a TVector pointer and modify it<br>
that way:<br>
<br>
(*(unsigned long **)funcPtr)[0] = 0xdeadbeefUL;<br>
<br>
> On 28 Dec 2018, at 11:15 am, Max Poliakovski <<a href="mailto:maximumspatium@googlemail.com" target="_blank">maximumspatium@googlemail.com</a>> wrote:<br>
> <br>
> Fellow hackers,<br>
> <br>
> I'm currently trying to get MPW 3.5 (from EMPW) to generate code closely resembling the original Trampoline.<br>
> <br>
> While doing so, I immediately stumbled across two issues I cannot resolve. I must admit that my MPW skills are limited. I therefore hope to get some help from you.<br>
> <br>
> 1) Trampoline's startup code initializes the RTOC as follows:<br>
> <br>
> mflr r11<br>
> bl setup_rtoc<br>
> DC.L 0x1001E8<br>
> setup_rtoc:<br>
> mflr RTOC<br>
> lwz RTOC, 0(RTOC)<br>
> <br>
> The word in the 3rd line contains the base address of TOC. The value shown above is from Apple's binary. I replaced it with DC.L TOC[TC0] to make PPCAsm/PPCLink to stuff the correct value there. That unfortunately doesn't work. PPCAsm says:<br>
> <br>
> ### Warning 3171 ### Treating 'TOC[TC0]' as a csect relative offset. Make sure to add it to its csect's TOC entry.<br>
> <br>
> I don't understand this message. What do I need to put there in order to get the base address of TOC placed there?<br>
> <br>
> 2) Trampoline's main() initializes the pointer to OF client interface right at the beginning. The code of interest looks like that:<br>
> <br>
> lwz r9, CIPtr_TC(RTOC)<br>
> lisori r3, 0xdeadbeef<br>
> stw r5, 0(r9)<br>
> stw r3, 4(r9)<br>
> <br>
> The pointer to the OF client dispatcher is in R5 (3rd argument of main). The TOC pointer is initialized to 0xDEADBEEF. That's exactly what I cannot reproduce. I defined a correct function pointer like that:<br>
> <br>
> typedef long (*OfCiPtr)(CIArgs *args);<br>
> static OfCIPtr gCIPtr;<br>
> <br>
> void main(int argc, int arg[], OfCiPtr ciPtr)<br>
> {<br>
> gCIPtr = ciPtr;<br>
> }<br>
> <br>
> When I initialize that global pointer gCIPtr with value from ciPtr (3rd argument), only the function address is written while the TOC value remains untouched. The compiled code looks like that:<br>
> <br>
> lwz r9, CIPtr_TC(RTOC)<br>
> stw r5, 0(r9)<br>
> <br>
> I wonder how Apple guys managed to put 0xDEADBEEF into TVector's TOC? Do you have any clue?<br>
> _______________________________________________<br>
> cdg5 mailing list<br>
> <a href="mailto:cdg5@ucc.asn.au" target="_blank">cdg5@ucc.asn.au</a><br>
> <a href="https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5" rel="noreferrer" target="_blank">https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5</a><br>
<br>
_______________________________________________<br>
cdg5 mailing list<br>
<a href="mailto:cdg5@ucc.asn.au" target="_blank">cdg5@ucc.asn.au</a><br>
<a href="https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5" rel="noreferrer" target="_blank">https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5</a><br>
</blockquote></div>