oliverchang/stupid.asm

## stupid.asm
; nasm syntax
BITS 64

; patch start at 0x486ff5 (call getpid in atiddxCheckXserverVersion)
%define patch_start (0x486ff5)
%define patch_end (0x4871ff)
%define patch_size (patch_end-patch_start)

%define dlopen_plt_offset (0x463470-patch_start)
%define dlsym_plt_offset (0x47aa50-patch_start)
%define dlclose_plt_offset (0x473420-patch_start)
%define iXfMajor_got_offset (0x13e1a28-patch_start)
%define iXfMinor_got_offset (0x13e0f08-patch_start)
%define iXfPatch_got_offset (0x13dfb70-patch_start)
%define xorg_rodata_offset (0xb8e33a-patch_start)
%define iXName_got_offset (0x13e9ed0-patch_start)
; %define iXfSnap_got_offset (0x13efbf0-patch_start)

push rdi
push rsi
push rdx
push rbx
sub rsp, 0x20

; "xorgGetVersion"
mov rax, 0x5674654767726f78
mov qword [rsp+0],  rax
mov rax, 0x00006e6f69737265
mov qword [rsp+8], rax

; dl = dlopen(NULL, RTLD_LAZY);
xor rdi, rdi
mov rsi, 0x1
call $+dlopen_plt_offset-($-$$)
mov qword [rsp+0x10], rax

; dlsym(dl, "xorgGetVersion");
mov rdi, rax
lea rsi, [rsp+0]
call $+dlsym_plt_offset-($-$$)
call rax
mov qword [rsp+0x18], rax

; dlclose(dl);
mov rdi, qword [rsp+0x10]
call $+dlclose_plt_offset-($-$$)

mov rax, qword [rsp+0x18]
; major version ((vers) / 10000000)
xor edx, edx
mov ebx, 10000000
div ebx
mov rdi, [rel $ +iXfMajor_got_offset-($-$$)]
mov dword [rdi], eax

; minor (((vers) % 10000000) / 100000)
mov eax, edx
xor edx, edx
mov ebx, 100000
div ebx
mov rdi, [rel $ +iXfMinor_got_offset-($-$$)]
mov dword [rdi], eax

; patch (((vers) % 100000) / 1000)
mov eax, edx
xor edx, edx
mov ebx, 1000
div ebx
mov rdi, [rel $ +iXfPatch_got_offset-($-$$)]
mov dword [rdi], eax

; snap ((vers) % 1000)
mov eax, edx

lea r13, [rel $ +xorg_rodata_offset-($-$$)]
mov rdi, [rel $ +iXName_got_offset-($-$$)]
mov qword [rdi], r13

add rsp, 0x20
pop rbx
pop rdx
pop rsi
pop rdi

jmp $+patch_size-($-$$)
	; nasm syntax
	BITS 64

	; patch start at 0x486ff5 (call getpid in atiddxCheckXserverVersion)
	%define patch_start (0x486ff5)
	%define patch_end (0x4871ff)
	%define patch_size (patch_end-patch_start)

	%define dlopen_plt_offset (0x463470-patch_start)
	%define dlsym_plt_offset (0x47aa50-patch_start)
	%define dlclose_plt_offset (0x473420-patch_start)
	%define iXfMajor_got_offset (0x13e1a28-patch_start)
	%define iXfMinor_got_offset (0x13e0f08-patch_start)
	%define iXfPatch_got_offset (0x13dfb70-patch_start)
	%define xorg_rodata_offset (0xb8e33a-patch_start)
	%define iXName_got_offset (0x13e9ed0-patch_start)
	; %define iXfSnap_got_offset (0x13efbf0-patch_start)

	push rdi
	push rsi
	push rdx
	push rbx
	sub rsp, 0x20

	; "xorgGetVersion"
	mov rax, 0x5674654767726f78
	mov qword [rsp+0], rax
	mov rax, 0x00006e6f69737265
	mov qword [rsp+8], rax

	; dl = dlopen(NULL, RTLD_LAZY);
	xor rdi, rdi
	mov rsi, 0x1
	call $+dlopen_plt_offset-($-$$)
	mov qword [rsp+0x10], rax

	; dlsym(dl, "xorgGetVersion");
	mov rdi, rax
	lea rsi, [rsp+0]
	call $+dlsym_plt_offset-($-$$)
	call rax
	mov qword [rsp+0x18], rax

	; dlclose(dl);
	mov rdi, qword [rsp+0x10]
	call $+dlclose_plt_offset-($-$$)

	mov rax, qword [rsp+0x18]
	; major version ((vers) / 10000000)
	xor edx, edx
	mov ebx, 10000000
	div ebx
	mov rdi, [rel $ +iXfMajor_got_offset-($-$$)]
	mov dword [rdi], eax

	; minor (((vers) % 10000000) / 100000)
	mov eax, edx
	xor edx, edx
	mov ebx, 100000
	div ebx
	mov rdi, [rel $ +iXfMinor_got_offset-($-$$)]
	mov dword [rdi], eax

	; patch (((vers) % 100000) / 1000)
	mov eax, edx
	xor edx, edx
	mov ebx, 1000
	div ebx
	mov rdi, [rel $ +iXfPatch_got_offset-($-$$)]
	mov dword [rdi], eax

	; snap ((vers) % 1000)
	mov eax, edx

	lea r13, [rel $ +xorg_rodata_offset-($-$$)]
	mov rdi, [rel $ +iXName_got_offset-($-$$)]
	mov qword [rdi], r13

	add rsp, 0x20
	pop rbx
	pop rdx
	pop rsi
	pop rdi

	jmp $+patch_size-($-$$)