Created
August 6, 2019 10:12
-
-
Save roblabla/7a2aeb0a55d343ffb378ceaec647bac8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Result __fastcall KMemoryBlockManager::CreateUserAddressSpace(KMemoryManager *this, AddressSpaceType addrspaceType, bool enableAslr, bool aslrDisabled, u64 *pageTable, unsigned __int64 addrspaceMinAddr, u64 addrspaceMaxAddr, MemoryRegion memregion, u64 addr, u64 size, KDynamicSlabAllocator *kMemoryBlockAllocator, KDynamicSlabAllocator *allocator2) | |
{ | |
u64 endaddr; // x11 | |
KMemoryManager *this2; // x19 | |
bool v14; // cf | |
bool v15; // zf | |
signed __int64 new_map_region_size; // x17 | |
signed __int64 tls_io_region_size; // x0 | |
unsigned __int64 addr_space_size; // x8 | |
signed __int64 tlsIoAndnewMapRegionEndAddr; // x9 | |
signed __int64 new_map_region_base_addr; // x10 | |
signed __int64 map_region_size; // x1 | |
signed __int64 heap_region_size; // x20 | |
u64 some_kind_of_addr; // x12 | |
signed __int64 addr_space_start_addr; // x11 | |
u64 some_kind_of_endaddr; // x8 | |
signed __int64 v26; // x26 | |
u64 *new_map_region_addr; // x24 | |
u64 *v28; // x23 | |
u64 *tlsIoBaseAddrPtr; // x22 | |
signed __int64 addrspace_base; // x28 | |
u64 v31; // x8 | |
u64 total_region_size; // x9 | |
u64 v33; // x8 | |
u64 v35; // x25 | |
signed __int64 v36; // ST08_8 | |
signed __int64 v37; // ST10_8 | |
u64 *v38; // ST28_8 | |
unsigned __int64 v39; // ST30_8 | |
u64 v40; // ST38_8 | |
bool v41; // ST20_1 | |
MemoryRegion v42; // ST24_4 | |
signed __int64 v43; // ST18_8 | |
u64 map_region_start_offset; // x21 | |
u64 heap_region_start_offset; // x27 | |
signed __int64 v46; // ST00_8 | |
u64 v47; // x20 | |
u64 v48; // x0 | |
u64 new_map_region_start_offset; // x2 | |
u64 tls_io_region_start_offset; // x9 | |
u64 *v51; // x8 | |
u64 *v52; // x12 | |
signed __int64 first_region_size; // x14 | |
u64 *last_region_end_addr; // x15 | |
u64 *v55; // x11 | |
u64 *last_region_base_addr; // x13 | |
signed __int64 v57; // x14 | |
u64 *v58; // x15 | |
u64 *v59; // x13 | |
u64 v60; // x13 | |
signed __int64 v61; // x14 | |
u64 *v62; // x13 | |
u64 *v63; // x15 | |
u64 *v64; // x14 | |
signed __int64 v65; // x13 | |
u64 v66; // x12 | |
u64 *v67; // x13 | |
signed __int64 v68; // x12 | |
bool v69; // cf | |
u64 *v70; // x9 | |
signed __int64 v71; // x11 | |
u64 *v72; // x12 | |
unsigned __int64 v73; // x9 | |
BOOL v74; // w11 | |
signed int v75; // w13 | |
signed int v76; // w12 | |
signed int v77; // w11 | |
u64 v78; // x13 | |
unsigned __int64 v79; // x11 | |
u64 v80; // x12 | |
u64 v81; // x10 | |
u64 v82; // x15 | |
unsigned __int64 v83; // x8 | |
u64 v84; // x16 | |
unsigned __int64 v85; // x14 | |
u64 v86; // x17 | |
unsigned __int64 v87; // x12 | |
unsigned __int64 v88; // x10 | |
unsigned __int64 v89; // x13 | |
unsigned __int64 v90; // x8 | |
endaddr = size + addr; | |
this2 = this; | |
if ( addrspaceMinAddr <= addr ) | |
{ | |
v14 = endaddr >= addr; | |
v15 = endaddr == addr; | |
} | |
else | |
{ | |
v14 = 0; | |
v15 = 0; | |
} | |
if ( v15 || !v14 || endaddr - 1 > addrspaceMaxAddr - 1 ) | |
def_80073680: | |
kernelpanic(); | |
switch ( addrspaceType & 0xE ) | |
{ | |
case ADDRSPACE_REGULAR_32BIT: | |
new_map_region_size = 0LL; | |
tls_io_region_size = 0LL; | |
addr_space_size = 0x3FE00000LL; | |
this2->addrSpaceWidth = 32; | |
tlsIoAndnewMapRegionEndAddr = 0x40000000LL; | |
new_map_region_base_addr = 0x200000LL; | |
map_region_size = 0x40000000LL; | |
heap_region_size = 0x40000000LL; | |
goto LABEL_12; | |
case ADDRSPACE_REGULAR_36BIT: | |
new_map_region_size = 0LL; | |
tls_io_region_size = 0LL; | |
map_region_size = 0x180000000LL; | |
this2->addrSpaceWidth = 36; | |
addr_space_size = 0x78000000LL; | |
tlsIoAndnewMapRegionEndAddr = 0x80000000LL; | |
new_map_region_base_addr = 0x8000000LL; | |
heap_region_size = 0x180000000LL; | |
addr_space_start_addr = 0x8000000LL; | |
some_kind_of_addr = 0x8000000LL; | |
goto LABEL_13; | |
case ADDRSPACE_NOMAP_32BIT: | |
map_region_size = 0LL; | |
new_map_region_size = 0LL; | |
tls_io_region_size = 0LL; | |
this2->addrSpaceWidth = 32; | |
addr_space_size = 0x3FE00000LL; | |
heap_region_size = 0x80000000LL; | |
tlsIoAndnewMapRegionEndAddr = 0x40000000LL; | |
new_map_region_base_addr = 0x200000LL; | |
LABEL_12: | |
addr_space_start_addr = 0x200000LL; | |
some_kind_of_addr = 0x200000LL; | |
goto LABEL_13; | |
case ADDRSPACE_REGULAR_39BIT: | |
this->addrSpaceWidth = 39; | |
some_kind_of_addr = addr & 0xFFFFFFFFFFE00000LL; | |
new_map_region_base_addr = 0LL; | |
tlsIoAndnewMapRegionEndAddr = 0LL; | |
heap_region_size = 0x180000000LL; | |
addr_space_size = ((endaddr + 0x1FFFFF) & 0xFFFFFFFFFFE00000LL) - (addr & 0xFFFFFFFFFFE00000LL); | |
map_region_size = 0x1000000000LL; | |
addr_space_start_addr = 0x8000000LL; | |
new_map_region_size = 0x80000000LL; | |
tls_io_region_size = 0x1000000000LL; | |
LABEL_13: | |
some_kind_of_endaddr = some_kind_of_addr + addr_space_size; | |
this2->tlsIoEndAddr = tlsIoAndnewMapRegionEndAddr; | |
v26 = (signed __int64)&this2->tlsIoEndAddr; | |
*(_QWORD *)(v26 - 24) = new_map_region_base_addr;// this2->newMapRegionEndAddr = v20 | |
new_map_region_addr = &this2->newMapRegionBaseAddr; | |
this2->newMapRegionEndAddr = tlsIoAndnewMapRegionEndAddr; | |
v28 = &this2->newMapRegionEndAddr; | |
this2->tlsIoBaseAddr = new_map_region_base_addr; | |
tlsIoBaseAddrPtr = &this2->tlsIoBaseAddr; | |
*(_BYTE *)(v26 + 89) = enableAslr; | |
*(_QWORD *)(v26 + 96) = kMemoryBlockAllocator; | |
*(_QWORD *)(v26 + 104) = allocator2; | |
if ( some_kind_of_addr - addr_space_start_addr >= addrspaceMaxAddr - some_kind_of_endaddr ) | |
addrspace_base = addr_space_start_addr; | |
else | |
addrspace_base = some_kind_of_endaddr; | |
if ( some_kind_of_addr - addr_space_start_addr >= addrspaceMaxAddr - some_kind_of_endaddr ) | |
v31 = some_kind_of_addr - addr_space_start_addr; | |
else | |
v31 = addrspaceMaxAddr - some_kind_of_endaddr; | |
total_region_size = heap_region_size + map_region_size + new_map_region_size + tls_io_region_size; | |
v14 = v31 >= total_region_size; | |
v33 = v31 - total_region_size; | |
this2->addrSpaceMinAddr = addrspaceMinAddr; | |
this2->addrSpaceMaxAddr = addrspaceMaxAddr; | |
this2->isKernel = 0; | |
if ( !v14 ) | |
return 53249; | |
if ( enableAslr ) | |
{ | |
v35 = v33 >> 21; | |
v36 = map_region_size; | |
v37 = tls_io_region_size; | |
v38 = pageTable; | |
v39 = addrspaceMinAddr; | |
v40 = addrspaceMaxAddr; | |
v41 = aslrDisabled; | |
v42 = memregion; | |
v43 = new_map_region_size; | |
map_region_start_offset = randrange(0LL, v33 >> 21) << 21; | |
heap_region_start_offset = randrange(0LL, v35) << 21; | |
v46 = heap_region_size; | |
v47 = randrange(0LL, v35) << 21; | |
v48 = randrange(0LL, v35); | |
new_map_region_start_offset = v47; | |
heap_region_size = v46; | |
map_region_size = v36; | |
aslrDisabled = v41; | |
memregion = v42; | |
addrspaceMaxAddr = v40; | |
pageTable = v38; | |
addrspaceMinAddr = v39; | |
tls_io_region_start_offset = v48 << 21; | |
tls_io_region_size = v37; | |
new_map_region_size = v43; | |
} | |
else | |
{ | |
map_region_start_offset = 0LL; | |
heap_region_start_offset = 0LL; | |
new_map_region_start_offset = 0LL; | |
tls_io_region_start_offset = 0LL; | |
} | |
this2->heapRegionEndAddr = heap_region_start_offset + addrspace_base + heap_region_size; | |
v51 = &this2->heapRegionEndAddr; | |
this2->mapRegionBaseAddr = map_region_start_offset + addrspace_base; | |
v52 = &this2->mapRegionBaseAddr; | |
if ( map_region_start_offset <= heap_region_start_offset ) | |
first_region_size = map_region_size; | |
else | |
first_region_size = heap_region_size; | |
this2->mapRegionEndAddr = map_region_start_offset + addrspace_base + map_region_size; | |
if ( map_region_start_offset <= heap_region_start_offset ) | |
last_region_end_addr = &this2->heapRegionEndAddr; | |
else | |
last_region_end_addr = &this2->mapRegionEndAddr; | |
this2->heapRegionBaseAddr = heap_region_start_offset + addrspace_base; | |
v55 = &this2->heapRegionBaseAddr; | |
if ( map_region_start_offset <= heap_region_start_offset ) | |
last_region_base_addr = &this2->heapRegionBaseAddr; | |
else | |
last_region_base_addr = &this2->mapRegionBaseAddr; | |
*last_region_base_addr += first_region_size; | |
*last_region_end_addr += first_region_size; | |
if ( new_map_region_size ) | |
{ | |
*new_map_region_addr = new_map_region_start_offset + addrspace_base; | |
if ( map_region_start_offset >= new_map_region_start_offset ) | |
v57 = new_map_region_size; | |
else | |
v57 = map_region_size; | |
if ( map_region_start_offset >= new_map_region_start_offset ) | |
v58 = &this2->mapRegionEndAddr; | |
else | |
v58 = &this2->newMapRegionEndAddr; | |
*v28 = new_map_region_start_offset + addrspace_base + new_map_region_size; | |
if ( map_region_start_offset >= new_map_region_start_offset ) | |
v59 = &this2->mapRegionBaseAddr; | |
else | |
v59 = &this2->newMapRegionBaseAddr; | |
*v59 += v57; | |
v60 = *v58 + v57; | |
if ( heap_region_start_offset >= new_map_region_start_offset ) | |
v61 = new_map_region_size; | |
else | |
v61 = heap_region_size; | |
*v58 = v60; | |
if ( heap_region_start_offset >= new_map_region_start_offset ) | |
v62 = &this2->heapRegionBaseAddr; | |
else | |
v62 = &this2->newMapRegionBaseAddr; | |
if ( heap_region_start_offset >= new_map_region_start_offset ) | |
v63 = &this2->heapRegionEndAddr; | |
else | |
v63 = &this2->newMapRegionEndAddr; | |
*v62 += v61; | |
*v63 += v61; | |
} | |
if ( tls_io_region_size ) | |
{ | |
*tlsIoBaseAddrPtr = tls_io_region_start_offset + addrspace_base; | |
if ( map_region_start_offset < tls_io_region_start_offset ) | |
v52 = &this2->tlsIoBaseAddr; | |
if ( map_region_start_offset >= tls_io_region_start_offset ) | |
v64 = &this2->mapRegionEndAddr; | |
else | |
v64 = &this2->tlsIoEndAddr; | |
*(_QWORD *)v26 = tls_io_region_start_offset + addrspace_base + tls_io_region_size; | |
if ( map_region_start_offset >= tls_io_region_start_offset ) | |
v65 = tls_io_region_size; | |
else | |
v65 = map_region_size; | |
if ( heap_region_start_offset < tls_io_region_start_offset ) | |
v55 = &this2->tlsIoBaseAddr; | |
*v52 += v65; | |
v66 = *v64 + v65; | |
if ( heap_region_start_offset >= tls_io_region_start_offset ) | |
v67 = &this2->heapRegionEndAddr; | |
else | |
v67 = &this2->tlsIoEndAddr; | |
*v64 = v66; | |
if ( heap_region_start_offset >= tls_io_region_start_offset ) | |
v68 = tls_io_region_size; | |
else | |
v68 = heap_region_size; | |
*v55 += v68; | |
*v67 += v68; | |
if ( new_map_region_size ) | |
{ | |
v69 = new_map_region_start_offset >= tls_io_region_start_offset; | |
if ( new_map_region_start_offset >= tls_io_region_start_offset ) | |
v70 = &this2->newMapRegionBaseAddr; | |
else | |
v70 = &this2->tlsIoBaseAddr; | |
if ( v69 ) | |
v71 = tls_io_region_size; | |
else | |
v71 = new_map_region_size; | |
if ( v69 ) | |
v72 = &this2->newMapRegionEndAddr; | |
else | |
v72 = &this2->tlsIoEndAddr; | |
*v70 += v71; | |
*v72 += v71; | |
} | |
} | |
v73 = this2->heapRegionBaseAddr; | |
this2->heapCapacity = 0LL; | |
this2->personalMmHeapUsage = 0LL; | |
this2->currentHeapAddr = v73; | |
v74 = kernelmemconfig_bit0_set_fill_pattern; | |
this2->memRegionAndAslr = aslrDisabled | 16 * memregion; | |
if ( v74 ) | |
v75 = 90; | |
else | |
v75 = 0; | |
if ( v74 ) | |
v76 = 89; | |
else | |
v76 = 0; | |
if ( v74 ) | |
v77 = 88; | |
else | |
v77 = 0; | |
this2->heapFillPatternZ = v75; | |
this2->fillPatternY = v76; | |
this2->fillPatternX = v77; | |
v78 = this2->addrSpaceMinAddr; | |
v79 = this2->mapRegionBaseAddr; | |
if ( v78 > v79 ) | |
goto def_80073680; | |
v80 = this2->addrSpaceMaxAddr; | |
if ( v79 > v80 ) | |
goto def_80073680; | |
v81 = this2->mapRegionEndAddr; | |
if ( v78 > v81 ) | |
goto def_80073680; | |
if ( v81 > v80 ) | |
goto def_80073680; | |
if ( v78 > v73 ) | |
goto def_80073680; | |
if ( v73 > v80 ) | |
goto def_80073680; | |
v82 = *v51; | |
if ( v78 > *v51 ) | |
goto def_80073680; | |
if ( v82 > v80 ) | |
goto def_80073680; | |
v83 = *new_map_region_addr; | |
if ( v78 > *new_map_region_addr ) | |
goto def_80073680; | |
if ( v83 > v80 ) | |
goto def_80073680; | |
v84 = *v28; | |
if ( v78 > *v28 ) | |
goto def_80073680; | |
if ( v84 > v80 ) | |
goto def_80073680; | |
v85 = *tlsIoBaseAddrPtr; | |
if ( v78 > *tlsIoBaseAddrPtr ) | |
goto def_80073680; | |
if ( v85 > v80 ) | |
goto def_80073680; | |
v86 = *(_QWORD *)v26; | |
if ( v78 > *(_QWORD *)v26 ) | |
goto def_80073680; | |
if ( v86 > v80 ) | |
goto def_80073680; | |
v87 = v81 - 1; | |
v88 = v82 - 1; | |
if ( v87 >= v73 && v88 >= v79 ) | |
goto def_80073680; | |
v89 = v84 - 1; | |
if ( v87 >= v83 && v89 >= v79 ) | |
goto def_80073680; | |
if ( v88 >= v83 && v89 >= v73 ) | |
goto def_80073680; | |
v90 = v86 - 1; | |
if ( v87 >= v85 && v90 >= v79 ) | |
goto def_80073680; | |
if ( v88 >= v85 && v90 >= v73 ) | |
goto def_80073680; | |
KPageTable::KPageTable(&this2->pageTable, pageTable, addrspaceMinAddr, addrspaceMaxAddr); | |
return KMemoryBlockManager::KMemoryBlockManager( | |
&this2->memoryBlockManager, | |
this2->addrSpaceMinAddr, | |
this2->addrSpaceMaxAddr, | |
this2->kMemoryBlockAllocator); | |
default: | |
goto def_80073680; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment