1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
##########################################################
## ntapi: Native API core library ##
## Copyright (C) 2013--2017 Z. Gilboa ##
## Released under GPLv2 and GPLv3; see COPYING.NTAPI. ##
##########################################################
.section .text
.global __tt_fork_v1
.global __tt_fork_child_entry_point
.global __tt_fork_child_entry_point_adj
__tt_fork_v1:
__tt_fork_save_regs:
push %rbp
push %rcx
push %rdx
push %rbx
push %rsi
push %rdi
push %r8
push %r9
push %r10
push %r11
push %r12
push %r13
push %r14
push %r15
sub 0x40,%rsp
mov %rsp, %rdx
and $0xf, %rdx
test %rdx, %rdx
jne __tt_fork_impl_adj_call
__tt_fork_impl_call:
mov %rsp, %rcx
call __tt_fork_impl_v1
add 0x40,%rsp
pop %r15
pop %r14
pop %r13
pop %r12
pop %r11
pop %r10
pop %r9
pop %r8
pop %rdi
pop %rsi
pop %rbx
pop %rdx
pop %rcx
pop %rbp
ret
__tt_fork_impl_adj_call:
push %rdi
mov %rsp, %rcx
call __tt_fork_impl_v1
pop %rdi
add 0x40,%rsp
pop %r15
pop %r14
pop %r13
pop %r12
pop %r11
pop %r10
pop %r9
pop %r8
pop %rdi
pop %rsi
pop %rbx
pop %rdx
pop %rcx
pop %rbp
ret
__tt_fork_child_entry_point:
xor %rax, %rax
mov %rcx, %rsp
add 0x40,%rsp
pop %r15
pop %r14
pop %r13
pop %r12
pop %r11
pop %r10
pop %r9
pop %r8
pop %rdi
pop %rsi
pop %rbx
pop %rdx
pop %rcx
pop %rbp
ret
__tt_fork_child_entry_point_adj:
xor %rax, %rax
mov %rcx, %rsp
pop %rdi
add 0x40,%rsp
pop %r15
pop %r14
pop %r13
pop %r12
pop %r11
pop %r10
pop %r9
pop %r8
pop %rdi
pop %rsi
pop %rbx
pop %rdx
pop %rcx
pop %rbp
ret
|
