From owner-freebsd-hackers@freebsd.org Mon Feb 13 21:16:40 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33FB7CDD499 for ; Mon, 13 Feb 2017 21:16:40 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from springbank.echomania.com (springbank.echomania.com [149.210.134.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "springbank.echomania.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EB9B71FCA for ; Mon, 13 Feb 2017 21:16:39 +0000 (UTC) (envelope-from dim@FreeBSD.org) X-Virus-Scanned: Debian amavisd-new at springbank.echomania.com Received: from [IPv6:2001:7b8:3a7::edc2:5bd4:2353:56e3] (unknown [IPv6:2001:7b8:3a7:0:edc2:5bd4:2353:56e3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by springbank.echomania.com (Postfix) with ESMTPSA id B3F7858022B; Mon, 13 Feb 2017 22:16:36 +0100 (CET) From: Dimitry Andric Message-Id: <919F6E39-476C-44B5-93EA-447D855921DE@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_D83FAEC8-6DBF-4670-B99F-2DA42FE58B78"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Subject: Re: GELI BIOS weirdness Date: Mon, 13 Feb 2017 22:16:29 +0100 In-Reply-To: Cc: freebsd-hackers@freebsd.org To: Eric McCorkle References: <6874308d-8892-2f03-d125-418949fd472c@metricspace.net> X-Mailer: Apple Mail (2.3259) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 21:16:40 -0000 --Apple-Mail=_D83FAEC8-6DBF-4670-B99F-2DA42FE58B78 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 13 Feb 2017, at 21:58, Eric McCorkle wrote: > > On 02/13/2017 15:36, Dimitry Andric wrote: > >> This disassembles to: >> >> 0: 66 0f 38 f6 f0 adcx %eax,%esi >> 5: 31 c6 xor %eax,%esi >> 7: 8b 4d 14 mov 0x14(%ebp),%ecx >> a: 89 cf mov %ecx,%edi >> c: c1 ff 1f sar $0x1f,%edi >> f: 8b .byte 0x8b > > Note that this was truncated, so the sar and .byte are probably a > truncated instruction. > > Also, when I had printfs in place, I could see the call instructions. > >> My first guess would be that the code simply jumped into garbage. But >> can you post the complete .o file somewhere for inspection? > > Attached. > Can you please post the file before it's been stripped and objcopied from ELF to binary format? That makes it a lot easier to disassemble and analyze... :) -Dimitry --Apple-Mail=_D83FAEC8-6DBF-4670-B99F-2DA42FE58B78 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAliiIjQACgkQsF6jCi4glqP/3ACgpoAOrSKA4dTH/Z0+y+mov+4Y LJgAoK2FL9ljxSyaQ2IJmgGRaw5xqzvS =OMJH -----END PGP SIGNATURE----- --Apple-Mail=_D83FAEC8-6DBF-4670-B99F-2DA42FE58B78--