stalker: Copy BLR for excluded calls on arm64

Instead of replacing them with functionally-equivalent ones, so that any pointer authentication context is used as expected.
frida · Jan 10, 2024 · da07022 · da07022
1 parent 6b5e411
commit da07022
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/gum/backend-arm64/gumstalker-arm64.c b/gum/backend-arm64/gumstalker-arm64.c
@@ -3,6 +3,7 @@
  * Copyright (C) 2017 Antonio Ken Iannillo <[email protected]>
  * Copyright (C) 2019 John Coates <[email protected]>
  * Copyright (C) 2023 Håvard Sørbø <[email protected]>
+ * Copyright (C) 2024 Francesco Tamagni <[email protected]>
  *
  * Licence: wxWindows Library Licence, Version 3.1
  */
@@ -4796,10 +4797,7 @@ gum_exec_block_write_call_invoke_code (GumExecBlock * block,
      * therefore don't have to strip the low bit from the target address
      * returned from the inline cache code.
      */
-    if (gc->instruction->ci->id == ARM64_INS_BLR)
-      gum_arm64_writer_put_blr_reg_no_auth (cw, target->reg);
-    else
-      gum_arm64_writer_put_blr_reg (cw, target->reg);
+    gum_arm64_writer_put_bytes (cw, insn->start, insn->ci->size);
 
 #ifdef HAVE_LINUX
     gum_metal_hash_table_insert (ctx->excluded_calls, cw->code, insn->end);