Espresso/lib/ksymtab.c



#include <ksymtab.h>

typedef struct kfunc {
 /*
  Bit 31 = 1 -> driver/module function, Bit 31 = 0 ->  kernel function
  Bits 30-20 -> module/driver ID (11 bits)
  Bits 19-0  -> function ID (20 bits)
 */
  uint32_t id;
  
  uint32_t addr; /* Pointer to function, 0x0 if nonexistent */
} kfunc_t;


#define KFUNC_TABLE_ADDRESS 0xC0101000
#define KFUNC_TABLE_SIZE    (2 ^ 31) /* Maybe? who knows? */

#define IS_MODULE_FUNC(id)  ((id) & 0x80000000)
#define GET_MODULE_ID(id)   (((id) >> 20) & 0x7FF)
#define GET_FUNC_ID(id)     ((id) & 0xFFFFF)
#define EXISTS(id)          ((id) > 0x0)

#define MAKE_KERNEL_FUNC(id) ((id) & 0x7FFFFFFF)

#define MAKE_MODULE_FUNC(mid, fid) (0x80000000 | ((mid) << 20) | ((fid) & 0xFFFFF))


kfunc_t* kfunc_table = (kfunc_t*)KFUNC_TABLE_ADDRESS;


uint64_t kfunc_call(kfunc_t* func, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
{
  uint32_t eax_ret, edx_ret;

  asm volatile (
    "push %[d]\n\t"
    "push %[c]\n\t"
    "push %[b]\n\t"
    "push %[a]\n\t"
    "call *%[fn]\n\t"
    "add $16, %%esp\n\t" /* clean up stack (4 args * 4 bytes) */
    : "=a"(eax_ret), "=d"(edx_ret)
    : [a]"r"(a), [b]"r"(b), [c]"r"(c), [d]"r"(d), [fn]"r"(func->addr)
    : "memory"
  );

  return ((uint64_t)edx_ret << 32) | eax_ret;
}


uint64_t call_kfunc_by_id(uint32_t id, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
{
  for (int i = 0; i < KFUNC_TABLE_SIZE; i++)
  {
    if (kfunc_table[i].id == id)
    {
      if (kfunc_table[i].addr == 0x0)
      {
        return -1;
      }
      return kfunc_call(&kfunc_table[i], a, b, c, d);
    }
  }
  return -1;
}
Espresso 0.0.1d 2025-07-03 20:30:21 -05:00

			`#include <ksymtab.h>`

			`typedef struct kfunc {`
			`/*`
			`Bit 31 = 1 -> driver/module function, Bit 31 = 0 -> kernel function`
			`Bits 30-20 -> module/driver ID (11 bits)`
			`Bits 19-0 -> function ID (20 bits)`
			`*/`
			`uint32_t id;`

			`uint32_t addr; /* Pointer to function, 0x0 if nonexistent */`
			`} kfunc_t;`


			`#define KFUNC_TABLE_ADDRESS 0xC0101000`
			`#define KFUNC_TABLE_SIZE (2 ^ 31) /* Maybe? who knows? */`

			`#define IS_MODULE_FUNC(id) ((id) & 0x80000000)`
			`#define GET_MODULE_ID(id) (((id) >> 20) & 0x7FF)`
			`#define GET_FUNC_ID(id) ((id) & 0xFFFFF)`
			`#define EXISTS(id) ((id) > 0x0)`

			`#define MAKE_KERNEL_FUNC(id) ((id) & 0x7FFFFFFF)`

			`#define MAKE_MODULE_FUNC(mid, fid) (0x80000000 \| ((mid) << 20) \| ((fid) & 0xFFFFF))`


			`kfunc_t* kfunc_table = (kfunc_t*)KFUNC_TABLE_ADDRESS;`


			`uint64_t kfunc_call(kfunc_t* func, uint32_t a, uint32_t b, uint32_t c, uint32_t d)`
			`{`
			`uint32_t eax_ret, edx_ret;`

			`asm volatile (`
			`"push %[d]\n\t"`
			`"push %[c]\n\t"`
			`"push %[b]\n\t"`
			`"push %[a]\n\t"`
			`"call *%[fn]\n\t"`
			`"add $16, %%esp\n\t" /* clean up stack (4 args * 4 bytes) */`
			`: "=a"(eax_ret), "=d"(edx_ret)`
			`: [a]"r"(a), [b]"r"(b), [c]"r"(c), [d]"r"(d), [fn]"r"(func->addr)`
			`: "memory"`
			`);`

			`return ((uint64_t)edx_ret << 32) \| eax_ret;`
			`}`



			`uint64_t call_kfunc_by_id(uint32_t id, uint32_t a, uint32_t b, uint32_t c, uint32_t d)`
			`{`
			`for (int i = 0; i < KFUNC_TABLE_SIZE; i++)`
			`{`
			`if (kfunc_table[i].id == id)`
			`{`
			`if (kfunc_table[i].addr == 0x0)`
			`{`
			`return -1;`
			`}`
			`return kfunc_call(&kfunc_table[i], a, b, c, d);`
			`}`
			`}`
			`return -1;`
			`}`