1 ! Force .got aligned to 4K, so it very likely gets at 0x413000 2 .data 3 .balign 4096 4 .section ".tdata", "awT", @progbits 5 .globl sg1, sg2 6 .globl sh1, sh2 7 .hidden sh1, sh2 8sg1: .long 17 9sg2: .long 18 10sl1: .long 65 11sl2: .long 66 12sh1: .long 257 13sh2: .long 258 14 ! Force .text aligned to 4K, so it very likely gets at 0x401000. 15 .text 16 .balign 4096 17 .globl fn2 18 .type fn2,@function 19fn2: 20 mov.l r12,@-r15 21 mov.l r14,@-r15 22 sts.l pr,@-r15 23 mova .L3,r0 24 mov.l .L3,r12 25 add r0,r12 26 mov r15,r14 27 nop;nop;nop;nop 28 29 ! GD -> IE because variable is not defined in executable 30 mov.l 1f,r4 31 mova 2f,r0 32 mov.l 2f,r1 33 add r0,r1 34 jsr @r1 35 add r12,r4 36 bra 3f 37 nop 38 .align 2 391: .long sG1@TLSGD 402: .long __tls_get_addr@PLT 413: 42 nop;nop;nop;nop 43 44 ! GD -> IE because variable is not defined in executable where 45 ! the variable is referenced through @gottpoff too 46 mov.l 1f,r4 47 mova 2f,r0 48 mov.l 2f,r1 49 add r0,r1 50 jsr @r1 51 add r12,r4 52 bra 3f 53 nop 54 .align 2 551: .long sG2@TLSGD 562: .long __tls_get_addr@PLT 573: 58 nop;nop;nop;nop 59 60 ! GD -> LE with global variable defined in executable 61 mov.l 1f,r4 62 mova 2f,r0 63 mov.l 2f,r1 64 add r0,r1 65 jsr @r1 66 add r12,r4 67 bra 3f 68 nop 69 .align 2 701: .long sg1@TLSGD 712: .long __tls_get_addr@PLT 723: 73 nop;nop;nop;nop 74 75 ! GD -> LE with local variable defined in executable 76 mov.l 1f,r4 77 mova 2f,r0 78 mov.l 2f,r1 79 add r0,r1 80 jsr @r1 81 add r12,r4 82 bra 3f 83 nop 84 .align 2 851: .long sl1@TLSGD 862: .long __tls_get_addr@PLT 873: 88 nop;nop;nop;nop 89 90 ! GD -> LE with hidden variable defined in executable 91 mov.l 1f,r4 92 mova 2f,r0 93 mov.l 2f,r1 94 add r0,r1 95 jsr @r1 96 add r12,r4 97 bra 3f 98 nop 99 .align 2 1001: .long sh1@TLSGD 1012: .long __tls_get_addr@PLT 1023: 103 nop;nop;nop;nop 104 105 ! LD -> LE with local variable defined in executable 106 mov.l 1f,r4 107 mova 2f,r0 108 mov.l 2f,r1 109 add r0,r1 110 jsr @r1 111 add r12,r4 112 bra 3f 113 nop 114 .align 2 1151: .long sl1@TLSLDM 1162: .long __tls_get_addr@PLT 1173: 118 nop;nop 119 mov.l .L4,r1 120 add r0,r1 121 nop;nop 122 mov.l .L5,r2 123 add r0,r2 124 nop;nop;nop;nop 125 126 ! LD -> LE against hidden variables 127 mov.l 1f,r4 128 mova 2f,r0 129 mov.l 2f,r1 130 add r0,r1 131 jsr @r1 132 add r12,r4 133 bra 3f 134 nop 135 .align 2 1361: .long sh1@TLSLDM 1372: .long __tls_get_addr@PLT 1383: 139 nop;nop 140 mov.l .L6,r1 141 add r0,r1 142 nop;nop 143 mov.l .L7,r2 144 add r0,r2 145 nop;nop;nop;nop 146 147 ! @GOTTPOFF IE against global var 148 mov.l 1f,r0 149 stc gbr,r1 150 mov.l @(r0,r12),r0 151 bra 2f 152 add r0,r1 153 .align 2 1541: .long sG2@GOTTPOFF 1552: 156 nop;nop;nop;nop 157 158 ! @GOTTPOFF IE against global var 159 mov.l 1f,r0 160 stc gbr,r1 161 mov.l @(r0,r12),r0 162 bra 2f 163 add r1,r0 164 .align 2 1651: .long sG4@GOTTPOFF 1662: 167 nop;nop;nop;nop 168 169 ! @GOTTPOFF IE -> LE against global var defined in exec 170 mov.l 1f,r0 171 stc gbr,r1 172 mov.l @(r0,r12),r0 173 bra 2f 174 add r0,r1 175 .align 2 1761: .long sg1@GOTTPOFF 1772: 178 nop;nop;nop;nop 179 180 ! @GOTTPOFF IE -> LE against hidden var 181 mov.l 1f,r0 182 stc gbr,r1 183 mov.l @(r0,r12),r0 184 bra 2f 185 add r0,r1 186 .align 2 1871: .long sh1@GOTTPOFF 1882: 189 nop;nop;nop;nop 190 191 mov r14,r15 192 lds.l @r15+,pr 193 mov.l @r15+,r14 194 rts 195 mov.l @r15+,r12 196 197 .align 2 198.L3: .long _GLOBAL_OFFSET_TABLE_ 199.L4: .long sl1@DTPOFF 200.L5: .long sl2@DTPOFF 201.L6: .long sh1@DTPOFF 202.L7: .long sh2@DTPOFF 203 ! Fill page with 0. 204 .space .L8-. 205 .balign 4096 206.L8: 207