From 7a23ee18ecae27c1e0201dbbb8ab781c48e859ba Mon Sep 17 00:00:00 2001 From: Amlal El Mahrouss Date: Thu, 24 Apr 2025 10:44:30 +0200 Subject: dev, dbg: Improve POSIXMachContract, but it still has some rough edges on breakpoints. Signed-off-by: Amlal El Mahrouss --- dev/LibDebugger/POSIXMachContract.h | 111 +++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 52 deletions(-) (limited to 'dev/LibDebugger/POSIXMachContract.h') diff --git a/dev/LibDebugger/POSIXMachContract.h b/dev/LibDebugger/POSIXMachContract.h index 1962202..a65bde8 100644 --- a/dev/LibDebugger/POSIXMachContract.h +++ b/dev/LibDebugger/POSIXMachContract.h @@ -21,16 +21,25 @@ #include #include -#ifdef __APPLE__ +#include + #include #include +#include +#include + +LC_IMPORT_C kern_return_t mach_vm_write( + vm_map_t target_task, + mach_vm_address_t address, + vm_offset_t data, + mach_msg_type_number_t dataCnt); + #define PTRACE_ATTACH PT_ATTACHEXC #define PTRACE_DETACH PT_DETACH #define PTRACE_POKETEXT PT_WRITE_I #define PTRACE_CONT PT_CONTINUE #define PTRACE_PEEKTEXT PT_READ_I -#endif namespace LibDebugger::POSIX { @@ -47,85 +56,85 @@ namespace LibDebugger::POSIX POSIXMachContract(const POSIXMachContract&) = default; public: - BOOL Attach(ProcessID pid) noexcept override + BOOL Attach(std::string path, std::string argv, ProcessID& pid) noexcept override { -#ifdef __APPLE__ + pid = fork(); + if (pid == 0) - return false; + { + std::vector argv_arr; - this->m_pid = pid; - return true; -#else + argv_arr.push_back(const_cast(path.c_str())); + argv_arr.push_back(const_cast(argv.c_str())); + argv_arr.push_back(nullptr); - if (ptrace(PTRACE_ATTACH, pid, nullptr, 0) == -1) - { - return false; + execv(path.c_str(), argv_arr.data()); + + _exit(1); } - this->m_pid = pid; + m_path = path; + m_pid = pid; + + pid = this->m_pid; - waitpid(m_pid, nullptr, 0); + this->Break(); return true; -#endif } - BOOL Break(CAddress addr) noexcept override + BOOL Breakpoint(std::string symbol) noexcept override { -#ifdef __APPLE__ - task_read_t task; - task_for_pid(mach_task_self(), m_pid, &task); - kern_return_t ret = task_suspend(task); - - return ret == KERN_SUCCESS; -#else - uintptr_t original_data = ptrace(PTRACE_PEEKTEXT, m_pid, addr, 0); - if (original_data == -1) + if (!m_path.empty() && std::filesystem::exists(m_path) && !std::filesystem::is_regular_file(m_path)) { - return false; - } + auto handle = dlopen(m_path.c_str(), RTLD_LAZY); - constexpr uint8_t kInt3x86 = 0xCC; + if (handle == nullptr) + { + return false; + } - uintptr_t data_with_int3 = (original_data & ~0xFF) | kInt3x86; // Insert INT3 (0xCC) + auto addr = dlsym(handle, symbol.c_str()); - if (ptrace(PTRACE_POKETEXT, m_pid, addr, data_with_int3) == -1) - { - return false; - } + if (addr == nullptr) + { + return false; + } - m_breakpoints[reinterpret_cast(addr)] = original_data; // Store original data + task_read_t task; + task_for_pid(mach_task_self(), m_pid, &task); - return true; -#endif + uint32_t brk_inst = 0xD43E0000; + + mach_vm_write(task, (mach_vm_address_t)addr, (vm_offset_t)&brk_inst, sizeof(addr)); + } + + return false; } - BOOL Continue() noexcept override + BOOL Break() noexcept override { -#ifdef __APPLE__ task_read_t task; task_for_pid(mach_task_self(), m_pid, &task); - kern_return_t ret = task_resume(task); + + kern_return_t ret = task_suspend(task); return ret == KERN_SUCCESS; -#else - if (ptrace(PTRACE_CONT, m_pid, nullptr, 0) == -1) - { + } - return false; - } + BOOL Continue() noexcept override + { + task_read_t task; + task_for_pid(mach_task_self(), m_pid, &task); - int status; - waitpid(m_pid, &status, 0); + kern_return_t ret = task_resume(task); - return WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP; -#endif + return ret == KERN_SUCCESS; } BOOL Detach() noexcept override { -#ifdef __APPLE__ this->Continue(); task_read_t task; @@ -134,12 +143,10 @@ namespace LibDebugger::POSIX kern_return_t kr = mach_port_deallocate(mach_task_self(), task); return kr = KERN_SUCCESS; -#else - return ptrace(PTRACE_DETACH, m_pid, nullptr, 0) == -1; -#endif } private: - ProcessID m_pid{0}; + ProcessID m_pid{0}; + std::string m_path; }; } // namespace LibDebugger::POSIX -- cgit v1.2.3