1*1031c584SApple OSS Distributions""" 2*1031c584SApple OSS Distributions XNU Triage commands 3*1031c584SApple OSS Distributions""" 4*1031c584SApple OSS Distributionsfrom __future__ import absolute_import, print_function 5*1031c584SApple OSS Distributions 6*1031c584SApple OSS Distributionsfrom xnu import * 7*1031c584SApple OSS Distributionsimport sys, shlex 8*1031c584SApple OSS Distributionsfrom utils import * 9*1031c584SApple OSS Distributionsimport xnudefines 10*1031c584SApple OSS Distributionsimport re 11*1031c584SApple OSS Distributionsimport os.path 12*1031c584SApple OSS Distributions 13*1031c584SApple OSS Distributions# Macro: xi 14*1031c584SApple OSS Distributionsdef OutputAddress(cmd_args=None): 15*1031c584SApple OSS Distributions """ Returns out address and symbol corresponding to it without newline 16*1031c584SApple OSS Distributions Parameters: <address whose symbol is needed> 17*1031c584SApple OSS Distributions """ 18*1031c584SApple OSS Distributions if not cmd_args: 19*1031c584SApple OSS Distributions print("No arguments passed") 20*1031c584SApple OSS Distributions print(OutputAddress.__doc__) 21*1031c584SApple OSS Distributions return False 22*1031c584SApple OSS Distributions a = unsigned(cmd_args[0]) 23*1031c584SApple OSS Distributions cmd_str = "image lookup -a {:#x}".format(a) 24*1031c584SApple OSS Distributions cmd_out = lldb_run_command(cmd_str) 25*1031c584SApple OSS Distributions if len(cmd_out) != 0 and cmd_out != "ERROR:": 26*1031c584SApple OSS Distributions cmd_out1 = cmd_out.split('\n') 27*1031c584SApple OSS Distributions if len(cmd_out1) != 0: 28*1031c584SApple OSS Distributions cmd_out2 = cmd_out1[1].split('`') 29*1031c584SApple OSS Distributions if cmd_out2 != 0: 30*1031c584SApple OSS Distributions cmd_out3 = cmd_out2[1].split(' at') 31*1031c584SApple OSS Distributions if len(cmd_out3) != 0: 32*1031c584SApple OSS Distributions symbol_str = "{:#018x} <{:s}>".format(unsigned(a), cmd_out3[0]) 33*1031c584SApple OSS Distributions return symbol_str 34*1031c584SApple OSS Distributions return "" 35*1031c584SApple OSS Distributions 36*1031c584SApple OSS Distributions@lldb_command('xi') 37*1031c584SApple OSS Distributionsdef SymbolicateWithInstruction(cmd_args=None): 38*1031c584SApple OSS Distributions """ Prints out address and symbol similar to x/i 39*1031c584SApple OSS Distributions Usage: xi <address whose symbol is needed> 40*1031c584SApple OSS Distributions """ 41*1031c584SApple OSS Distributions if not cmd_args: 42*1031c584SApple OSS Distributions print("No arguments passed") 43*1031c584SApple OSS Distributions print(SymbolicateWithInstruction.__doc__) 44*1031c584SApple OSS Distributions return False 45*1031c584SApple OSS Distributions a = ArgumentStringToInt(cmd_args[0]) 46*1031c584SApple OSS Distributions print(OutputAddress([a])) 47*1031c584SApple OSS Distributions 48*1031c584SApple OSS Distributions# Macro: xi 49*1031c584SApple OSS Distributions 50*1031c584SApple OSS Distributions# Macro: newbt 51*1031c584SApple OSS Distributions@lldb_command('newbt') 52*1031c584SApple OSS Distributionsdef NewBt(cmd_args=None): 53*1031c584SApple OSS Distributions """ Prints all the instructions by walking the given stack pointer 54*1031c584SApple OSS Distributions """ 55*1031c584SApple OSS Distributions if not cmd_args: 56*1031c584SApple OSS Distributions print("No arguments passed") 57*1031c584SApple OSS Distributions print(NewBt.__doc__) 58*1031c584SApple OSS Distributions return False 59*1031c584SApple OSS Distributions a = ArgumentStringToInt(cmd_args[0]) 60*1031c584SApple OSS Distributions while a != 0: 61*1031c584SApple OSS Distributions if kern.arch == "x86_64" or kern.arch.startswith("arm64"): 62*1031c584SApple OSS Distributions offset = 8 63*1031c584SApple OSS Distributions else: 64*1031c584SApple OSS Distributions offset = 4 65*1031c584SApple OSS Distributions link_register = dereference(kern.GetValueFromAddress(a + offset, 'uintptr_t *')) 66*1031c584SApple OSS Distributions cmd_str = "di -s {:#x} -c 1".format(link_register) 67*1031c584SApple OSS Distributions cmd_out = lldb_run_command(cmd_str) 68*1031c584SApple OSS Distributions if len(cmd_out) != 0: 69*1031c584SApple OSS Distributions cmd_out1 = list(filter(None, cmd_out.split('\n'))) 70*1031c584SApple OSS Distributions if len(cmd_out1) != 0: 71*1031c584SApple OSS Distributions address = OutputAddress([unsigned(link_register)]) 72*1031c584SApple OSS Distributions if not address: 73*1031c584SApple OSS Distributions address = '{:#018x} <???>'.format(unsigned(link_register)) 74*1031c584SApple OSS Distributions print(address + ": " + cmd_out1[-1].split(':', 1)[1]) 75*1031c584SApple OSS Distributions a = dereference(kern.GetValueFromAddress(unsigned(a), 'uintptr_t *')) 76*1031c584SApple OSS Distributions 77*1031c584SApple OSS Distributions# EndMacro: newbt 78*1031c584SApple OSS Distributions 79*1031c584SApple OSS Distributions# Macro: parseLR 80*1031c584SApple OSS Distributions@lldb_command('parseLR') 81*1031c584SApple OSS Distributionsdef parseLR(cmd_args=None): 82*1031c584SApple OSS Distributions """ Decode the LR value from panic log into source code location 83*1031c584SApple OSS Distributions """ 84*1031c584SApple OSS Distributions global paniclog_data 85*1031c584SApple OSS Distributions panic_found = 1 86*1031c584SApple OSS Distributions 87*1031c584SApple OSS Distributions if not paniclog_data: 88*1031c584SApple OSS Distributions if kern.arch == "x86_64": 89*1031c584SApple OSS Distributions paniclog_data += returnfunc("\n(lldb) paniclog\n", "paniclog -v") 90*1031c584SApple OSS Distributions else: 91*1031c584SApple OSS Distributions paniclog_data += returnfunc("\n(lldb) paniclog\n", "paniclog") 92*1031c584SApple OSS Distributions 93*1031c584SApple OSS Distributions if panic_found == 1: 94*1031c584SApple OSS Distributions srch_string = "lr:\s+0x[a-fA-F0-9]+\s" 95*1031c584SApple OSS Distributions lr_pc_srch = re.findall(srch_string, paniclog_data) 96*1031c584SApple OSS Distributions if lr_pc_srch: 97*1031c584SApple OSS Distributions print(paniclog_data, lr_pc_srch) 98*1031c584SApple OSS Distributions for match in lr_pc_srch: 99*1031c584SApple OSS Distributions sp=match.strip("lr: ") 100*1031c584SApple OSS Distributions print(sp) 101*1031c584SApple OSS Distributions print("(lldb) list *{:s}".format(sp)) 102*1031c584SApple OSS Distributions print(lldb_run_command("list *{:s}".format(sp))) 103*1031c584SApple OSS Distributions 104*1031c584SApple OSS Distributions else: 105*1031c584SApple OSS Distributions print("Currently unsupported on x86_64 architecture") 106*1031c584SApple OSS Distributions#EndMacro: parseLR 107*1031c584SApple OSS Distributions 108*1031c584SApple OSS Distributions# Macro: parseLRfromfile 109*1031c584SApple OSS Distributions@lldb_command('parseLRfromfile') 110*1031c584SApple OSS Distributionsdef parseLRfromfile(cmd_args=None): 111*1031c584SApple OSS Distributions """ Decode the LR value from file into source code location 112*1031c584SApple OSS Distributions """ 113*1031c584SApple OSS Distributions f = open('/tmp/lrparsefile', 'r') 114*1031c584SApple OSS Distributions parse_data= f.read() 115*1031c584SApple OSS Distributions srch_string = "lr:\s+0x[a-fA-F0-9]+\s" 116*1031c584SApple OSS Distributions lr_pc_srch = re.findall(srch_string, parse_data) 117*1031c584SApple OSS Distributions if lr_pc_srch: 118*1031c584SApple OSS Distributions print(paniclog_data, lr_pc_srch) 119*1031c584SApple OSS Distributions for match in lr_pc_srch: 120*1031c584SApple OSS Distributions sp=match.strip("lr: ") 121*1031c584SApple OSS Distributions print(sp) 122*1031c584SApple OSS Distributions print("(lldb) list *{:s}".format(sp)) 123*1031c584SApple OSS Distributions print(lldb_run_command("list *{:s}".format(sp))) 124*1031c584SApple OSS Distributions 125*1031c584SApple OSS Distributions#EndMacro: parseLRfromfile 126*1031c584SApple OSS Distributions 127