1*d4514f0bSApple OSS Distributions#!/usr/bin/python 2*d4514f0bSApple OSS Distributions# 3*d4514f0bSApple OSS Distributions 4*d4514f0bSApple OSS Distributions#source of register info is from http://opensource.apple.com/source/gdb/gdb-962/src/gdb/arm-tdep.c 5*d4514f0bSApple OSS Distributionsimport struct 6*d4514f0bSApple OSS Distributionsimport lldb 7*d4514f0bSApple OSS Distributions 8*d4514f0bSApple OSS Distributions 9*d4514f0bSApple OSS Distributionsosplugin_target_obj = None 10*d4514f0bSApple OSS Distributions 11*d4514f0bSApple OSS Distributionsclass PluginValue(lldb.SBValue): 12*d4514f0bSApple OSS Distributions def GetChildMemberWithName(val, name): 13*d4514f0bSApple OSS Distributions val_type = val.GetType() 14*d4514f0bSApple OSS Distributions if val_type.IsPointerType(): 15*d4514f0bSApple OSS Distributions val_type = val_type.GetPointeeType() 16*d4514f0bSApple OSS Distributions for i in range(val_type.GetNumberOfFields()): 17*d4514f0bSApple OSS Distributions if name == val_type.GetFieldAtIndex(i).GetName(): 18*d4514f0bSApple OSS Distributions return PluginValue(val.GetChildAtIndex(i)) 19*d4514f0bSApple OSS Distributions return None 20*d4514f0bSApple OSS Distributions 21*d4514f0bSApple OSS Distributionsclass Armv8_RegisterSet(object): 22*d4514f0bSApple OSS Distributions """ register info set for armv8 64 bit architecture""" 23*d4514f0bSApple OSS Distributions register_info = { 'sets' : ['GPR'], 24*d4514f0bSApple OSS Distributions 'registers': [ 25*d4514f0bSApple OSS Distributions {'name': 'x0' , 'bitsize':64, 'offset': 0, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 0, 'dwarf': 0, 'alt-name':'arg1', 'generic':'arg1'}, 26*d4514f0bSApple OSS Distributions {'name': 'x1' , 'bitsize':64, 'offset': 8, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 1, 'dwarf': 1, 'alt-name':'arg2', 'generic':'arg2'}, 27*d4514f0bSApple OSS Distributions {'name': 'x2' , 'bitsize':64, 'offset': 16, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 2, 'dwarf': 2, 'alt-name':'arg3', 'generic':'arg3'}, 28*d4514f0bSApple OSS Distributions {'name': 'x3' , 'bitsize':64, 'offset': 24, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 3, 'dwarf': 3, 'alt-name':'arg4', 'generic':'arg4'}, 29*d4514f0bSApple OSS Distributions {'name': 'x4' , 'bitsize':64, 'offset': 32, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 4, 'dwarf': 4, 'alt-name':'arg5', 'generic':'arg5'}, 30*d4514f0bSApple OSS Distributions {'name': 'x5' , 'bitsize':64, 'offset': 40, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 5, 'dwarf': 5, 'alt-name':'arg6', 'generic':'arg6'}, 31*d4514f0bSApple OSS Distributions {'name': 'x6' , 'bitsize':64, 'offset': 48, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 6, 'dwarf': 6, 'alt-name':'arg7', 'generic':'arg7'}, 32*d4514f0bSApple OSS Distributions {'name': 'x7' , 'bitsize':64, 'offset': 56, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 7, 'dwarf': 7, 'alt-name':'arg8', 'generic':'arg8'}, 33*d4514f0bSApple OSS Distributions {'name': 'x8' , 'bitsize':64, 'offset': 64, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 8, 'dwarf': 8}, 34*d4514f0bSApple OSS Distributions {'name': 'x9' , 'bitsize':64, 'offset': 72, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 9, 'dwarf': 9}, 35*d4514f0bSApple OSS Distributions {'name': 'x10' , 'bitsize':64, 'offset': 80, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':10, 'dwarf':10}, 36*d4514f0bSApple OSS Distributions {'name': 'x11' , 'bitsize':64, 'offset': 88, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':11, 'dwarf':11}, 37*d4514f0bSApple OSS Distributions {'name': 'x12' , 'bitsize':64, 'offset': 96, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':12, 'dwarf':12}, 38*d4514f0bSApple OSS Distributions {'name': 'x13' , 'bitsize':64, 'offset':104, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':13, 'dwarf':13}, 39*d4514f0bSApple OSS Distributions {'name': 'x14' , 'bitsize':64, 'offset':112, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':14, 'dwarf':14}, 40*d4514f0bSApple OSS Distributions {'name': 'x15' , 'bitsize':64, 'offset':120, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':15, 'dwarf':15}, 41*d4514f0bSApple OSS Distributions {'name': 'x16' , 'bitsize':64, 'offset':128, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':16, 'dwarf':16}, 42*d4514f0bSApple OSS Distributions {'name': 'x17' , 'bitsize':64, 'offset':136, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':17, 'dwarf':17}, 43*d4514f0bSApple OSS Distributions {'name': 'x18' , 'bitsize':64, 'offset':144, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':18, 'dwarf':18}, 44*d4514f0bSApple OSS Distributions {'name': 'x19' , 'bitsize':64, 'offset':152, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':19, 'dwarf':19}, 45*d4514f0bSApple OSS Distributions {'name': 'x20' , 'bitsize':64, 'offset':160, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':20, 'dwarf':20}, 46*d4514f0bSApple OSS Distributions {'name': 'x21' , 'bitsize':64, 'offset':168, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':21, 'dwarf':21}, 47*d4514f0bSApple OSS Distributions {'name': 'x22' , 'bitsize':64, 'offset':176, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':22, 'dwarf':22}, 48*d4514f0bSApple OSS Distributions {'name': 'x23' , 'bitsize':64, 'offset':184, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':23, 'dwarf':23}, 49*d4514f0bSApple OSS Distributions {'name': 'x24' , 'bitsize':64, 'offset':192, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':24, 'dwarf':24}, 50*d4514f0bSApple OSS Distributions {'name': 'x25' , 'bitsize':64, 'offset':200, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':25, 'dwarf':25}, 51*d4514f0bSApple OSS Distributions {'name': 'x26' , 'bitsize':64, 'offset':208, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':26, 'dwarf':26}, 52*d4514f0bSApple OSS Distributions {'name': 'x27' , 'bitsize':64, 'offset':216, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':27, 'dwarf':27}, 53*d4514f0bSApple OSS Distributions {'name': 'x28' , 'bitsize':64, 'offset':224, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':28, 'dwarf':28}, 54*d4514f0bSApple OSS Distributions {'name': 'fp' , 'bitsize':64, 'offset':232, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':29, 'dwarf':29, 'alt-name': 'fp', 'generic':'fp'}, 55*d4514f0bSApple OSS Distributions {'name': 'lr' , 'bitsize':64, 'offset':240, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':30, 'dwarf':30, 'alt-name': 'lr', 'generic':'lr'}, 56*d4514f0bSApple OSS Distributions {'name': 'sp' , 'bitsize':64, 'offset':248, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':31, 'dwarf':31, 'alt-name': 'sp', 'generic':'sp'}, 57*d4514f0bSApple OSS Distributions {'name': 'pc' , 'bitsize':64, 'offset':256, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':32, 'dwarf':32, 'alt-name': 'pc', 'generic':'pc'}, 58*d4514f0bSApple OSS Distributions {'name': 'far' , 'bitsize':64, 'offset':264, 'encoding':'uint', 'format':'hex', 'set':0}, 59*d4514f0bSApple OSS Distributions {'name': 'cpsr', 'bitsize':32, 'offset':272, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':33, 'dwarf':33, 'generic':'flags'}, 60*d4514f0bSApple OSS Distributions {'name': 'esr' , 'bitsize':32, 'offset':276, 'encoding':'uint', 'format':'hex', 'set':0}, 61*d4514f0bSApple OSS Distributions ] 62*d4514f0bSApple OSS Distributions } 63*d4514f0bSApple OSS Distributions 64*d4514f0bSApple OSS Distributions def __init__(self): 65*d4514f0bSApple OSS Distributions self.switch_context_address = osplugin_target_obj.FindSymbols('Switch_context')[0].GetSymbol().GetStartAddress().GetLoadAddress(osplugin_target_obj) 66*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 67*d4514f0bSApple OSS Distributions def ResetRegisterValues(self): 68*d4514f0bSApple OSS Distributions self.x0 = 0 69*d4514f0bSApple OSS Distributions self.x1 = 0 70*d4514f0bSApple OSS Distributions self.x2 = 0 71*d4514f0bSApple OSS Distributions self.x3 = 0 72*d4514f0bSApple OSS Distributions self.x4 = 0 73*d4514f0bSApple OSS Distributions self.x5 = 0 74*d4514f0bSApple OSS Distributions self.x6 = 0 75*d4514f0bSApple OSS Distributions self.x7 = 0 76*d4514f0bSApple OSS Distributions self.x8 = 0 77*d4514f0bSApple OSS Distributions self.x9 = 0 78*d4514f0bSApple OSS Distributions self.x10 = 0 79*d4514f0bSApple OSS Distributions self.x11 = 0 80*d4514f0bSApple OSS Distributions self.x12 = 0 81*d4514f0bSApple OSS Distributions self.x13 = 0 82*d4514f0bSApple OSS Distributions self.x14 = 0 83*d4514f0bSApple OSS Distributions self.x15 = 0 84*d4514f0bSApple OSS Distributions self.x16 = 0 85*d4514f0bSApple OSS Distributions self.x17 = 0 86*d4514f0bSApple OSS Distributions self.x18 = 0 87*d4514f0bSApple OSS Distributions self.x19 = 0 88*d4514f0bSApple OSS Distributions self.x20 = 0 89*d4514f0bSApple OSS Distributions self.x21 = 0 90*d4514f0bSApple OSS Distributions self.x22 = 0 91*d4514f0bSApple OSS Distributions self.x23 = 0 92*d4514f0bSApple OSS Distributions self.x24 = 0 93*d4514f0bSApple OSS Distributions self.x25 = 0 94*d4514f0bSApple OSS Distributions self.x26 = 0 95*d4514f0bSApple OSS Distributions self.x27 = 0 96*d4514f0bSApple OSS Distributions self.x28 = 0 97*d4514f0bSApple OSS Distributions self.fp = 0 98*d4514f0bSApple OSS Distributions self.lr = 0 99*d4514f0bSApple OSS Distributions self.sp = 0 100*d4514f0bSApple OSS Distributions self.pc = 0 101*d4514f0bSApple OSS Distributions self.far = 0 102*d4514f0bSApple OSS Distributions self.cpsr = 0 103*d4514f0bSApple OSS Distributions self.esr = 0 104*d4514f0bSApple OSS Distributions 105*d4514f0bSApple OSS Distributions def __str__(self): 106*d4514f0bSApple OSS Distributions return """ pc = """ 107*d4514f0bSApple OSS Distributions 108*d4514f0bSApple OSS Distributions def GetPackedRegisterState(self): 109*d4514f0bSApple OSS Distributions return struct.pack('34QII', self.x0, self.x1, self.x2, self.x3, self.x4, self.x5, 110*d4514f0bSApple OSS Distributions self.x6, self.x7, self.x8, self.x9, self.x10, self.x11, self.x12, self.x13, 111*d4514f0bSApple OSS Distributions self.x14, self.x15, self.x16, self.x17, self.x18, self.x19, self.x20, self.x21, 112*d4514f0bSApple OSS Distributions self.x22, self.x23, self.x24, self.x25, self.x26, self.x27, self.x28, self.fp, 113*d4514f0bSApple OSS Distributions self.lr, self.sp, self.pc, self.far, self.cpsr, self.esr) 114*d4514f0bSApple OSS Distributions 115*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKDPSavedState(self, kdp_state, kernel_version): 116*d4514f0bSApple OSS Distributions """ Setup register values from KDP saved information. 117*d4514f0bSApple OSS Distributions """ 118*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(struct arm_saved_state64 *) ' + str(kdp_state.GetValueAsUnsigned())) 119*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 120*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 121*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 122*d4514f0bSApple OSS Distributions self.x0 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(0).GetValueAsUnsigned() 123*d4514f0bSApple OSS Distributions self.x1 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(1).GetValueAsUnsigned() 124*d4514f0bSApple OSS Distributions self.x2 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(2).GetValueAsUnsigned() 125*d4514f0bSApple OSS Distributions self.x3 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(3).GetValueAsUnsigned() 126*d4514f0bSApple OSS Distributions self.x4 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(4).GetValueAsUnsigned() 127*d4514f0bSApple OSS Distributions self.x5 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(5).GetValueAsUnsigned() 128*d4514f0bSApple OSS Distributions self.x6 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(6).GetValueAsUnsigned() 129*d4514f0bSApple OSS Distributions self.x7 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(7).GetValueAsUnsigned() 130*d4514f0bSApple OSS Distributions self.x8 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(8).GetValueAsUnsigned() 131*d4514f0bSApple OSS Distributions self.x9 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(9).GetValueAsUnsigned() 132*d4514f0bSApple OSS Distributions self.x10 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(10).GetValueAsUnsigned() 133*d4514f0bSApple OSS Distributions self.x11 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(11).GetValueAsUnsigned() 134*d4514f0bSApple OSS Distributions self.x12 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(12).GetValueAsUnsigned() 135*d4514f0bSApple OSS Distributions self.x13 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(13).GetValueAsUnsigned() 136*d4514f0bSApple OSS Distributions self.x14 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(14).GetValueAsUnsigned() 137*d4514f0bSApple OSS Distributions self.x15 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(15).GetValueAsUnsigned() 138*d4514f0bSApple OSS Distributions self.x16 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(16).GetValueAsUnsigned() 139*d4514f0bSApple OSS Distributions self.x17 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(17).GetValueAsUnsigned() 140*d4514f0bSApple OSS Distributions self.x18 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(18).GetValueAsUnsigned() 141*d4514f0bSApple OSS Distributions self.x19 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(19).GetValueAsUnsigned() 142*d4514f0bSApple OSS Distributions self.x20 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(20).GetValueAsUnsigned() 143*d4514f0bSApple OSS Distributions self.x21 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(21).GetValueAsUnsigned() 144*d4514f0bSApple OSS Distributions self.x22 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(22).GetValueAsUnsigned() 145*d4514f0bSApple OSS Distributions self.x23 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(23).GetValueAsUnsigned() 146*d4514f0bSApple OSS Distributions self.x24 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(24).GetValueAsUnsigned() 147*d4514f0bSApple OSS Distributions self.x25 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(25).GetValueAsUnsigned() 148*d4514f0bSApple OSS Distributions self.x26 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(26).GetValueAsUnsigned() 149*d4514f0bSApple OSS Distributions self.x27 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(27).GetValueAsUnsigned() 150*d4514f0bSApple OSS Distributions self.x28 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(28).GetValueAsUnsigned() 151*d4514f0bSApple OSS Distributions self.fp = saved_state.GetChildMemberWithName('fp').GetValueAsUnsigned() 152*d4514f0bSApple OSS Distributions self.lr = saved_state.GetChildMemberWithName('lr').GetValueAsUnsigned() 153*d4514f0bSApple OSS Distributions self.sp = saved_state.GetChildMemberWithName('sp').GetValueAsUnsigned() 154*d4514f0bSApple OSS Distributions self.pc = saved_state.GetChildMemberWithName('pc').GetValueAsUnsigned() 155*d4514f0bSApple OSS Distributions self.far = saved_state.GetChildMemberWithName('far').GetValueAsUnsigned() 156*d4514f0bSApple OSS Distributions self.cpsr = saved_state.GetChildMemberWithName('cpsr').GetValueAsUnsigned() 157*d4514f0bSApple OSS Distributions self.esr = saved_state.GetChildMemberWithName('esr').GetValueAsUnsigned() 158*d4514f0bSApple OSS Distributions return self 159*d4514f0bSApple OSS Distributions 160*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKernelStack(self, kstack_saved_state_addr, kernel_version): 161*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(arm_kernel_saved_state_t *) '+ str(kstack_saved_state_addr)) 162*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 163*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 164*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 165*d4514f0bSApple OSS Distributions self.x19 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(0).GetValueAsUnsigned() 166*d4514f0bSApple OSS Distributions self.x20 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(1).GetValueAsUnsigned() 167*d4514f0bSApple OSS Distributions self.x21 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(2).GetValueAsUnsigned() 168*d4514f0bSApple OSS Distributions self.x22 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(3).GetValueAsUnsigned() 169*d4514f0bSApple OSS Distributions self.x23 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(4).GetValueAsUnsigned() 170*d4514f0bSApple OSS Distributions self.x24 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(5).GetValueAsUnsigned() 171*d4514f0bSApple OSS Distributions self.x25 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(6).GetValueAsUnsigned() 172*d4514f0bSApple OSS Distributions self.x26 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(7).GetValueAsUnsigned() 173*d4514f0bSApple OSS Distributions self.x27 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(8).GetValueAsUnsigned() 174*d4514f0bSApple OSS Distributions self.x28 = saved_state.GetChildMemberWithName('x').GetChildAtIndex(9).GetValueAsUnsigned() 175*d4514f0bSApple OSS Distributions self.fp = saved_state.GetChildMemberWithName('fp').GetValueAsUnsigned() 176*d4514f0bSApple OSS Distributions self.lr = saved_state.GetChildMemberWithName('lr').GetValueAsUnsigned() 177*d4514f0bSApple OSS Distributions self.sp = saved_state.GetChildMemberWithName('sp').GetValueAsUnsigned() 178*d4514f0bSApple OSS Distributions # pc for a blocked thread is treated to be the next instruction it would run after thread switch. 179*d4514f0bSApple OSS Distributions self.pc = self.switch_context_address 180*d4514f0bSApple OSS Distributions return self 181*d4514f0bSApple OSS Distributions 182*d4514f0bSApple OSS Distributions def ReadRegisterDataFromContinuation(self, continuation_ptr): 183*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 184*d4514f0bSApple OSS Distributions self.pc = continuation_ptr 185*d4514f0bSApple OSS Distributions return self 186*d4514f0bSApple OSS Distributions 187*d4514f0bSApple OSS Distributions @classmethod 188*d4514f0bSApple OSS Distributions def GetRegisterInfo(cls, regnum): 189*d4514f0bSApple OSS Distributions if regnum < 0 or regnum > len(cls.register_info['registers']): 190*d4514f0bSApple OSS Distributions return '' 191*d4514f0bSApple OSS Distributions 192*d4514f0bSApple OSS Distributions reginfo = cls.register_info['registers'][regnum] 193*d4514f0bSApple OSS Distributions retval = '' 194*d4514f0bSApple OSS Distributions for i in list(reginfo.keys()): 195*d4514f0bSApple OSS Distributions v_str = str(reginfo[i]) 196*d4514f0bSApple OSS Distributions if i == 'set': 197*d4514f0bSApple OSS Distributions v_str = 'General Purpose Registers' 198*d4514f0bSApple OSS Distributions retval += "%s:%s;" % (str(i), v_str) 199*d4514f0bSApple OSS Distributions return retval 200*d4514f0bSApple OSS Distributions 201*d4514f0bSApple OSS Distributions 202*d4514f0bSApple OSS Distributions 203*d4514f0bSApple OSS Distributionsclass Armv7_RegisterSet(object): 204*d4514f0bSApple OSS Distributions """ register info set for armv7 32 bit architecture """ 205*d4514f0bSApple OSS Distributions register_info = { 'sets' : ['GPR'], 206*d4514f0bSApple OSS Distributions 'registers': [ 207*d4514f0bSApple OSS Distributions { 'name':'r0' , 'bitsize' : 32, 'offset' : 0, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 0, 'dwarf' : 0}, 208*d4514f0bSApple OSS Distributions { 'name':'r1' , 'bitsize' : 32, 'offset' : 4, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 1, 'dwarf' : 1}, 209*d4514f0bSApple OSS Distributions { 'name':'r2' , 'bitsize' : 32, 'offset' : 8, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 2, 'dwarf' : 2}, 210*d4514f0bSApple OSS Distributions { 'name':'r3' , 'bitsize' : 32, 'offset' : 12, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 3, 'dwarf' : 3}, 211*d4514f0bSApple OSS Distributions { 'name':'r4' , 'bitsize' : 32, 'offset' : 16, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 4, 'dwarf' : 4}, 212*d4514f0bSApple OSS Distributions { 'name':'r5' , 'bitsize' : 32, 'offset' : 20, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 5, 'dwarf' : 5}, 213*d4514f0bSApple OSS Distributions { 'name':'r6' , 'bitsize' : 32, 'offset' : 24, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 6, 'dwarf' : 6}, 214*d4514f0bSApple OSS Distributions { 'name':'r7' , 'bitsize' : 32, 'offset' : 28, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 7, 'dwarf' : 7}, 215*d4514f0bSApple OSS Distributions { 'name':'r8' , 'bitsize' : 32, 'offset' : 32, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 8, 'dwarf' : 8}, 216*d4514f0bSApple OSS Distributions { 'name':'r9' , 'bitsize' : 32, 'offset' : 36, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc': 9, 'dwarf' : 9}, 217*d4514f0bSApple OSS Distributions { 'name':'r10' , 'bitsize' : 32, 'offset' : 40, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':10, 'dwarf' :10}, 218*d4514f0bSApple OSS Distributions { 'name':'r11' , 'bitsize' : 32, 'offset' : 44, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':11, 'dwarf' :11, 'alt-name': 'fp', 'generic': 'fp'}, 219*d4514f0bSApple OSS Distributions { 'name':'r12' , 'bitsize' : 32, 'offset' : 48, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':12, 'dwarf' :12}, 220*d4514f0bSApple OSS Distributions { 'name':'sp' , 'bitsize' : 32, 'offset' : 52, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':13, 'dwarf' :13, 'generic': 'sp'}, 221*d4514f0bSApple OSS Distributions { 'name':'lr' , 'bitsize' : 32, 'offset' : 56, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':14, 'dwarf' :14, 'generic': 'lr'}, 222*d4514f0bSApple OSS Distributions { 'name':'pc' , 'bitsize' : 32, 'offset' : 60, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':15, 'dwarf' :15, 'generic': 'pc'}, 223*d4514f0bSApple OSS Distributions { 'name':'cpsr' , 'bitsize' : 32, 'offset' : 64, 'encoding':'uint', 'format':'hex', 'set':0, 'gcc':16, 'dwarf' :16, 'generic':'flags'}, 224*d4514f0bSApple OSS Distributions { 'name':'fsr' , 'bitsize' : 32, 'offset' : 68, 'encoding':'uint', 'format':'hex', 'set':0}, 225*d4514f0bSApple OSS Distributions { 'name':'far' , 'bitsize' : 32, 'offset' : 72, 'encoding':'uint', 'format':'hex', 'set':0} 226*d4514f0bSApple OSS Distributions ] 227*d4514f0bSApple OSS Distributions } 228*d4514f0bSApple OSS Distributions 229*d4514f0bSApple OSS Distributions def __init__(self): 230*d4514f0bSApple OSS Distributions self.switch_context_address = osplugin_target_obj.FindSymbols('load_reg')[0].GetSymbol().GetStartAddress().GetLoadAddress(osplugin_target_obj) + 8 231*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 232*d4514f0bSApple OSS Distributions 233*d4514f0bSApple OSS Distributions @classmethod 234*d4514f0bSApple OSS Distributions def GetRegisterInfo(cls, regnum): 235*d4514f0bSApple OSS Distributions if regnum < 0 or regnum > len(cls.register_info['registers']): 236*d4514f0bSApple OSS Distributions return '' 237*d4514f0bSApple OSS Distributions 238*d4514f0bSApple OSS Distributions reginfo = cls.register_info['registers'][regnum] 239*d4514f0bSApple OSS Distributions retval = '' 240*d4514f0bSApple OSS Distributions for i in list(reginfo.keys()): 241*d4514f0bSApple OSS Distributions v_str = str(reginfo[i]) 242*d4514f0bSApple OSS Distributions if i == 'set': 243*d4514f0bSApple OSS Distributions v_str = 'General Purpose Registers' 244*d4514f0bSApple OSS Distributions retval += "%s:%s;" % (str(i), v_str) 245*d4514f0bSApple OSS Distributions return retval 246*d4514f0bSApple OSS Distributions 247*d4514f0bSApple OSS Distributions def ResetRegisterValues(self): 248*d4514f0bSApple OSS Distributions self.r0 = 0 249*d4514f0bSApple OSS Distributions self.r1 = 0 250*d4514f0bSApple OSS Distributions self.r2 = 0 251*d4514f0bSApple OSS Distributions self.r3 = 0 252*d4514f0bSApple OSS Distributions self.r4 = 0 253*d4514f0bSApple OSS Distributions self.r5 = 0 254*d4514f0bSApple OSS Distributions self.r6 = 0 255*d4514f0bSApple OSS Distributions self.r7 = 0 256*d4514f0bSApple OSS Distributions self.r8 = 0 257*d4514f0bSApple OSS Distributions self.r9 = 0 258*d4514f0bSApple OSS Distributions self.r10 = 0 259*d4514f0bSApple OSS Distributions self.r11 = 0 260*d4514f0bSApple OSS Distributions self.r12 = 0 261*d4514f0bSApple OSS Distributions self.sp = 0 262*d4514f0bSApple OSS Distributions self.lr = 0 263*d4514f0bSApple OSS Distributions self.pc = 0 264*d4514f0bSApple OSS Distributions self.cpsr = 0 265*d4514f0bSApple OSS Distributions self.fsr = 0 266*d4514f0bSApple OSS Distributions self.far = 0 267*d4514f0bSApple OSS Distributions 268*d4514f0bSApple OSS Distributions def __str__(self): 269*d4514f0bSApple OSS Distributions return """ 270*d4514f0bSApple OSS Distributions r0 = {o.r0: <#010x} 271*d4514f0bSApple OSS Distributions r1 = {o.r1: <#010x} 272*d4514f0bSApple OSS Distributions r2 = {o.r2: <#010x} 273*d4514f0bSApple OSS Distributions r3 = {o.r3: <#010x} 274*d4514f0bSApple OSS Distributions r4 = {o.r4: <#010x} 275*d4514f0bSApple OSS Distributions r5 = {o.r5: <#010x} 276*d4514f0bSApple OSS Distributions r6 = {o.r6: <#010x} 277*d4514f0bSApple OSS Distributions r7 = {o.r7: <#010x} 278*d4514f0bSApple OSS Distributions r8 = {o.r8: <#010x} 279*d4514f0bSApple OSS Distributions r9 = {o.r9: <#010x} 280*d4514f0bSApple OSS Distributions r10 = {o.r10: <#010x} 281*d4514f0bSApple OSS Distributions r11 = {o.r11: <#010x} 282*d4514f0bSApple OSS Distributions r12 = {o.r12: <#010x} 283*d4514f0bSApple OSS Distributions sp = {o.sp: <#010x} 284*d4514f0bSApple OSS Distributions lr = {o.lr: <#010x} 285*d4514f0bSApple OSS Distributions pc = {o.pc: <#010x} 286*d4514f0bSApple OSS Distributions cpsr = {o.cpsr: <#010x} 287*d4514f0bSApple OSS Distributions fsr = {o.fsr : <#010x} 288*d4514f0bSApple OSS Distributions far = {o.far : <#010x} 289*d4514f0bSApple OSS Distributions """.format(o=self) 290*d4514f0bSApple OSS Distributions 291*d4514f0bSApple OSS Distributions def GetPackedRegisterState(self): 292*d4514f0bSApple OSS Distributions return struct.pack('19I', self.r0, self.r1, self.r2, self.r3, 293*d4514f0bSApple OSS Distributions self.r4, self.r5, self.r6, self.r7, 294*d4514f0bSApple OSS Distributions self.r8, self.r9, self.r10, self.r11, 295*d4514f0bSApple OSS Distributions self.r12, self.sp, self.lr, self.pc, 296*d4514f0bSApple OSS Distributions self.cpsr, self.fsr, self.far) 297*d4514f0bSApple OSS Distributions 298*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKDPSavedState(self, kdp_state, kernel_version): 299*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(struct arm_saved_state *) ' + str(kdp_state.GetValueAsUnsigned())) 300*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 301*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 302*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 303*d4514f0bSApple OSS Distributions self.r0 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(0).GetValueAsUnsigned() 304*d4514f0bSApple OSS Distributions self.r1 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(1).GetValueAsUnsigned() 305*d4514f0bSApple OSS Distributions self.r2 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(2).GetValueAsUnsigned() 306*d4514f0bSApple OSS Distributions self.r3 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(3).GetValueAsUnsigned() 307*d4514f0bSApple OSS Distributions self.r4 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(4).GetValueAsUnsigned() 308*d4514f0bSApple OSS Distributions self.r5 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(5).GetValueAsUnsigned() 309*d4514f0bSApple OSS Distributions self.r6 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(6).GetValueAsUnsigned() 310*d4514f0bSApple OSS Distributions self.r7 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(7).GetValueAsUnsigned() 311*d4514f0bSApple OSS Distributions self.r8 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(8).GetValueAsUnsigned() 312*d4514f0bSApple OSS Distributions self.r9 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(9).GetValueAsUnsigned() 313*d4514f0bSApple OSS Distributions self.r10 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(10).GetValueAsUnsigned() 314*d4514f0bSApple OSS Distributions self.r11 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(11).GetValueAsUnsigned() 315*d4514f0bSApple OSS Distributions self.r12 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(12).GetValueAsUnsigned() 316*d4514f0bSApple OSS Distributions self.sp = saved_state.GetChildMemberWithName('sp').GetValueAsUnsigned() 317*d4514f0bSApple OSS Distributions self.lr = saved_state.GetChildMemberWithName('lr').GetValueAsUnsigned() 318*d4514f0bSApple OSS Distributions self.pc = saved_state.GetChildMemberWithName('pc').GetValueAsUnsigned() 319*d4514f0bSApple OSS Distributions self.cpsr = saved_state.GetChildMemberWithName('cpsr').GetValueAsUnsigned() 320*d4514f0bSApple OSS Distributions self.fsr = saved_state.GetChildMemberWithName('fsr').GetValueAsUnsigned() 321*d4514f0bSApple OSS Distributions self.far = saved_state.GetChildMemberWithName('far').GetValueAsUnsigned() 322*d4514f0bSApple OSS Distributions return self 323*d4514f0bSApple OSS Distributions 324*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKernelStack(self, kstack_saved_state_addr, kernel_version): 325*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(struct arm_saved_state *) '+ str(kstack_saved_state_addr)) 326*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 327*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 328*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 329*d4514f0bSApple OSS Distributions self.r0 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(0).GetValueAsUnsigned() 330*d4514f0bSApple OSS Distributions self.r1 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(1).GetValueAsUnsigned() 331*d4514f0bSApple OSS Distributions self.r2 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(2).GetValueAsUnsigned() 332*d4514f0bSApple OSS Distributions self.r3 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(3).GetValueAsUnsigned() 333*d4514f0bSApple OSS Distributions self.r4 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(4).GetValueAsUnsigned() 334*d4514f0bSApple OSS Distributions self.r5 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(5).GetValueAsUnsigned() 335*d4514f0bSApple OSS Distributions self.r6 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(6).GetValueAsUnsigned() 336*d4514f0bSApple OSS Distributions self.r7 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(7).GetValueAsUnsigned() 337*d4514f0bSApple OSS Distributions self.r8 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(8).GetValueAsUnsigned() 338*d4514f0bSApple OSS Distributions self.r9 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(9).GetValueAsUnsigned() 339*d4514f0bSApple OSS Distributions self.r10 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(10).GetValueAsUnsigned() 340*d4514f0bSApple OSS Distributions self.r11 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(11).GetValueAsUnsigned() 341*d4514f0bSApple OSS Distributions self.r12 = saved_state.GetChildMemberWithName('r').GetChildAtIndex(12).GetValueAsUnsigned() 342*d4514f0bSApple OSS Distributions self.sp = saved_state.GetChildMemberWithName('sp').GetValueAsUnsigned() 343*d4514f0bSApple OSS Distributions self.lr = saved_state.GetChildMemberWithName('lr').GetValueAsUnsigned() 344*d4514f0bSApple OSS Distributions # pc for a blocked thread is treated to be the next instruction it would run after thread switch. 345*d4514f0bSApple OSS Distributions self.pc = self.switch_context_address 346*d4514f0bSApple OSS Distributions self.cpsr = saved_state.GetChildMemberWithName('cpsr').GetValueAsUnsigned() 347*d4514f0bSApple OSS Distributions self.fsr = saved_state.GetChildMemberWithName('fsr').GetValueAsUnsigned() 348*d4514f0bSApple OSS Distributions self.far = saved_state.GetChildMemberWithName('far').GetValueAsUnsigned() 349*d4514f0bSApple OSS Distributions return self 350*d4514f0bSApple OSS Distributions 351*d4514f0bSApple OSS Distributions def ReadRegisterDataFromContinuation(self, continuation_ptr): 352*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 353*d4514f0bSApple OSS Distributions self.pc = continuation_ptr 354*d4514f0bSApple OSS Distributions return self 355*d4514f0bSApple OSS Distributions 356*d4514f0bSApple OSS Distributions 357*d4514f0bSApple OSS Distributionsclass I386_RegisterSet(object): 358*d4514f0bSApple OSS Distributions """ register info set for i386 architecture 359*d4514f0bSApple OSS Distributions """ 360*d4514f0bSApple OSS Distributions register_info = { 'sets' : ['GPR'], 361*d4514f0bSApple OSS Distributions 'registers': [ 362*d4514f0bSApple OSS Distributions { 'name': 'eax' , 'bitsize': 32, 'offset' : 0, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 0, 'dwarf': 0}, 363*d4514f0bSApple OSS Distributions { 'name': 'ebx' , 'bitsize': 32, 'offset' : 4, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 3, 'dwarf': 3}, 364*d4514f0bSApple OSS Distributions { 'name': 'ecx' , 'bitsize': 32, 'offset' : 8, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 1, 'dwarf': 1}, 365*d4514f0bSApple OSS Distributions { 'name': 'edx' , 'bitsize': 32, 'offset' :12, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 2, 'dwarf': 2}, 366*d4514f0bSApple OSS Distributions { 'name': 'edi' , 'bitsize': 32, 'offset' :16, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 7, 'dwarf': 7}, 367*d4514f0bSApple OSS Distributions { 'name': 'esi' , 'bitsize': 32, 'offset' :20, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 6, 'dwarf': 6}, 368*d4514f0bSApple OSS Distributions { 'name': 'ebp' , 'bitsize': 32, 'offset' :24, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 4, 'dwarf': 5, 'generic': 'fp', 'alt-name': 'fp'}, 369*d4514f0bSApple OSS Distributions { 'name': 'esp' , 'bitsize': 32, 'offset' :28, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 5, 'dwarf': 4, 'generic': 'sp', 'alt-name': 'sp'}, 370*d4514f0bSApple OSS Distributions { 'name': 'ss' , 'bitsize': 32, 'offset' :32, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 371*d4514f0bSApple OSS Distributions { 'name': 'eflags', 'bitsize': 32, 'offset' :36, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' : 9, 'dwarf': 9, 'generic': 'flags'}, 372*d4514f0bSApple OSS Distributions { 'name': 'eip' , 'bitsize': 32, 'offset' :40, 'encoding': 'uint' , 'format':'hex' , 'set': 0, 'gcc' :8, 'dwarf':8, 'generic': 'pc', 'alt-name': 'pc'}, 373*d4514f0bSApple OSS Distributions { 'name': 'cs' , 'bitsize': 32, 'offset' :44, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 374*d4514f0bSApple OSS Distributions { 'name': 'ds' , 'bitsize': 32, 'offset' :48, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 375*d4514f0bSApple OSS Distributions { 'name': 'es' , 'bitsize': 32, 'offset' :52, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 376*d4514f0bSApple OSS Distributions { 'name': 'fs' , 'bitsize': 32, 'offset' :56, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 377*d4514f0bSApple OSS Distributions { 'name': 'gs' , 'bitsize': 32, 'offset' :60, 'encoding': 'uint' , 'format':'hex' , 'set': 0}, 378*d4514f0bSApple OSS Distributions ] 379*d4514f0bSApple OSS Distributions } 380*d4514f0bSApple OSS Distributions 381*d4514f0bSApple OSS Distributions def __init__(self): 382*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 383*d4514f0bSApple OSS Distributions 384*d4514f0bSApple OSS Distributions @classmethod 385*d4514f0bSApple OSS Distributions def GetRegisterInfo(cls, regnum): 386*d4514f0bSApple OSS Distributions if regnum < 0 or regnum > len(cls.register_info['registers']): 387*d4514f0bSApple OSS Distributions return '' 388*d4514f0bSApple OSS Distributions 389*d4514f0bSApple OSS Distributions reginfo = cls.register_info['registers'][regnum] 390*d4514f0bSApple OSS Distributions retval = '' 391*d4514f0bSApple OSS Distributions for i in list(reginfo.keys()): 392*d4514f0bSApple OSS Distributions v_str = str(reginfo[i]) 393*d4514f0bSApple OSS Distributions if i == 'set': 394*d4514f0bSApple OSS Distributions v_str = 'General Purpose Registers' 395*d4514f0bSApple OSS Distributions retval += "%s:%s;" % (str(i), v_str) 396*d4514f0bSApple OSS Distributions return retval 397*d4514f0bSApple OSS Distributions 398*d4514f0bSApple OSS Distributions def ResetRegisterValues(self): 399*d4514f0bSApple OSS Distributions """ set all registers to zero """ 400*d4514f0bSApple OSS Distributions self.eax = 0 401*d4514f0bSApple OSS Distributions self.ebx = 0 402*d4514f0bSApple OSS Distributions self.ecx = 0 403*d4514f0bSApple OSS Distributions self.edx = 0 404*d4514f0bSApple OSS Distributions self.edi = 0 405*d4514f0bSApple OSS Distributions self.esi = 0 406*d4514f0bSApple OSS Distributions self.ebp = 0 407*d4514f0bSApple OSS Distributions self.esp = 0 408*d4514f0bSApple OSS Distributions self.ss = 0 409*d4514f0bSApple OSS Distributions self.eflags = 0 410*d4514f0bSApple OSS Distributions self.eip = 0 411*d4514f0bSApple OSS Distributions self.cs = 0 412*d4514f0bSApple OSS Distributions self.ds = 0 413*d4514f0bSApple OSS Distributions self.es = 0 414*d4514f0bSApple OSS Distributions self.fs = 0 415*d4514f0bSApple OSS Distributions self.gs = 0 416*d4514f0bSApple OSS Distributions 417*d4514f0bSApple OSS Distributions def __str__(self): 418*d4514f0bSApple OSS Distributions return """ 419*d4514f0bSApple OSS Distributions eax = {o.eax: #010x} 420*d4514f0bSApple OSS Distributions ebx = {o.ebx: #010x} 421*d4514f0bSApple OSS Distributions ecx = {o.ecx: #010x} 422*d4514f0bSApple OSS Distributions edx = {o.edx: #010x} 423*d4514f0bSApple OSS Distributions edi = {o.edi: #010x} 424*d4514f0bSApple OSS Distributions esi = {o.esi: #010x} 425*d4514f0bSApple OSS Distributions ebp = {o.ebp: #010x} 426*d4514f0bSApple OSS Distributions esp = {o.esp: #010x} 427*d4514f0bSApple OSS Distributions ss = {o.ss: #010x} 428*d4514f0bSApple OSS Distributions eflags = {o.eflags: #010x} 429*d4514f0bSApple OSS Distributions eip = {o.eip: #010x} 430*d4514f0bSApple OSS Distributions cs = {o.cs: #010x} 431*d4514f0bSApple OSS Distributions ds = {o.ds: #010x} 432*d4514f0bSApple OSS Distributions es = {o.es: #010x} 433*d4514f0bSApple OSS Distributions fs = {o.fs: #010x} 434*d4514f0bSApple OSS Distributions gs = {o.gs: #010x} 435*d4514f0bSApple OSS Distributions """.format(o=self) 436*d4514f0bSApple OSS Distributions 437*d4514f0bSApple OSS Distributions def GetPackedRegisterState(self): 438*d4514f0bSApple OSS Distributions """ get a struct.pack register data """ 439*d4514f0bSApple OSS Distributions return struct.pack('16I', self.eax, self.ebx, self.ecx, 440*d4514f0bSApple OSS Distributions self.edx, self.edi, self.esi, 441*d4514f0bSApple OSS Distributions self.ebp, self.esp, self.ss, 442*d4514f0bSApple OSS Distributions self.eflags, self.eip, self.cs, 443*d4514f0bSApple OSS Distributions self.ds, self.es, self.fs, self.gs 444*d4514f0bSApple OSS Distributions ) 445*d4514f0bSApple OSS Distributions 446*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKDPSavedState(self, kdp_state, kernel_version): 447*d4514f0bSApple OSS Distributions """ to be implemented""" 448*d4514f0bSApple OSS Distributions return None 449*d4514f0bSApple OSS Distributions 450*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKernelStack(self, kstack_saved_state_addr, kernel_version): 451*d4514f0bSApple OSS Distributions """ to be implemented """ 452*d4514f0bSApple OSS Distributions return None 453*d4514f0bSApple OSS Distributions 454*d4514f0bSApple OSS Distributions def ReadRegisterDataFromContinuation(self, continuation_ptr): 455*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 456*d4514f0bSApple OSS Distributions self.eip = continuation_ptr 457*d4514f0bSApple OSS Distributions return self 458*d4514f0bSApple OSS Distributions 459*d4514f0bSApple OSS Distributions 460*d4514f0bSApple OSS Distributionsclass X86_64RegisterSet(object): 461*d4514f0bSApple OSS Distributions """ register info set for x86_64 architecture """ 462*d4514f0bSApple OSS Distributions register_info = { 'sets' : ['GPR'], 463*d4514f0bSApple OSS Distributions 'registers': [ 464*d4514f0bSApple OSS Distributions { 'name':'rax' , 'bitsize' : 64, 'offset' : 0, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 0, 'dwarf' : 0}, 465*d4514f0bSApple OSS Distributions { 'name':'rbx' , 'bitsize' : 64, 'offset' : 8, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 3, 'dwarf' : 3}, 466*d4514f0bSApple OSS Distributions { 'name':'rcx' , 'bitsize' : 64, 'offset' : 16, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 2, 'dwarf' : 2, 'generic':'arg4', 'alt-name':'arg4', }, 467*d4514f0bSApple OSS Distributions { 'name':'rdx' , 'bitsize' : 64, 'offset' : 24, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 1, 'dwarf' : 1, 'generic':'arg3', 'alt-name':'arg3', }, 468*d4514f0bSApple OSS Distributions { 'name':'rdi' , 'bitsize' : 64, 'offset' : 32, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 5, 'dwarf' : 5, 'generic':'arg1', 'alt-name':'arg1', }, 469*d4514f0bSApple OSS Distributions { 'name':'rsi' , 'bitsize' : 64, 'offset' : 40, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 4, 'dwarf' : 4, 'generic':'arg2', 'alt-name':'arg2', }, 470*d4514f0bSApple OSS Distributions { 'name':'rbp' , 'bitsize' : 64, 'offset' : 48, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 6, 'dwarf' : 6, 'generic':'fp' , 'alt-name':'fp', }, 471*d4514f0bSApple OSS Distributions { 'name':'rsp' , 'bitsize' : 64, 'offset' : 56, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 7, 'dwarf' : 7, 'generic':'sp' , 'alt-name':'sp', }, 472*d4514f0bSApple OSS Distributions { 'name':'r8' , 'bitsize' : 64, 'offset' : 64, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 8, 'dwarf' : 8, 'generic':'arg5', 'alt-name':'arg5', }, 473*d4514f0bSApple OSS Distributions { 'name':'r9' , 'bitsize' : 64, 'offset' : 72, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 9, 'dwarf' : 9, 'generic':'arg6', 'alt-name':'arg6', }, 474*d4514f0bSApple OSS Distributions { 'name':'r10' , 'bitsize' : 64, 'offset' : 80, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 10, 'dwarf' : 10}, 475*d4514f0bSApple OSS Distributions { 'name':'r11' , 'bitsize' : 64, 'offset' : 88, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 11, 'dwarf' : 11}, 476*d4514f0bSApple OSS Distributions { 'name':'r12' , 'bitsize' : 64, 'offset' : 96, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 12, 'dwarf' : 12}, 477*d4514f0bSApple OSS Distributions { 'name':'r13' , 'bitsize' : 64, 'offset' : 104, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 13, 'dwarf' : 13}, 478*d4514f0bSApple OSS Distributions { 'name':'r14' , 'bitsize' : 64, 'offset' : 112, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 14, 'dwarf' : 14}, 479*d4514f0bSApple OSS Distributions { 'name':'r15' , 'bitsize' : 64, 'offset' : 120, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 15, 'dwarf' : 15}, 480*d4514f0bSApple OSS Distributions { 'name':'rip' , 'bitsize' : 64, 'offset' : 128, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'gcc' : 16, 'dwarf' : 16, 'generic':'pc', 'alt-name':'pc' }, 481*d4514f0bSApple OSS Distributions { 'name':'rflags' , 'bitsize' : 64, 'offset' : 136, 'encoding':'uint' , 'format':'hex' , 'set': 0, 'generic':'flags', 'alt-name':'flags' }, 482*d4514f0bSApple OSS Distributions { 'name':'cs' , 'bitsize' : 64, 'offset' : 144, 'encoding':'uint' , 'format':'hex' , 'set': 0 }, 483*d4514f0bSApple OSS Distributions { 'name':'fs' , 'bitsize' : 64, 'offset' : 152, 'encoding':'uint' , 'format':'hex' , 'set': 0 }, 484*d4514f0bSApple OSS Distributions { 'name':'gs' , 'bitsize' : 64, 'offset' : 160, 'encoding':'uint' , 'format':'hex' , 'set': 0 }, 485*d4514f0bSApple OSS Distributions ] 486*d4514f0bSApple OSS Distributions } 487*d4514f0bSApple OSS Distributions def __init__(self): 488*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 489*d4514f0bSApple OSS Distributions 490*d4514f0bSApple OSS Distributions @classmethod 491*d4514f0bSApple OSS Distributions def GetRegisterInfo(cls, regnum): 492*d4514f0bSApple OSS Distributions if regnum < 0 or regnum > len(cls.register_info['registers']): 493*d4514f0bSApple OSS Distributions return '' 494*d4514f0bSApple OSS Distributions 495*d4514f0bSApple OSS Distributions reginfo = cls.register_info['registers'][regnum] 496*d4514f0bSApple OSS Distributions retval = '' 497*d4514f0bSApple OSS Distributions for i in list(reginfo.keys()): 498*d4514f0bSApple OSS Distributions v_str = str(reginfo[i]) 499*d4514f0bSApple OSS Distributions if i == 'set': 500*d4514f0bSApple OSS Distributions v_str = 'General Purpose Registers' 501*d4514f0bSApple OSS Distributions retval += "%s:%s;" % (str(i), v_str) 502*d4514f0bSApple OSS Distributions return retval 503*d4514f0bSApple OSS Distributions 504*d4514f0bSApple OSS Distributions 505*d4514f0bSApple OSS Distributions def ResetRegisterValues(self): 506*d4514f0bSApple OSS Distributions """ set all the registers to zero. """ 507*d4514f0bSApple OSS Distributions self.rax = 0 508*d4514f0bSApple OSS Distributions self.rbx = 0 509*d4514f0bSApple OSS Distributions self.rcx = 0 510*d4514f0bSApple OSS Distributions self.rdx = 0 511*d4514f0bSApple OSS Distributions self.rdi = 0 512*d4514f0bSApple OSS Distributions self.rsi = 0 513*d4514f0bSApple OSS Distributions self.rbp = 0 514*d4514f0bSApple OSS Distributions self.rsp = 0 515*d4514f0bSApple OSS Distributions self.r8 = 0 516*d4514f0bSApple OSS Distributions self.r9 = 0 517*d4514f0bSApple OSS Distributions self.r10 = 0 518*d4514f0bSApple OSS Distributions self.r11 = 0 519*d4514f0bSApple OSS Distributions self.r12 = 0 520*d4514f0bSApple OSS Distributions self.r13 = 0 521*d4514f0bSApple OSS Distributions self.r14 = 0 522*d4514f0bSApple OSS Distributions self.r15 = 0 523*d4514f0bSApple OSS Distributions self.rip = 0 524*d4514f0bSApple OSS Distributions self.rflags = 0 525*d4514f0bSApple OSS Distributions self.cs = 0 526*d4514f0bSApple OSS Distributions self.fs = 0 527*d4514f0bSApple OSS Distributions self.gs = 0 528*d4514f0bSApple OSS Distributions 529*d4514f0bSApple OSS Distributions def __str__(self): 530*d4514f0bSApple OSS Distributions return """ 531*d4514f0bSApple OSS Distributions rax = {o.rax: <#018x} 532*d4514f0bSApple OSS Distributions rbx = {o.rbx: <#018x} 533*d4514f0bSApple OSS Distributions rcx = {o.rcx: <#018x} 534*d4514f0bSApple OSS Distributions rdx = {o.rdx: <#018x} 535*d4514f0bSApple OSS Distributions rdi = {o.rdi: <#018x} 536*d4514f0bSApple OSS Distributions rsi = {o.rsi: <#018x} 537*d4514f0bSApple OSS Distributions rbp = {o.rbp: <#018x} 538*d4514f0bSApple OSS Distributions rsp = {o.rsp: <#018x} 539*d4514f0bSApple OSS Distributions r8 = {o.r8: <#018x} 540*d4514f0bSApple OSS Distributions r9 = {o.r9: <#018x} 541*d4514f0bSApple OSS Distributions r10 = {o.r10: <#018x} 542*d4514f0bSApple OSS Distributions r11 = {o.r11: <#018x} 543*d4514f0bSApple OSS Distributions r12 = {o.r12: <#018x} 544*d4514f0bSApple OSS Distributions r13 = {o.r13: <#018x} 545*d4514f0bSApple OSS Distributions r14 = {o.r14: <#018x} 546*d4514f0bSApple OSS Distributions r15 = {o.r15: <#018x} 547*d4514f0bSApple OSS Distributions rip = {o.rip: <#018x} 548*d4514f0bSApple OSS Distributions rflags = {o.rflags: <#018x} 549*d4514f0bSApple OSS Distributions cs = {o.cs: <#018x} 550*d4514f0bSApple OSS Distributions fs = {o.fs: <#018x} 551*d4514f0bSApple OSS Distributions gs = {o.gs: <#018x} 552*d4514f0bSApple OSS Distributions """.format(o=self) 553*d4514f0bSApple OSS Distributions 554*d4514f0bSApple OSS Distributions def GetPackedRegisterState(self): 555*d4514f0bSApple OSS Distributions """ get a struct.pack register data for passing to C constructs """ 556*d4514f0bSApple OSS Distributions return struct.pack('21Q', self.rax, self.rbx, self.rcx, self.rdx, self.rdi, 557*d4514f0bSApple OSS Distributions self.rsi, self.rbp, self.rsp, self.r8, self.r9, 558*d4514f0bSApple OSS Distributions self.r10, self.r11, self.r12, self.r13, self.r14, 559*d4514f0bSApple OSS Distributions self.r15, self.rip, self.rflags, self.cs, self.fs, self.gs) 560*d4514f0bSApple OSS Distributions 561*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKDPSavedState(self, kdp_state, kernel_version): 562*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(struct x86_saved_state64 *) '+ str(kdp_state.GetValueAsUnsigned())) 563*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 564*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 565*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 566*d4514f0bSApple OSS Distributions self.rdi = saved_state.GetChildMemberWithName('rdi').GetValueAsUnsigned() 567*d4514f0bSApple OSS Distributions self.rsi = saved_state.GetChildMemberWithName('rsi').GetValueAsUnsigned() 568*d4514f0bSApple OSS Distributions self.rdx = saved_state.GetChildMemberWithName('rdx').GetValueAsUnsigned() 569*d4514f0bSApple OSS Distributions self.r10 = saved_state.GetChildMemberWithName('r10').GetValueAsUnsigned() 570*d4514f0bSApple OSS Distributions self.r8 = saved_state.GetChildMemberWithName('r8').GetValueAsUnsigned() 571*d4514f0bSApple OSS Distributions self.r9 = saved_state.GetChildMemberWithName('r9').GetValueAsUnsigned() 572*d4514f0bSApple OSS Distributions self.r15 = saved_state.GetChildMemberWithName('r15').GetValueAsUnsigned() 573*d4514f0bSApple OSS Distributions self.r14 = saved_state.GetChildMemberWithName('r14').GetValueAsUnsigned() 574*d4514f0bSApple OSS Distributions self.r13 = saved_state.GetChildMemberWithName('r13').GetValueAsUnsigned() 575*d4514f0bSApple OSS Distributions self.r12 = saved_state.GetChildMemberWithName('r12').GetValueAsUnsigned() 576*d4514f0bSApple OSS Distributions self.r11 = saved_state.GetChildMemberWithName('r11').GetValueAsUnsigned() 577*d4514f0bSApple OSS Distributions self.rbp = saved_state.GetChildMemberWithName('rbp').GetValueAsUnsigned() 578*d4514f0bSApple OSS Distributions self.rbx = saved_state.GetChildMemberWithName('rbx').GetValueAsUnsigned() 579*d4514f0bSApple OSS Distributions self.rcx = saved_state.GetChildMemberWithName('rcx').GetValueAsUnsigned() 580*d4514f0bSApple OSS Distributions self.rax = saved_state.GetChildMemberWithName('rax').GetValueAsUnsigned() 581*d4514f0bSApple OSS Distributions self.rip = saved_state.GetChildMemberWithName('isf').GetChildMemberWithName('rip').GetValueAsUnsigned() 582*d4514f0bSApple OSS Distributions self.rflags = saved_state.GetChildMemberWithName('isf').GetChildMemberWithName('rflags').GetValueAsUnsigned() 583*d4514f0bSApple OSS Distributions self.rsp = saved_state.GetChildMemberWithName('isf').GetChildMemberWithName('rsp').GetValueAsUnsigned() 584*d4514f0bSApple OSS Distributions return self 585*d4514f0bSApple OSS Distributions 586*d4514f0bSApple OSS Distributions def ReadRegisterDataFromKernelStack(self, kstack_saved_state_addr, kernel_version): 587*d4514f0bSApple OSS Distributions saved_state = kernel_version.CreateValueFromExpression(None, '(struct x86_kernel_state *) '+ str(kstack_saved_state_addr)) 588*d4514f0bSApple OSS Distributions saved_state = saved_state.Dereference() 589*d4514f0bSApple OSS Distributions saved_state = PluginValue(saved_state) 590*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 591*d4514f0bSApple OSS Distributions self.rbx = saved_state.GetChildMemberWithName('k_rbx').GetValueAsUnsigned() 592*d4514f0bSApple OSS Distributions self.rsp = saved_state.GetChildMemberWithName('k_rsp').GetValueAsUnsigned() 593*d4514f0bSApple OSS Distributions self.rbp = saved_state.GetChildMemberWithName('k_rbp').GetValueAsUnsigned() 594*d4514f0bSApple OSS Distributions self.r12 = saved_state.GetChildMemberWithName('k_r12').GetValueAsUnsigned() 595*d4514f0bSApple OSS Distributions self.r13 = saved_state.GetChildMemberWithName('k_r13').GetValueAsUnsigned() 596*d4514f0bSApple OSS Distributions self.r14 = saved_state.GetChildMemberWithName('k_r14').GetValueAsUnsigned() 597*d4514f0bSApple OSS Distributions self.r15 = saved_state.GetChildMemberWithName('k_r15').GetValueAsUnsigned() 598*d4514f0bSApple OSS Distributions self.rip = saved_state.GetChildMemberWithName('k_rip').GetValueAsUnsigned() 599*d4514f0bSApple OSS Distributions return self 600*d4514f0bSApple OSS Distributions 601*d4514f0bSApple OSS Distributions def ReadRegisterDataFromContinuation(self, continuation_ptr): 602*d4514f0bSApple OSS Distributions self.ResetRegisterValues() 603*d4514f0bSApple OSS Distributions self.rip = continuation_ptr 604*d4514f0bSApple OSS Distributions return self 605*d4514f0bSApple OSS Distributions 606*d4514f0bSApple OSS Distributions 607*d4514f0bSApple OSS Distributions 608*d4514f0bSApple OSS Distributions 609*d4514f0bSApple OSS Distributionsdef IterateQueue(queue_head: lldb.SBValue, element_ptr_type: lldb.SBType, element_field_name: str): 610*d4514f0bSApple OSS Distributions """ iterate over a queue in kernel of type queue_head_t. refer to osfmk/kern/queue.h 611*d4514f0bSApple OSS Distributions params: 612*d4514f0bSApple OSS Distributions queue_head - lldb.SBValue : Value object for queue_head. 613*d4514f0bSApple OSS Distributions element_type - lldb.SBType : a pointer type of the element 'next' points to. Typically its structs like thread, task etc.. 614*d4514f0bSApple OSS Distributions element_field_name - str : name of the field in target struct. 615*d4514f0bSApple OSS Distributions returns: 616*d4514f0bSApple OSS Distributions A generator does not return. It is used for iterating. 617*d4514f0bSApple OSS Distributions SBValue : an object thats of type (element_type) queue_head->next. Always a pointer object 618*d4514f0bSApple OSS Distributions """ 619*d4514f0bSApple OSS Distributions queue_head_addr = 0x0 620*d4514f0bSApple OSS Distributions if queue_head.TypeIsPointerType(): 621*d4514f0bSApple OSS Distributions queue_head_addr = queue_head.GetValueAsUnsigned() 622*d4514f0bSApple OSS Distributions else: 623*d4514f0bSApple OSS Distributions queue_head_addr = queue_head.GetAddress().GetLoadAddress(osplugin_target_obj) 624*d4514f0bSApple OSS Distributions cur_elt: lldb.SBValue = queue_head.GetChildMemberWithName('next') 625*d4514f0bSApple OSS Distributions while True: 626*d4514f0bSApple OSS Distributions if not (cur_elt.IsValid() and cur_elt.error.success) or cur_elt.GetValueAsUnsigned() == 0 or cur_elt.GetValueAsUnsigned() == queue_head_addr: 627*d4514f0bSApple OSS Distributions break 628*d4514f0bSApple OSS Distributions elt = cur_elt.Cast(element_ptr_type) 629*d4514f0bSApple OSS Distributions yield elt 630*d4514f0bSApple OSS Distributions cur_elt = elt.GetChildMemberWithName(element_field_name).GetChildMemberWithName('next') 631*d4514f0bSApple OSS Distributions 632*d4514f0bSApple OSS Distributionsdef GetUniqueSessionID(process_obj): 633*d4514f0bSApple OSS Distributions """ Create a unique session identifier. 634*d4514f0bSApple OSS Distributions params: 635*d4514f0bSApple OSS Distributions process_obj: lldb.SBProcess object refering to connected process. 636*d4514f0bSApple OSS Distributions returns: 637*d4514f0bSApple OSS Distributions int - a unique number identified by processid and stopid. 638*d4514f0bSApple OSS Distributions """ 639*d4514f0bSApple OSS Distributions session_key_str = "" 640*d4514f0bSApple OSS Distributions if hasattr(process_obj, "GetUniqueID"): 641*d4514f0bSApple OSS Distributions session_key_str += str(process_obj.GetUniqueID()) + ":" 642*d4514f0bSApple OSS Distributions else: 643*d4514f0bSApple OSS Distributions session_key_str += "0:" 644*d4514f0bSApple OSS Distributions 645*d4514f0bSApple OSS Distributions if hasattr(process_obj, "GetStopID"): 646*d4514f0bSApple OSS Distributions session_key_str += str(process_obj.GetStopID()) 647*d4514f0bSApple OSS Distributions else: 648*d4514f0bSApple OSS Distributions session_key_str +="1" 649*d4514f0bSApple OSS Distributions 650*d4514f0bSApple OSS Distributions return hash(session_key_str) 651*d4514f0bSApple OSS Distributions 652*d4514f0bSApple OSS Distributions 653*d4514f0bSApple OSS Distributions(archX86_64, archARMv7, archI386, archARMv8) = ("x86_64", "armv7", "i386", "arm64") 654*d4514f0bSApple OSS Distributions 655*d4514f0bSApple OSS Distributionsclass OperatingSystemPlugIn(object): 656*d4514f0bSApple OSS Distributions """Class that provides data for an instance of a LLDB 'OperatingSystemPython' plug-in class""" 657*d4514f0bSApple OSS Distributions 658*d4514f0bSApple OSS Distributions def __init__(self, process): 659*d4514f0bSApple OSS Distributions '''Initialization needs a valid.SBProcess object''' 660*d4514f0bSApple OSS Distributions self.process = None 661*d4514f0bSApple OSS Distributions self.registers = None 662*d4514f0bSApple OSS Distributions self.threads = None 663*d4514f0bSApple OSS Distributions self.thread_cache = {} 664*d4514f0bSApple OSS Distributions self.current_session_id = 0 665*d4514f0bSApple OSS Distributions self.kdp_thread = None 666*d4514f0bSApple OSS Distributions if type(process) is lldb.SBProcess and process.IsValid(): 667*d4514f0bSApple OSS Distributions global osplugin_target_obj 668*d4514f0bSApple OSS Distributions self.process = process 669*d4514f0bSApple OSS Distributions self._target = process.target 670*d4514f0bSApple OSS Distributions osplugin_target_obj = self._target 671*d4514f0bSApple OSS Distributions self.current_session_id = GetUniqueSessionID(self.process) 672*d4514f0bSApple OSS Distributions self.version = self._target.FindGlobalVariables('version', 1).GetValueAtIndex(0) 673*d4514f0bSApple OSS Distributions 674*d4514f0bSApple OSS Distributions # Configure explicit pointer stripping 675*d4514f0bSApple OSS Distributions is_tagged = self._target.FindFirstGlobalVariable('kasan_tbi_enabled').GetValueAsUnsigned() 676*d4514f0bSApple OSS Distributions 677*d4514f0bSApple OSS Distributions if is_tagged: 678*d4514f0bSApple OSS Distributions 679*d4514f0bSApple OSS Distributions def strip_ptr(ptr): 680*d4514f0bSApple OSS Distributions if ptr != 0: 681*d4514f0bSApple OSS Distributions ptr |= (0xFF << 56) 682*d4514f0bSApple OSS Distributions return ptr 683*d4514f0bSApple OSS Distributions self._strip_ptr = strip_ptr 684*d4514f0bSApple OSS Distributions 685*d4514f0bSApple OSS Distributions def strip_thread_sbval(th): 686*d4514f0bSApple OSS Distributions addr = th.GetValueAsAddress() 687*d4514f0bSApple OSS Distributions return self.version.CreateValueFromExpression(str(addr), '(struct thread *)' + str(addr)) 688*d4514f0bSApple OSS Distributions self._strip_thread_sbval = strip_thread_sbval 689*d4514f0bSApple OSS Distributions 690*d4514f0bSApple OSS Distributions else: 691*d4514f0bSApple OSS Distributions self._strip_ptr = lambda ptr: ptr 692*d4514f0bSApple OSS Distributions self._strip_thread_sbval = lambda val: val 693*d4514f0bSApple OSS Distributions 694*d4514f0bSApple OSS Distributions self.kernel_stack_size = self._target.FindGlobalVariables('kernel_stack_size', 1).GetValueAtIndex(0).GetValueAsUnsigned() 695*d4514f0bSApple OSS Distributions self.kernel_context_size = 0 696*d4514f0bSApple OSS Distributions self.connected_over_kdp = False 697*d4514f0bSApple OSS Distributions # connected_to_debugserver signifies if we are connected to astris or other gdbserver instance 698*d4514f0bSApple OSS Distributions # that has the correct thread state for on core threads. For kdp and coredumps we rely on in memory 699*d4514f0bSApple OSS Distributions # state of threads. 700*d4514f0bSApple OSS Distributions self.connected_to_debugserver = True 701*d4514f0bSApple OSS Distributions plugin_string = self.process.GetPluginName().lower() 702*d4514f0bSApple OSS Distributions if plugin_string.find("kdp") >=0: 703*d4514f0bSApple OSS Distributions self.connected_over_kdp = True 704*d4514f0bSApple OSS Distributions self.connected_to_debugserver = False 705*d4514f0bSApple OSS Distributions #print "version", self.version, "kernel_stack_size", self.kernel_stack_size, "context_size", self.kernel_context_size 706*d4514f0bSApple OSS Distributions self.threads = None # Will be an dictionary containing info for each thread 707*d4514f0bSApple OSS Distributions triple = self.process.target.triple 708*d4514f0bSApple OSS Distributions arch = triple.split('-')[0].lower() 709*d4514f0bSApple OSS Distributions self.target_arch = "" 710*d4514f0bSApple OSS Distributions self.kernel_context_size = 0 711*d4514f0bSApple OSS Distributions if arch == archX86_64 : 712*d4514f0bSApple OSS Distributions self.target_arch = archX86_64 713*d4514f0bSApple OSS Distributions print("Target arch: x86_64") 714*d4514f0bSApple OSS Distributions self.register_set = X86_64RegisterSet() 715*d4514f0bSApple OSS Distributions self.kernel_context_size = self._target.FindFirstType('x86_kernel_state').GetByteSize() 716*d4514f0bSApple OSS Distributions self.kernel_thread_state_size = self._target.FindFirstType('struct thread_kernel_state').GetByteSize() 717*d4514f0bSApple OSS Distributions elif arch.startswith(archARMv7) : 718*d4514f0bSApple OSS Distributions self.target_arch = arch 719*d4514f0bSApple OSS Distributions print("Target arch: " + self.target_arch) 720*d4514f0bSApple OSS Distributions self.register_set = Armv7_RegisterSet() 721*d4514f0bSApple OSS Distributions elif arch.startswith(archARMv8): 722*d4514f0bSApple OSS Distributions self.target_arch = arch 723*d4514f0bSApple OSS Distributions print("Target arch: " + self.target_arch) 724*d4514f0bSApple OSS Distributions self.register_set = Armv8_RegisterSet() 725*d4514f0bSApple OSS Distributions # connection intel arm 726*d4514f0bSApple OSS Distributions # kdp Memory Memory 727*d4514f0bSApple OSS Distributions # gdb Server Server 728*d4514f0bSApple OSS Distributions # coredump Memory Server 729*d4514f0bSApple OSS Distributions if not self.connected_over_kdp : 730*d4514f0bSApple OSS Distributions if plugin_string.find('core') >= 0 and self.target_arch == archX86_64: 731*d4514f0bSApple OSS Distributions self.connected_to_debugserver = False 732*d4514f0bSApple OSS Distributions self.registers = self.register_set.register_info 733*d4514f0bSApple OSS Distributions if self.connected_to_debugserver: 734*d4514f0bSApple OSS Distributions print("Connected to live debugserver or arm core. Will associate on-core threads to registers reported by server.") 735*d4514f0bSApple OSS Distributions else: 736*d4514f0bSApple OSS Distributions print("Instantiating threads completely from saved state in memory.") 737*d4514f0bSApple OSS Distributions 738*d4514f0bSApple OSS Distributions def create_thread(self, tid, context): 739*d4514f0bSApple OSS Distributions 740*d4514f0bSApple OSS Distributions # Strip TBI explicitly in case create_thread() is called externally. 741*d4514f0bSApple OSS Distributions context = self._strip_ptr(context) 742*d4514f0bSApple OSS Distributions 743*d4514f0bSApple OSS Distributions # tid == deadbeef means its a custom thread which kernel does not know of. 744*d4514f0bSApple OSS Distributions if tid == 0xdeadbeef : 745*d4514f0bSApple OSS Distributions # tid manipulation should be the same as in "switchtoregs" code in lldbmacros/process.py . 746*d4514f0bSApple OSS Distributions tid = 0xdead0000 | (context & ~0xffff0000) 747*d4514f0bSApple OSS Distributions tid = tid & 0xdeadffff 748*d4514f0bSApple OSS Distributions thread_obj = { 'tid' : tid, 749*d4514f0bSApple OSS Distributions 'ptr' : context, 750*d4514f0bSApple OSS Distributions 'name' : 'switchtoregs' + hex(context), 751*d4514f0bSApple OSS Distributions 'queue' : 'None', 752*d4514f0bSApple OSS Distributions 'state' : 'stopped', 753*d4514f0bSApple OSS Distributions 'stop_reason' : 'none' 754*d4514f0bSApple OSS Distributions } 755*d4514f0bSApple OSS Distributions self.thread_cache[tid] = thread_obj 756*d4514f0bSApple OSS Distributions return thread_obj 757*d4514f0bSApple OSS Distributions 758*d4514f0bSApple OSS Distributions th_ptr = context 759*d4514f0bSApple OSS Distributions th = self.version.CreateValueFromExpression(str(th_ptr), '(struct thread *)' + str(th_ptr)) 760*d4514f0bSApple OSS Distributions thread_id = th.GetChildMemberWithName('thread_id').GetValueAsUnsigned() 761*d4514f0bSApple OSS Distributions if tid != thread_id: 762*d4514f0bSApple OSS Distributions print("FATAL ERROR: Creating thread from memory 0x%x with tid in mem=%d when requested tid = %d " % (context, thread_id, tid)) 763*d4514f0bSApple OSS Distributions return None 764*d4514f0bSApple OSS Distributions 765*d4514f0bSApple OSS Distributions wait_queue = self._strip_ptr(th.GetChildMemberWithName('wait_queue').GetValueAsUnsigned()) 766*d4514f0bSApple OSS Distributions thread_obj = { 'tid' : thread_id, 767*d4514f0bSApple OSS Distributions 'ptr' : th.GetValueAsUnsigned(), 768*d4514f0bSApple OSS Distributions 'name' : hex(th.GetValueAsUnsigned()).rstrip('L'), 769*d4514f0bSApple OSS Distributions 'queue' : hex(wait_queue).rstrip('L'), 770*d4514f0bSApple OSS Distributions 'state' : 'stopped', 771*d4514f0bSApple OSS Distributions 'stop_reason' : 'none' 772*d4514f0bSApple OSS Distributions } 773*d4514f0bSApple OSS Distributions 774*d4514f0bSApple OSS Distributions if self.current_session_id != GetUniqueSessionID(self.process): 775*d4514f0bSApple OSS Distributions self.thread_cache = {} 776*d4514f0bSApple OSS Distributions self.current_session_id = GetUniqueSessionID(self.process) 777*d4514f0bSApple OSS Distributions 778*d4514f0bSApple OSS Distributions self.thread_cache[tid] = thread_obj 779*d4514f0bSApple OSS Distributions return thread_obj 780*d4514f0bSApple OSS Distributions 781*d4514f0bSApple OSS Distributions def get_thread_info(self): 782*d4514f0bSApple OSS Distributions self.kdp_thread = None 783*d4514f0bSApple OSS Distributions self.kdp_state = None 784*d4514f0bSApple OSS Distributions if self.connected_over_kdp : 785*d4514f0bSApple OSS Distributions kdp = self._target.FindGlobalVariables('kdp',1).GetValueAtIndex(0) 786*d4514f0bSApple OSS Distributions kdp_state = kdp.GetChildMemberWithName('saved_state') 787*d4514f0bSApple OSS Distributions kdp_thread = self._strip_thread_sbval(kdp.GetChildMemberWithName('kdp_thread')) 788*d4514f0bSApple OSS Distributions if kdp_thread and kdp_thread.GetValueAsUnsigned() != 0: 789*d4514f0bSApple OSS Distributions self.kdp_thread = kdp_thread 790*d4514f0bSApple OSS Distributions self.kdp_state = kdp_state 791*d4514f0bSApple OSS Distributions kdp_thid = kdp_thread.GetChildMemberWithName('thread_id').GetValueAsUnsigned() 792*d4514f0bSApple OSS Distributions self.create_thread(kdp_thid, kdp_thread.GetValueAsUnsigned()) 793*d4514f0bSApple OSS Distributions self.thread_cache[kdp_thid]['core']=0 794*d4514f0bSApple OSS Distributions retval = [self.thread_cache[kdp_thid]] 795*d4514f0bSApple OSS Distributions return retval 796*d4514f0bSApple OSS Distributions else: 797*d4514f0bSApple OSS Distributions print("FATAL FAILURE: Unable to find kdp_thread state for this connection.") 798*d4514f0bSApple OSS Distributions return [] 799*d4514f0bSApple OSS Distributions 800*d4514f0bSApple OSS Distributions num_threads = self._target.FindGlobalVariables('threads_count',1).GetValueAtIndex(0).GetValueAsUnsigned() 801*d4514f0bSApple OSS Distributions #In case we are caught before threads are initialized. Fallback to threads known by astris/gdb server. 802*d4514f0bSApple OSS Distributions if num_threads <=0 : 803*d4514f0bSApple OSS Distributions return [] 804*d4514f0bSApple OSS Distributions 805*d4514f0bSApple OSS Distributions self.current_session_id = GetUniqueSessionID(self.process) 806*d4514f0bSApple OSS Distributions self.threads = [] 807*d4514f0bSApple OSS Distributions self.thread_cache = {} 808*d4514f0bSApple OSS Distributions self.processors = [] 809*d4514f0bSApple OSS Distributions try: 810*d4514f0bSApple OSS Distributions processor_list_val = PluginValue(self._target.FindGlobalVariables('processor_list',1).GetValueAtIndex(0)) 811*d4514f0bSApple OSS Distributions while processor_list_val.IsValid() and processor_list_val.error.success and processor_list_val.GetValueAsUnsigned() !=0: 812*d4514f0bSApple OSS Distributions th = self._strip_thread_sbval(processor_list_val.GetChildMemberWithName('active_thread')) 813*d4514f0bSApple OSS Distributions th_id = th.GetChildMemberWithName('thread_id').GetValueAsUnsigned() 814*d4514f0bSApple OSS Distributions cpu_id = processor_list_val.GetChildMemberWithName('cpu_id').GetValueAsUnsigned() 815*d4514f0bSApple OSS Distributions self.processors.append({'active_thread': th.GetValueAsUnsigned(), 'cpu_id': cpu_id}) 816*d4514f0bSApple OSS Distributions self.create_thread(th_id, th.GetValueAsUnsigned()) 817*d4514f0bSApple OSS Distributions if self.connected_to_debugserver: 818*d4514f0bSApple OSS Distributions self.thread_cache[th_id]['core'] = cpu_id 819*d4514f0bSApple OSS Distributions self.thread_cache[th_id]['queue'] = "cpu-%d" % int(cpu_id) 820*d4514f0bSApple OSS Distributions nth = self.thread_cache[th_id] 821*d4514f0bSApple OSS Distributions self.threads.append(nth) 822*d4514f0bSApple OSS Distributions self.thread_cache[nth['tid']] = nth 823*d4514f0bSApple OSS Distributions processor_list_val = processor_list_val.GetChildMemberWithName('processor_list') 824*d4514f0bSApple OSS Distributions except KeyboardInterrupt as ke: 825*d4514f0bSApple OSS Distributions print("OS Plugin Interrupted during thread loading process. \nWARNING:Thread registers and backtraces may not be accurate.") 826*d4514f0bSApple OSS Distributions return self.threads 827*d4514f0bSApple OSS Distributions 828*d4514f0bSApple OSS Distributions if hasattr(self.process, 'CreateOSPluginThread'): 829*d4514f0bSApple OSS Distributions return self.threads 830*d4514f0bSApple OSS Distributions 831*d4514f0bSApple OSS Distributions # FIXME remove legacy code 832*d4514f0bSApple OSS Distributions try: 833*d4514f0bSApple OSS Distributions thread_q_head = self._target.FindGlobalVariables('threads', 1).GetValueAtIndex(0) 834*d4514f0bSApple OSS Distributions thread_type = self._target.FindFirstType('thread') 835*d4514f0bSApple OSS Distributions thread_ptr_type = thread_type.GetPointerType() 836*d4514f0bSApple OSS Distributions for th in IterateQueue(thread_q_head, thread_ptr_type, 'threads'): 837*d4514f0bSApple OSS Distributions th = self._strip_thread_sbval(th) 838*d4514f0bSApple OSS Distributions th_id = th.GetChildMemberWithName('thread_id').GetValueAsUnsigned() 839*d4514f0bSApple OSS Distributions self.create_thread(th_id, th.GetValueAsUnsigned()) 840*d4514f0bSApple OSS Distributions nth = self.thread_cache[th_id] 841*d4514f0bSApple OSS Distributions for cputhread in self.processors: 842*d4514f0bSApple OSS Distributions if cputhread['active_thread'] == nth['ptr']: 843*d4514f0bSApple OSS Distributions nth['core'] = cputhread['cpu_id'] 844*d4514f0bSApple OSS Distributions self.threads.append( nth ) 845*d4514f0bSApple OSS Distributions except KeyboardInterrupt as ke: 846*d4514f0bSApple OSS Distributions print("OS Plugin Interrupted during thread loading process. \nWARNING:Thread registers and backtraces may not be accurate.") 847*d4514f0bSApple OSS Distributions return self.threads 848*d4514f0bSApple OSS Distributions # end legacy code 849*d4514f0bSApple OSS Distributions return self.threads 850*d4514f0bSApple OSS Distributions 851*d4514f0bSApple OSS Distributions def get_register_info(self): 852*d4514f0bSApple OSS Distributions if self.registers == None: 853*d4514f0bSApple OSS Distributions print("Register Information not found ") 854*d4514f0bSApple OSS Distributions return self.register_set.register_info 855*d4514f0bSApple OSS Distributions 856*d4514f0bSApple OSS Distributions def get_register_data(self, tid): 857*d4514f0bSApple OSS Distributions thobj = None 858*d4514f0bSApple OSS Distributions try: 859*d4514f0bSApple OSS Distributions regs = self.register_set 860*d4514f0bSApple OSS Distributions if self.current_session_id != GetUniqueSessionID(self.process): 861*d4514f0bSApple OSS Distributions self.thread_cache = {} 862*d4514f0bSApple OSS Distributions self.current_session_id = GetUniqueSessionID(self.process) 863*d4514f0bSApple OSS Distributions if tid in self.thread_cache: 864*d4514f0bSApple OSS Distributions 865*d4514f0bSApple OSS Distributions #Check if the thread is a fake one. Then create and return registers directly 866*d4514f0bSApple OSS Distributions if self.thread_cache[tid]['name'].find('switchtoregs') == 0: 867*d4514f0bSApple OSS Distributions savedstateobj = self.version.CreateValueFromExpression(None, '(uintptr_t *) ' + str(self.thread_cache[tid]['ptr'])) 868*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromKDPSavedState(savedstateobj, self.version) 869*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 870*d4514f0bSApple OSS Distributions 871*d4514f0bSApple OSS Distributions thobj = self.version.CreateValueFromExpression(self.thread_cache[tid]['name'], '(struct thread *)' + str(self.thread_cache[tid]['ptr'])) 872*d4514f0bSApple OSS Distributions 873*d4514f0bSApple OSS Distributions if thobj == None : 874*d4514f0bSApple OSS Distributions print("FATAL ERROR: Could not find thread with id %d" % tid) 875*d4514f0bSApple OSS Distributions regs.ResetRegisterValues() 876*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 877*d4514f0bSApple OSS Distributions 878*d4514f0bSApple OSS Distributions if self.kdp_thread and self.kdp_thread.GetValueAsUnsigned() == thobj.GetValueAsUnsigned(): 879*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromKDPSavedState(self.kdp_state, self.version) 880*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 881*d4514f0bSApple OSS Distributions if int(PluginValue(thobj).GetChildMemberWithName('kernel_stack').GetValueAsUnsigned()) != 0 : 882*d4514f0bSApple OSS Distributions if self.target_arch == archX86_64 : 883*d4514f0bSApple OSS Distributions # we do have a stack so lets get register information 884*d4514f0bSApple OSS Distributions saved_state_addr = PluginValue(thobj).GetChildMemberWithName('kernel_stack').GetValueAsUnsigned() + self.kernel_stack_size - self.kernel_thread_state_size 885*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromKernelStack(saved_state_addr, self.version) 886*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 887*d4514f0bSApple OSS Distributions elif self.target_arch.startswith(archARMv7) and int(PluginValue(thobj).GetChildMemberWithName('machine').GetChildMemberWithName('kstackptr').GetValueAsUnsigned()) != 0: 888*d4514f0bSApple OSS Distributions #we have stack on the machine.kstackptr. 889*d4514f0bSApple OSS Distributions saved_state_addr = PluginValue(thobj).GetChildMemberWithName('machine').GetChildMemberWithName('kstackptr').GetValueAsUnsigned() 890*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromKernelStack(saved_state_addr, self.version) 891*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 892*d4514f0bSApple OSS Distributions elif self.target_arch.startswith(archARMv8) and int(PluginValue(thobj).GetChildMemberWithName('machine').GetChildMemberWithName('kstackptr').GetValueAsUnsigned()) != 0: 893*d4514f0bSApple OSS Distributions saved_state_addr = PluginValue(thobj).GetChildMemberWithName('machine').GetChildMemberWithName('kstackptr').GetValueAsAddress() 894*d4514f0bSApple OSS Distributions arm_ctx = PluginValue(self.version.CreateValueFromExpression(None, '(struct arm_kernel_context *) ' + str(saved_state_addr))) 895*d4514f0bSApple OSS Distributions arm_ss_addr = arm_ctx.GetChildMemberWithName('ss').GetLoadAddress() 896*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromKernelStack(arm_ss_addr, self.version) 897*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 898*d4514f0bSApple OSS Distributions elif self.target_arch == archX86_64 or self.target_arch.startswith(archARMv7) or self.target_arch.startswith(archARMv8): 899*d4514f0bSApple OSS Distributions regs.ReadRegisterDataFromContinuation( PluginValue(thobj).GetChildMemberWithName('continuation').GetValueAsAddress()) 900*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 901*d4514f0bSApple OSS Distributions #incase we failed very miserably 902*d4514f0bSApple OSS Distributions except KeyboardInterrupt as ke: 903*d4514f0bSApple OSS Distributions print("OS Plugin Interrupted during thread register load. \nWARNING:Thread registers and backtraces may not be accurate. for tid = %d" % tid) 904*d4514f0bSApple OSS Distributions regs.ResetRegisterValues() 905*d4514f0bSApple OSS Distributions print("FATAL ERROR: Failed to get register state for thread id 0x%x " % tid) 906*d4514f0bSApple OSS Distributions print(thobj) 907*d4514f0bSApple OSS Distributions return regs.GetPackedRegisterState() 908