1*43a90889SApple OSS Distributions""" 2*43a90889SApple OSS Distributions XNU Triage commands 3*43a90889SApple OSS Distributions""" 4*43a90889SApple OSS Distributionsfrom xnu import * 5*43a90889SApple OSS Distributionsimport sys, shlex 6*43a90889SApple OSS Distributionsfrom utils import * 7*43a90889SApple OSS Distributionsimport xnudefines 8*43a90889SApple OSS Distributionsimport re 9*43a90889SApple OSS Distributionsimport os.path 10*43a90889SApple OSS Distributions 11*43a90889SApple OSS Distributions# Macro: xi 12*43a90889SApple OSS Distributionsdef OutputAddress(cmd_args=None): 13*43a90889SApple OSS Distributions """ Returns out address and symbol corresponding to it without newline 14*43a90889SApple OSS Distributions Parameters: <address whose symbol is needed> 15*43a90889SApple OSS Distributions """ 16*43a90889SApple OSS Distributions if cmd_args is None or len(cmd_args) == 0: 17*43a90889SApple OSS Distributions raise ArgumentError() 18*43a90889SApple OSS Distributions 19*43a90889SApple OSS Distributions a = unsigned(cmd_args[0]) 20*43a90889SApple OSS Distributions cmd_str = "image lookup -a {:#x}".format(a) 21*43a90889SApple OSS Distributions cmd_out = lldb_run_command(cmd_str) 22*43a90889SApple OSS Distributions if len(cmd_out) != 0 and cmd_out != "ERROR:": 23*43a90889SApple OSS Distributions cmd_out1 = cmd_out.split('\n') 24*43a90889SApple OSS Distributions if len(cmd_out1) != 0: 25*43a90889SApple OSS Distributions cmd_out2 = cmd_out1[1].split('`') 26*43a90889SApple OSS Distributions if cmd_out2 != 0: 27*43a90889SApple OSS Distributions cmd_out3 = cmd_out2[1].split(' at') 28*43a90889SApple OSS Distributions if len(cmd_out3) != 0: 29*43a90889SApple OSS Distributions symbol_str = "{:#018x} <{:s}>".format(unsigned(a), cmd_out3[0]) 30*43a90889SApple OSS Distributions return symbol_str 31*43a90889SApple OSS Distributions return "" 32*43a90889SApple OSS Distributions 33*43a90889SApple OSS Distributions@lldb_command('xi') 34*43a90889SApple OSS Distributionsdef SymbolicateWithInstruction(cmd_args=None): 35*43a90889SApple OSS Distributions """ Prints out address and symbol similar to x/i 36*43a90889SApple OSS Distributions Usage: xi <address whose symbol is needed> 37*43a90889SApple OSS Distributions """ 38*43a90889SApple OSS Distributions if cmd_args is None or len(cmd_args) == 0: 39*43a90889SApple OSS Distributions raise ArgumentError() 40*43a90889SApple OSS Distributions 41*43a90889SApple OSS Distributions a = ArgumentStringToInt(cmd_args[0]) 42*43a90889SApple OSS Distributions print(OutputAddress([a])) 43*43a90889SApple OSS Distributions 44*43a90889SApple OSS Distributions# Macro: xi 45*43a90889SApple OSS Distributions 46*43a90889SApple OSS Distributions# Macro: newbt 47*43a90889SApple OSS Distributions@lldb_command('newbt') 48*43a90889SApple OSS Distributionsdef NewBt(cmd_args=None): 49*43a90889SApple OSS Distributions """ Prints all the instructions by walking the given stack pointer 50*43a90889SApple OSS Distributions """ 51*43a90889SApple OSS Distributions if cmd_args is None or len(cmd_args) == 0: 52*43a90889SApple OSS Distributions raise ArgumentError() 53*43a90889SApple OSS Distributions 54*43a90889SApple OSS Distributions a = ArgumentStringToInt(cmd_args[0]) 55*43a90889SApple OSS Distributions while a != 0: 56*43a90889SApple OSS Distributions if kern.arch == "x86_64" or kern.arch.startswith("arm64"): 57*43a90889SApple OSS Distributions offset = 8 58*43a90889SApple OSS Distributions else: 59*43a90889SApple OSS Distributions offset = 4 60*43a90889SApple OSS Distributions link_register = dereference(kern.GetValueFromAddress(a + offset, 'uintptr_t *')) 61*43a90889SApple OSS Distributions cmd_str = "di -s {:#x} -c 1".format(link_register) 62*43a90889SApple OSS Distributions cmd_out = lldb_run_command(cmd_str) 63*43a90889SApple OSS Distributions if len(cmd_out) != 0: 64*43a90889SApple OSS Distributions cmd_out1 = list(filter(None, cmd_out.split('\n'))) 65*43a90889SApple OSS Distributions if len(cmd_out1) != 0: 66*43a90889SApple OSS Distributions address = OutputAddress([unsigned(link_register)]) 67*43a90889SApple OSS Distributions if not address: 68*43a90889SApple OSS Distributions address = '{:#018x} <???>'.format(unsigned(link_register)) 69*43a90889SApple OSS Distributions print(address + ": " + cmd_out1[-1].split(':', 1)[1]) 70*43a90889SApple OSS Distributions a = dereference(kern.GetValueFromAddress(unsigned(a), 'uintptr_t *')) 71*43a90889SApple OSS Distributions 72*43a90889SApple OSS Distributions# EndMacro: newbt 73*43a90889SApple OSS Distributions 74*43a90889SApple OSS Distributionspaniclog_data = "" 75*43a90889SApple OSS Distributions 76*43a90889SApple OSS Distributions# Macro: parseLR 77*43a90889SApple OSS Distributions@lldb_command('parseLR') 78*43a90889SApple OSS Distributionsdef parseLR(cmd_args=None): 79*43a90889SApple OSS Distributions """ Decode the LR value from panic log into source code location 80*43a90889SApple OSS Distributions """ 81*43a90889SApple OSS Distributions global paniclog_data 82*43a90889SApple OSS Distributions panic_found = 1 83*43a90889SApple OSS Distributions 84*43a90889SApple OSS Distributions if not paniclog_data: 85*43a90889SApple OSS Distributions if kern.arch == "x86_64": 86*43a90889SApple OSS Distributions paniclog_data += lldb_run_command("paniclog -v") 87*43a90889SApple OSS Distributions else: 88*43a90889SApple OSS Distributions paniclog_data += lldb_run_command("paniclog") 89*43a90889SApple OSS Distributions 90*43a90889SApple OSS Distributions if panic_found == 1: 91*43a90889SApple OSS Distributions srch_string = "lr:\s+0x[a-fA-F0-9]+\s" 92*43a90889SApple OSS Distributions lr_pc_srch = re.findall(srch_string, paniclog_data) 93*43a90889SApple OSS Distributions if lr_pc_srch: 94*43a90889SApple OSS Distributions print(paniclog_data, lr_pc_srch) 95*43a90889SApple OSS Distributions for match in lr_pc_srch: 96*43a90889SApple OSS Distributions sp=match.strip("lr: ") 97*43a90889SApple OSS Distributions print(sp) 98*43a90889SApple OSS Distributions print("(lldb) list *{:s}".format(sp)) 99*43a90889SApple OSS Distributions print(lldb_run_command("list *{:s}".format(sp))) 100*43a90889SApple OSS Distributions 101*43a90889SApple OSS Distributions else: 102*43a90889SApple OSS Distributions print("Currently unsupported on x86_64 architecture") 103*43a90889SApple OSS Distributions#EndMacro: parseLR 104*43a90889SApple OSS Distributions 105*43a90889SApple OSS Distributions# Macro: parseLRfromfile 106*43a90889SApple OSS Distributions@lldb_command('parseLRfromfile') 107*43a90889SApple OSS Distributionsdef parseLRfromfile(cmd_args=None): 108*43a90889SApple OSS Distributions """ Decode the LR value from file into source code location 109*43a90889SApple OSS Distributions 110*43a90889SApple OSS Distributions Usage: parseLRfromfile [file_path] 111*43a90889SApple OSS Distributions """ 112*43a90889SApple OSS Distributions if cmd_args is None or len(cmd_args) == 0: 113*43a90889SApple OSS Distributions raise ArgumentError() 114*43a90889SApple OSS Distributions 115*43a90889SApple OSS Distributions f = open(cmd_args[0], 'r') 116*43a90889SApple OSS Distributions parse_data= f.read() 117*43a90889SApple OSS Distributions srch_string = "lr:\s+0x[a-fA-F0-9]+\s" 118*43a90889SApple OSS Distributions lr_pc_srch = re.findall(srch_string, parse_data) 119*43a90889SApple OSS Distributions if lr_pc_srch: 120*43a90889SApple OSS Distributions print(paniclog_data, lr_pc_srch) 121*43a90889SApple OSS Distributions for match in lr_pc_srch: 122*43a90889SApple OSS Distributions sp=match.strip("lr: ") 123*43a90889SApple OSS Distributions print(sp) 124*43a90889SApple OSS Distributions print("(lldb) list *{:s}".format(sp)) 125*43a90889SApple OSS Distributions print(lldb_run_command("list *{:s}".format(sp))) 126*43a90889SApple OSS Distributions 127*43a90889SApple OSS Distributions#EndMacro: parseLRfromfile 128*43a90889SApple OSS Distributions 129