1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
//===-- DynamicLoaderDarwinKernel.h -----------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLDB_SOURCE_PLUGINS_DYNAMICLOADER_DARWIN_KERNEL_DYNAMICLOADERDARWINKERNEL_H
#define LLDB_SOURCE_PLUGINS_DYNAMICLOADER_DARWIN_KERNEL_DYNAMICLOADERDARWINKERNEL_H
#include <mutex>
#include <string>
#include <vector>
#include "lldb/Host/SafeMachO.h"
#include "lldb/Target/DynamicLoader.h"
#include "lldb/Target/Process.h"
#include "lldb/Utility/FileSpec.h"
#include "lldb/Utility/UUID.h"
class DynamicLoaderDarwinKernel : public lldb_private::DynamicLoader {
public:
DynamicLoaderDarwinKernel(lldb_private::Process *process,
lldb::addr_t kernel_addr);
~DynamicLoaderDarwinKernel() override;
// Static Functions
static void Initialize();
static void Terminate();
static lldb_private::ConstString GetPluginNameStatic();
static const char *GetPluginDescriptionStatic();
static lldb_private::DynamicLoader *
CreateInstance(lldb_private::Process *process, bool force);
static void DebuggerInitialize(lldb_private::Debugger &debugger);
static lldb::addr_t SearchForDarwinKernel(lldb_private::Process *process);
/// Called after attaching a process.
///
/// Allow DynamicLoader plug-ins to execute some code after
/// attaching to a process.
void DidAttach() override;
void DidLaunch() override;
lldb::ThreadPlanSP GetStepThroughTrampolinePlan(lldb_private::Thread &thread,
bool stop_others) override;
lldb_private::Status CanLoadImage() override;
// PluginInterface protocol
lldb_private::ConstString GetPluginName() override;
uint32_t GetPluginVersion() override;
protected:
void PrivateInitialize(lldb_private::Process *process);
void PrivateProcessStateChanged(lldb_private::Process *process,
lldb::StateType state);
void UpdateIfNeeded();
void LoadKernelModuleIfNeeded();
void Clear(bool clear_process);
void PutToLog(lldb_private::Log *log) const;
static bool
BreakpointHitCallback(void *baton,
lldb_private::StoppointCallbackContext *context,
lldb::user_id_t break_id, lldb::user_id_t break_loc_id);
bool BreakpointHit(lldb_private::StoppointCallbackContext *context,
lldb::user_id_t break_id, lldb::user_id_t break_loc_id);
uint32_t GetAddrByteSize() { return m_kernel.GetAddressByteSize(); }
static lldb::ByteOrder GetByteOrderFromMagic(uint32_t magic);
enum {
KERNEL_MODULE_MAX_NAME = 64u,
// Versions less than 2 didn't have an entry size,
// they had a 64 bit name, 16 byte UUID, 8 byte addr,
// 8 byte size, 8 byte version, 4 byte load tag, and
// 4 byte flags
KERNEL_MODULE_ENTRY_SIZE_VERSION_1 = 64u + 16u + 8u + 8u + 8u + 4u + 4u
};
// class KextImageInfo represents a single kext or kernel binary image.
// The class was designed to hold the information from the
// OSKextLoadedKextSummary
// structure (in libkern/libkern/OSKextLibPrivate.h from xnu). The kernel
// maintains
// a list of loded kexts in memory (the OSKextLoadedKextSummaryHeader
// structure,
// which points to an array of OSKextLoadedKextSummary's).
//
// A KextImageInfos may have -
//
// 1. The load address, name, UUID, and size of a kext/kernel binary in memory
// (read straight out of the kernel's list-of-kexts loaded)
// 2. A ModuleSP based on a MemoryModule read out of the kernel's memory
// (very unlikely to have any symbolic information)
// 3. A ModuleSP for an on-disk copy of the kext binary, possibly with debug
// info
// or a dSYM
//
// For performance reasons, the developer may prefer that lldb not load the
// kexts out
// of memory at the start of a kernel session. But we should build up /
// maintain a
// list of kexts that the kernel has told us about so we can relocate a kext
// module
// later if the user explicitly adds it to the target.
class KextImageInfo {
public:
KextImageInfo()
: m_name(), m_module_sp(), m_memory_module_sp(),
m_load_process_stop_id(UINT32_MAX), m_uuid(),
m_load_address(LLDB_INVALID_ADDRESS), m_size(0),
m_kernel_image(false) {}
void Clear() {
m_load_address = LLDB_INVALID_ADDRESS;
m_size = 0;
m_name.clear();
m_uuid.Clear();
m_module_sp.reset();
m_memory_module_sp.reset();
m_load_process_stop_id = UINT32_MAX;
}
bool LoadImageAtFileAddress(lldb_private::Process *process);
bool LoadImageUsingMemoryModule(lldb_private::Process *process);
bool IsLoaded() { return m_load_process_stop_id != UINT32_MAX; }
void SetLoadAddress(
lldb::addr_t load_addr); // Address of the Mach-O header for this binary
lldb::addr_t
GetLoadAddress() const; // Address of the Mach-O header for this binary
lldb_private::UUID GetUUID() const;
void SetUUID(const lldb_private::UUID &uuid);
void SetName(const char *);
std::string GetName() const;
void SetModule(lldb::ModuleSP module);
lldb::ModuleSP GetModule();
// try to fill in m_memory_module_sp from memory based on the m_load_address
bool ReadMemoryModule(lldb_private::Process *process);
bool IsKernel()
const; // true if this is the mach_kernel; false if this is a kext
void SetIsKernel(bool is_kernel);
uint64_t GetSize() const;
void SetSize(uint64_t size);
uint32_t
GetProcessStopId() const; // the stop-id when this binary was first noticed
void SetProcessStopId(uint32_t stop_id);
bool operator==(const KextImageInfo &rhs);
uint32_t GetAddressByteSize(); // as determined by Mach-O header
lldb::ByteOrder GetByteOrder(); // as determined by Mach-O header
lldb_private::ArchSpec
GetArchitecture() const; // as determined by Mach-O header
void PutToLog(lldb_private::Log *log) const;
typedef std::vector<KextImageInfo> collection;
typedef collection::iterator iterator;
typedef collection::const_iterator const_iterator;
private:
std::string m_name;
lldb::ModuleSP m_module_sp;
lldb::ModuleSP m_memory_module_sp;
uint32_t m_load_process_stop_id; // the stop-id when this module was added
// to the Target
lldb_private::UUID
m_uuid; // UUID for this dylib if it has one, else all zeros
lldb::addr_t m_load_address;
uint64_t m_size;
bool m_kernel_image; // true if this is the kernel, false if this is a kext
};
struct OSKextLoadedKextSummaryHeader {
uint32_t version;
uint32_t entry_size;
uint32_t entry_count;
lldb::addr_t image_infos_addr;
OSKextLoadedKextSummaryHeader()
: version(0), entry_size(0), entry_count(0),
image_infos_addr(LLDB_INVALID_ADDRESS) {}
uint32_t GetSize() {
switch (version) {
case 0:
return 0; // Can't know the size without a valid version
case 1:
return 8; // Version 1 only had a version + entry_count
default:
break;
}
// Version 2 and above has version, entry_size, entry_count, and reserved
return 16;
}
void Clear() {
version = 0;
entry_size = 0;
entry_count = 0;
image_infos_addr = LLDB_INVALID_ADDRESS;
}
bool IsValid() const { return version >= 1 && version <= 2; }
};
void RegisterNotificationCallbacks();
void UnregisterNotificationCallbacks();
void SetNotificationBreakpointIfNeeded();
bool ReadAllKextSummaries();
bool ReadKextSummaryHeader();
bool ParseKextSummaries(const lldb_private::Address &kext_summary_addr,
uint32_t count);
void
UpdateImageInfosHeaderAndLoadCommands(KextImageInfo::collection &image_infos,
uint32_t infos_count,
bool update_executable);
uint32_t ReadKextSummaries(const lldb_private::Address &kext_summary_addr,
uint32_t image_infos_count,
KextImageInfo::collection &image_infos);
static lldb::addr_t
SearchForKernelAtSameLoadAddr(lldb_private::Process *process);
static lldb::addr_t
SearchForKernelWithDebugHints(lldb_private::Process *process);
static lldb::addr_t SearchForKernelNearPC(lldb_private::Process *process);
static lldb::addr_t
SearchForKernelViaExhaustiveSearch(lldb_private::Process *process);
static bool
ReadMachHeader(lldb::addr_t addr, lldb_private::Process *process, llvm::MachO::mach_header &mh,
bool *read_error = nullptr);
static lldb_private::UUID
CheckForKernelImageAtAddress(lldb::addr_t addr,
lldb_private::Process *process,
bool *read_error = nullptr);
lldb::addr_t m_kernel_load_address;
KextImageInfo m_kernel; // Info about the current kernel image being used
lldb_private::Address m_kext_summary_header_ptr_addr;
lldb_private::Address m_kext_summary_header_addr;
OSKextLoadedKextSummaryHeader m_kext_summary_header;
KextImageInfo::collection m_known_kexts;
mutable std::recursive_mutex m_mutex;
lldb::user_id_t m_break_id;
private:
DynamicLoaderDarwinKernel(const DynamicLoaderDarwinKernel &) = delete;
const DynamicLoaderDarwinKernel &
operator=(const DynamicLoaderDarwinKernel &) = delete;
};
#endif // LLDB_SOURCE_PLUGINS_DYNAMICLOADER_DARWIN_KERNEL_DYNAMICLOADERDARWINKERNEL_H
|
