forked from rismay/cycript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Trampoline.t.cpp
231 lines (183 loc) · 7.55 KB
/
Trampoline.t.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
/* Cycript - Optimizing JavaScript Compiler/Runtime
* Copyright (C) 2009-2013 Jay Freeman (saurik)
*/
/* GNU General Public License, Version 3 {{{ */
/*
* Cycript is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License,
* or (at your option) any later version.
*
* Cycript is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Cycript. If not, see <http://www.gnu.org/licenses/>.
**/
/* }}} */
#define _PTHREAD_ATTR_T
#include <pthread_internals.h>
#include <mach-o/dyld.h>
#include <mach-o/dyld_images.h>
#include <mach-o/loader.h>
extern "C" {
#include <mach-o/nlist.h>
}
#include "Standard.hpp"
#include "Baton.hpp"
static void $bzero(void *data, size_t size) {
char *bytes(reinterpret_cast<char *>(data));
for (size_t i(0); i != size; ++i)
bytes[i] = 0;
}
static int $strcmp(const char *lhs, const char *rhs) {
while (*lhs == *rhs) {
if (*lhs == '\0')
return 0;
++lhs, ++rhs;
} return *lhs < *rhs ? -1 : 1;
}
#ifdef __LP64__
typedef struct mach_header_64 mach_header_xx;
typedef struct nlist_64 nlist_xx;
typedef struct segment_command_64 segment_command_xx;
static const uint32_t LC_SEGMENT_XX = LC_SEGMENT_64;
static const uint32_t MH_MAGIC_XX = MH_MAGIC_64;
#else
typedef struct mach_header mach_header_xx;
typedef struct nlist nlist_xx;
typedef struct segment_command segment_command_xx;
static const uint32_t LC_SEGMENT_XX = LC_SEGMENT;
static const uint32_t MH_MAGIC_XX = MH_MAGIC;
#endif
#define forlc(command, mach, lc, type) \
if (const struct load_command *load_commands = reinterpret_cast<const struct load_command *>(mach + 1)) \
if (const struct load_command *lcp = load_commands) \
for (uint32_t i(0); i != mach->ncmds; ++i, lcp = reinterpret_cast<const struct load_command *>(reinterpret_cast<const uint8_t *>(lcp) + lcp->cmdsize)) \
if ( \
lcp->cmdsize % sizeof(long) != 0 || lcp->cmdsize <= 0 || \
reinterpret_cast<const uint8_t *>(lcp) + lcp->cmdsize > reinterpret_cast<const uint8_t *>(load_commands) + mach->sizeofcmds \
) \
return NULL; \
else if (lcp->cmd != lc) \
continue; \
else if (lcp->cmdsize < sizeof(type)) \
return NULL; \
else if (const type *command = reinterpret_cast<const type *>(lcp))
static const mach_header_xx *Library(struct dyld_all_image_infos *infos, const char *name) {
for (uint32_t i(0); i != infos->infoArrayCount; ++i) {
const dyld_image_info &info(infos->infoArray[i]);
const mach_header_xx *mach(reinterpret_cast<const mach_header_xx *>(info.imageLoadAddress));
if (mach->magic != MH_MAGIC_XX)
continue;
const char *path(info.imageFilePath);
forlc (dylib, mach, LC_ID_DYLIB, dylib_command)
path = reinterpret_cast<const char *>(dylib) + dylib->dylib.name.offset;
if ($strcmp(path, name) != 0)
continue;
return mach;
}
return NULL;
}
static void *Symbol(const mach_header_xx *mach, const char *name) {
const struct symtab_command *stp(NULL);
forlc (command, mach, LC_SYMTAB, struct symtab_command)
stp = command;
if (stp == NULL)
return NULL;
size_t slide(_not(size_t));
const nlist_xx *symbols(NULL);
const char *strings(NULL);
forlc (segment, mach, LC_SEGMENT_XX, segment_command_xx) {
if (segment->fileoff == 0)
slide = reinterpret_cast<size_t>(mach) - segment->vmaddr;
if (stp->symoff >= segment->fileoff && stp->symoff < segment->fileoff + segment->filesize)
symbols = reinterpret_cast<const nlist_xx *>(stp->symoff - segment->fileoff + segment->vmaddr + slide);
if (stp->stroff >= segment->fileoff && stp->stroff < segment->fileoff + segment->filesize)
strings = reinterpret_cast<const char *>(stp->stroff - segment->fileoff + segment->vmaddr + slide);
}
if (slide == _not(size_t) || symbols == NULL || strings == NULL)
return NULL;
for (size_t i(0); i != stp->nsyms; ++i) {
const nlist_xx *symbol(&symbols[i]);
if (symbol->n_un.n_strx == 0 || (symbol->n_type & N_STAB) != 0)
continue;
const char *nambuf(strings + symbol->n_un.n_strx);
if ($strcmp(name, nambuf) != 0)
continue;
uintptr_t value(symbol->n_value);
if (value == 0)
continue;
value += slide;
return reinterpret_cast<void *>(value);
}
return NULL;
}
struct Dynamic {
char *(*dlerror)();
void *(*dlsym)(void *, const char *);
};
template <typename Type_>
static _finline void dlset(Dynamic *dynamic, Type_ &function, const char *name, void *handle = RTLD_DEFAULT) {
function = reinterpret_cast<Type_>(dynamic->dlsym(handle, name));
if (function == NULL)
dynamic->dlerror();
}
template <typename Type_>
static _finline void cyset(Type_ &function, const char *name, const mach_header_xx *mach) {
function = reinterpret_cast<Type_>(Symbol(mach, name));
}
static _finline const mach_header_xx *Library(Baton *baton, const char *name) {
struct dyld_all_image_infos *infos(reinterpret_cast<struct dyld_all_image_infos *>(baton->dyld));
return Library(infos, name);
}
void *Routine(void *arg) {
Baton *baton(reinterpret_cast<Baton *>(arg));
const mach_header_xx *dyld(Library(baton, "/usr/lib/system/libdyld.dylib"));
Dynamic dynamic;
cyset(dynamic.dlerror, "_dlerror", dyld);
cyset(dynamic.dlsym, "_dlsym", dyld);
int (*pthread_detach)(pthread_t);
dlset(&dynamic, pthread_detach, "pthread_detach");
pthread_t (*pthread_self)();
dlset(&dynamic, pthread_self, "pthread_self");
pthread_detach(pthread_self());
void *(*dlopen)(const char *, int);
dlset(&dynamic, dlopen, "dlopen");
void *handle(dlopen(baton->library, RTLD_LAZY | RTLD_LOCAL));
if (handle == NULL) {
dynamic.dlerror();
return NULL;
}
void (*CYHandleServer)(pid_t);
dlset(&dynamic, CYHandleServer, "CYHandleServer", handle);
if (CYHandleServer == NULL) {
dynamic.dlerror();
return NULL;
}
CYHandleServer(baton->pid);
return NULL;
}
extern "C" void Start(Baton *baton) {
struct _pthread self;
$bzero(&self, sizeof(self));
const mach_header_xx *pthread(Library(baton, "/usr/lib/system/libsystem_pthread.dylib"));
if (pthread == NULL)
pthread = Library(baton, "/usr/lib/system/libsystem_c.dylib");
void (*$__pthread_set_self)(pthread_t);
cyset($__pthread_set_self, "___pthread_set_self", pthread);
self.tsd[0] = &self;
$__pthread_set_self(&self);
int (*$pthread_create)(pthread_t *, const pthread_attr_t *, void *(*)(void *), void *);
cyset($pthread_create, "_pthread_create", pthread);
pthread_t thread;
$pthread_create(&thread, NULL, &Routine, baton);
const mach_header_xx *kernel(Library(baton, "/usr/lib/system/libsystem_kernel.dylib"));
mach_port_t (*$mach_thread_self)();
cyset($mach_thread_self, "_mach_thread_self", kernel);
kern_return_t (*$thread_terminate)(thread_act_t);
cyset($thread_terminate, "_thread_terminate", kernel);
$thread_terminate($mach_thread_self());
}