static void
display_error_helper(wchar_t *msg)
{
wchar_t title_buf[MAX_PATH + 64];
_snwprintf(title_buf, BUFFER_SIZE_ELEMENTS(title_buf),
L_PRODUCT_NAME L" Notice: %hs(%hs)", get_application_name(),
get_application_pid());
NULL_TERMINATE_BUFFER(title_buf);
nt_messagebox(msg, title_buf);
}
void
loader_init(void)
{
uint i;
privmod_t *mod;
acquire_recursive_lock(&privload_lock);
VMVECTOR_ALLOC_VECTOR(modlist_areas, GLOBAL_DCONTEXT,
VECTOR_SHARED | VECTOR_NEVER_MERGE
/* protected by privload_lock */
| VECTOR_NO_LOCK,
modlist_areas);
/* os specific loader initialization prologue before finalize the load */
os_loader_init_prologue();
/* Process client libs we loaded early but did not finalize */
for (i = 0; i < privmod_static_idx; i++) {
/* Transfer to real list so we can do normal processing */
char name_copy[MAXIMUM_PATH];
mod = privload_insert(NULL,
privmod_static[i].base,
privmod_static[i].size,
privmod_static[i].name,
privmod_static[i].path);
LOG(GLOBAL, LOG_LOADER, 1, "%s: processing imports for %s\n",
__FUNCTION__, mod->name);
/* save a copy for error msg, b/c mod will be unloaded (i#643) */
snprintf(name_copy, BUFFER_SIZE_ELEMENTS(name_copy), "%s", mod->name);
NULL_TERMINATE_BUFFER(name_copy);
if (!privload_load_finalize(mod)) {
mod = NULL; /* it's been unloaded! */
#ifdef CLIENT_INTERFACE
SYSLOG(SYSLOG_ERROR, CLIENT_LIBRARY_UNLOADABLE, 5,
get_application_name(), get_application_pid(), name_copy,
"\n\tUnable to locate imports of client library");
#endif
os_terminate(NULL, TERMINATE_PROCESS);
ASSERT_NOT_REACHED();
}
}
/* os specific loader initialization epilogue after finalize the load */
os_loader_init_epilogue();
/* FIXME i#338: call loader_thread_init here once get
* loader_init called after dynamo_thread_init but in a way that
* works with Windows
*/
release_recursive_lock(&privload_lock);
}
static void
display_error_helper(wchar_t *msg)
{
wchar_t title_buf[MAX_PATH + 64];
_snwprintf(title_buf, BUFFER_SIZE_ELEMENTS(title_buf),
L_PRODUCT_NAME L" Notice: %hs(%hs)",
get_application_name(), get_application_pid());
NULL_TERMINATE_BUFFER(title_buf);
/* for unit tests: assume that if a limit is set, we are in a
* script so it's ok to just display to stderr. avoids hangs when
* an error is encountered. */
if (limit <= 0)
nt_messagebox(msg, title_buf);
else {
fprintf(FP, "\n\n%ls\n%ls\n\n", title_buf, msg);
fflush(FP);
}
}
static bool load_dynamorio_lib(IF_NOT_X64(bool x64_in_wow64))
{
HMODULE dll = NULL;
char path[MAX_PATH];
#ifdef DEBUG
char msg[3 * MAX_PATH];
#endif
int retval = -1; /* failure */
#ifndef X64
bool wow64 = is_wow64_process(NT_CURRENT_PROCESS);
if (x64_in_wow64) {
ASSERT(wow64);
retval = get_parameter_64(PARAM_STR(DYNAMORIO_VAR_AUTOINJECT), path, MAX_PATH);
} else
#endif
retval = get_parameter(PARAM_STR(DYNAMORIO_VAR_AUTOINJECT), path, MAX_PATH);
if (IS_GET_PARAMETER_SUCCESS(retval)) {
dr_marker_t mark;
VERBOSE_MESSAGE("Loading \"%hs\"", path);
/* The read_and_verify_dr_marker is the canonical check for dr in a
* process, we double check against GetModuleHandle here just to be
* extra safe (in case dr failed to initialize before). Note that
* GetModuleHandle won't find dr's dll if we implement certian -hide
* or early_injection proposals. */
if (read_and_verify_dr_marker(GetCurrentProcess(), &mark) != DR_MARKER_FOUND &&
GetModuleHandle(DYNAMORIO_LIBRARY_NAME) == NULL
#ifndef X64 /* these ifdefs are rather ugly: just export all routines in x64 builds? */
&& /* check for 64-bit as well */
(!wow64 ||
read_and_verify_dr_marker_64(GetCurrentProcess(), &mark) != DR_MARKER_FOUND)
/* FIXME PR 251677: need 64-bit early injection to fully test
* read_and_verify_dr_marker_64
*/
#endif
) {
/* OK really going to load dr now, verify that we are injecting
* early enough (i.e. user32.dll is statically linked). This
* presumes preinject is only used with app_init injection which is
* currently the case. FIXME - should we also check_sole_thread
* here? We can't really handle more then one thread when dr is
* loading, but this can happen with early remote injected threads
* many of which (CTRL) are relatively harmless.
*/
LDR_MODULE *mod = get_ldr_module_by_name(L"user32.dll");
ASSERT(mod != NULL);
if (ldr_module_statically_linked(mod)) {
#ifndef X64
if (x64_in_wow64)
dll = load_library_64(path);
else
#endif
dll = LoadLibrary(path);
} else {
/* FIXME - would be really nice to communicate this back to
* the controller. */
#ifdef DEBUG
_snprintf(msg, BUFFER_SIZE_ELEMENTS(msg),
PRODUCT_NAME
" Error: improper injection - " PRODUCT_NAME
" (%s) can't inject into process %s (%s) (user32.dll "
"not statically linked)\n",
path, get_application_name(), get_application_pid());
NULL_TERMINATE_BUFFER(msg);
display_error(msg);
#endif
}
} else {
/* notify failure only in debug builds, otherwise just return */
#ifdef DEBUG
/* with early injection this becomes even more likely */
if (read_and_verify_dr_marker(GetCurrentProcess(), &mark) == DR_MARKER_FOUND
# ifndef X64
|| (wow64 &&
read_and_verify_dr_marker_64(GetCurrentProcess(), &mark) ==
DR_MARKER_FOUND)
# endif
) {
/* ok, early injection should always beat this */
# if VERBOSE
/* can't readily tell what was expected */
_snprintf(msg, BUFFER_SIZE_ELEMENTS(msg),
PRODUCT_NAME " ok if early injection, otherwise ERROR: "
"double injection, " PRODUCT_NAME
" (%s) is already loaded "
"in process %s (%s), continuing\n",
path, get_application_name(), get_application_pid());
NULL_TERMINATE_BUFFER(msg);
display_error(msg);
# endif /* VERBOSE */
} else {
/* if GetModuleHandle finds us but we don't have a marker
* we may have failed somehow */
_snprintf(msg, BUFFER_SIZE_ELEMENTS(msg),
PRODUCT_NAME
" Error: failed injection, " PRODUCT_NAME " (%s) is "
"loaded but not initialized in process %s (%s), continuing\n",
path, get_application_name(), get_application_pid());
NULL_TERMINATE_BUFFER(msg);
display_error(msg);
}
#endif /* DEBUG */
return false;
}
} else
path[0] = 0;
if (dll == NULL) {
#ifdef DEBUG
int err = GetLastError();
_snprintf(msg, BUFFER_SIZE_ELEMENTS(msg), PRODUCT_NAME " Error %d loading %s\n",
err, path);
NULL_TERMINATE_BUFFER(msg);
display_error(msg);
#endif
return false;
} else {
int_func_t init_func;
void_func_t take_over_func;
int res;
#ifndef X64
if (x64_in_wow64) {
init_func = (int_func_t)(ptr_uint_t) /*we know <4GB*/
get_proc_address_64((uint64)dll, "dynamorio_app_init");
take_over_func = (void_func_t)(ptr_uint_t) /*we know <4GB*/
get_proc_address_64((uint64)dll, "dynamorio_app_take_over");
VERBOSE_MESSAGE("dynamorio_app_init: 0x%08x; dynamorio_app_take_over: "
"0x%08x\n",
init_func, take_over_func);
} else {
#endif
init_func = (int_func_t)GetProcAddress(dll, "dynamorio_app_init");
take_over_func = (void_func_t)GetProcAddress(dll, "dynamorio_app_take_over");
#ifndef X64
}
#endif
if (init_func == NULL || take_over_func == NULL) {
/* unload the library so that it's clear DR is not in control
* (o/w the DR library is in the process and it's not clear
* what's going on)
*/
#ifndef X64
if (x64_in_wow64) {
# ifdef DEBUG
bool ok =
# endif
free_library_64(dll);
ASSERT(ok);
} else
#endif
FreeLibrary(dll);
#ifdef DEBUG
display_error("Error getting " PRODUCT_NAME " functions\n");
#endif
return false;
}
VERBOSE_MESSAGE("about to inject dynamorio");
#ifndef X64
if (x64_in_wow64)
res = switch_modes_and_call(init_func, NULL, NULL, NULL);
else
#endif
res = (*init_func)();
VERBOSE_MESSAGE("dynamorio_app_init() returned %d\n", res);
#ifndef X64
if (x64_in_wow64)
switch_modes_and_call(take_over_func, NULL, NULL, NULL);
else
#endif
(*take_over_func)();
VERBOSE_MESSAGE("inside " PRODUCT_NAME " now\n");
}
return true;
}
void
tls_thread_init(os_local_state_t *os_tls, byte *segment)
{
/* We have four different ways to obtain TLS, each with its own limitations:
*
* 1) Piggyback on the threading system (like we do on Windows): here that would
* be pthreads, which uses a segment since at least RH9, and uses gdt-based
* segments for NPTL. The advantage is we won't run out of ldt or gdt entries
* (except when the app itself would). The disadvantage is we're stealing
* application slots and we rely on user mode interfaces.
*
* 2) Steal an ldt entry via SYS_modify_ldt. This suffers from the 8K ldt entry
* limit and requires that we update manually on a new thread. For 64-bit
* we're limited here to a 32-bit base. (Strangely, the kernel's
* include/asm-x86_64/ldt.h implies that the base is ignored: but it doesn't
* seem to be.)
*
* 3) Steal a gdt entry via SYS_set_thread_area. There is a 3rd unused entry
* (after pthreads and wine) we could use. The kernel swaps for us, and with
* CLONE_TLS the kernel will set up the entry for a new thread for us. Xref
* PR 192231 and PR 285898. This system call is disabled on 64-bit 2.6
* kernels (though the man page for arch_prctl implies it isn't for 2.5
* kernels?!?)
*
* 4) Use SYS_arch_prctl. This is only implemented on 64-bit kernels, and can
* only be used to set the gdt entries that fs and gs select for. Faster to
* use <4GB base (obtain with mmap MAP_32BIT) since can use gdt; else have to
* use wrmsr. The man pages say "ARCH_SET_GS is disabled in some kernels".
*/
uint selector;
int index = -1;
int res;
#ifdef X64
/* First choice is gdt, which means arch_prctl. Since this may fail
* on some kernels, we require -heap_in_lower_4GB so we can fall back
* on modify_ldt.
*/
byte *cur_gs;
res = dynamorio_syscall(SYS_arch_prctl, 2, ARCH_GET_GS, &cur_gs);
if (res >= 0) {
LOG(GLOBAL, LOG_THREADS, 1, "os_tls_init: cur gs base is "PFX"\n", cur_gs);
/* If we're a non-initial thread, gs will be set to the parent thread's value */
if (cur_gs == NULL || is_dynamo_address(cur_gs) ||
/* By resolving i#107, we can handle gs conflicts between app and dr. */
INTERNAL_OPTION(mangle_app_seg)) {
res = dynamorio_syscall(SYS_arch_prctl, 2, ARCH_SET_GS, segment);
if (res >= 0) {
os_tls->tls_type = TLS_TYPE_ARCH_PRCTL;
LOG(GLOBAL, LOG_THREADS, 1,
"os_tls_init: arch_prctl successful for base "PFX"\n", segment);
res = dynamorio_syscall(SYS_arch_prctl, 2, ARCH_GET_GS, &cur_gs);
if (res >= 0 && cur_gs != segment && !on_WSL) {
/* XXX i#1896: on WSL, ARCH_GET_GS is broken and does not return
* the true value. (Plus, fs and gs start out equal to ss (0x2b)
* and are not set by ARCH_SET_*). i#2089's safe read TLS
* solution solves this, but we still warn as we haven't fixed
* later issues. Without the safe read we have to abort.
*/
on_WSL = true;
LOG(GLOBAL, LOG_THREADS, 1, "os_tls_init: running on WSL\n");
if (INTERNAL_OPTION(safe_read_tls_init)) {
SYSLOG_INTERNAL_WARNING
("Support for the Windows Subsystem for Linux is still "
"preliminary, due to missing kernel features. "
"Continuing, but please report any problems encountered.");
} else {
SYSLOG(SYSLOG_ERROR, WSL_UNSUPPORTED_FATAL, 2,
get_application_name(), get_application_pid());
os_terminate(NULL, TERMINATE_PROCESS);
ASSERT_NOT_REACHED();
}
}
/* Kernel should have written %gs for us if using GDT */
if (!dynamo_initialized &&
/* We assume that WSL is using MSR */
(on_WSL || read_thread_register(SEG_TLS) == 0)) {
LOG(GLOBAL, LOG_THREADS, 1, "os_tls_init: using MSR\n");
tls_using_msr = true;
}
if (IF_CLIENT_INTERFACE_ELSE(INTERNAL_OPTION(private_loader), false)) {
res = dynamorio_syscall(SYS_arch_prctl, 2, ARCH_SET_FS,
os_tls->os_seg_info.priv_lib_tls_base);
/* Assuming set fs must be successful if set gs succeeded. */
ASSERT(res >= 0);
}
} else {
/* we've found a kernel where ARCH_SET_GS is disabled */
ASSERT_CURIOSITY(false && "arch_prctl failed on set but not get");
LOG(GLOBAL, LOG_THREADS, 1,
"os_tls_init: arch_prctl failed: error %d\n", res);
}
} else {
/* FIXME PR 205276: we don't currently handle it: fall back on ldt, but
* we'll have the same conflict w/ the selector...
*/
ASSERT_BUG_NUM(205276, cur_gs == NULL);
}
}
#endif
if (os_tls->tls_type == TLS_TYPE_NONE) {
/* Second choice is set_thread_area */
/* PR 285898: if we added CLONE_SETTLS to all clone calls (and emulated vfork
* with clone) we could avoid having to set tls up for each thread (as well
* as solve race PR 207903), at least for kernel 2.5.32+. For now we stick
* w/ manual setup.
*/
our_modify_ldt_t desc;
/* Pick which GDT slots we'll use for DR TLS and for library TLS if
* using the private loader.
*/
choose_gdt_slots(os_tls);
if (tls_gdt_index > -1) {
/* Now that we know which GDT slot to use, install the per-thread base
* into it.
*/
/* Base here must be 32-bit */
IF_X64(ASSERT(DYNAMO_OPTION(heap_in_lower_4GB) &&
segment <= (byte*)UINT_MAX));
initialize_ldt_struct(&desc, segment, PAGE_SIZE, tls_gdt_index);
res = dynamorio_syscall(SYS_set_thread_area, 1, &desc);
LOG(GLOBAL, LOG_THREADS, 3,
"%s: set_thread_area %d => %d res, %d index\n",
__FUNCTION__, tls_gdt_index, res, desc.entry_number);
ASSERT(res < 0 || desc.entry_number == tls_gdt_index);
} else {
res = -1; /* fall back on LDT */
}
if (res >= 0) {
LOG(GLOBAL, LOG_THREADS, 1,
"os_tls_init: set_thread_area successful for base "PFX" @index %d\n",
segment, tls_gdt_index);
os_tls->tls_type = TLS_TYPE_GDT;
index = tls_gdt_index;
selector = GDT_SELECTOR(index);
WRITE_DR_SEG(selector); /* macro needs lvalue! */
} else {
IF_VMX86(ASSERT_NOT_REACHED()); /* since no modify_ldt */
LOG(GLOBAL, LOG_THREADS, 1,
"os_tls_init: set_thread_area failed: error %d\n", res);
}
#ifdef CLIENT_INTERFACE
/* Install the library TLS base. */
if (INTERNAL_OPTION(private_loader) && res >= 0) {
app_pc base = os_tls->os_seg_info.priv_lib_tls_base;
/* lib_tls_gdt_index is picked in choose_gdt_slots. */
ASSERT(lib_tls_gdt_index >= gdt_entry_tls_min);
initialize_ldt_struct(&desc, base, GDT_NO_SIZE_LIMIT,
lib_tls_gdt_index);
res = dynamorio_syscall(SYS_set_thread_area, 1, &desc);
LOG(GLOBAL, LOG_THREADS, 3,
"%s: set_thread_area %d => %d res, %d index\n",
__FUNCTION__, lib_tls_gdt_index, res, desc.entry_number);
if (res >= 0) {
/* i558 update lib seg reg to enforce the segment changes */
selector = GDT_SELECTOR(lib_tls_gdt_index);
LOG(GLOBAL, LOG_THREADS, 2, "%s: setting %s to selector 0x%x\n",
__FUNCTION__, reg_names[LIB_SEG_TLS], selector);
WRITE_LIB_SEG(selector);
}
}
#endif
}
if (os_tls->tls_type == TLS_TYPE_NONE) {
/* Third choice: modify_ldt, which should be available on kernel 2.3.99+ */
/* Base here must be 32-bit */
IF_X64(ASSERT(DYNAMO_OPTION(heap_in_lower_4GB) && segment <= (byte*)UINT_MAX));
/* we have the thread_initexit_lock so no race here */
index = find_unused_ldt_index();
selector = LDT_SELECTOR(index);
ASSERT(index != -1);
create_ldt_entry((void *)segment, PAGE_SIZE, index);
os_tls->tls_type = TLS_TYPE_LDT;
WRITE_DR_SEG(selector); /* macro needs lvalue! */
LOG(GLOBAL, LOG_THREADS, 1,
"os_tls_init: modify_ldt successful for base "PFX" w/ index %d\n",
segment, index);
}
os_tls->ldt_index = index;
}
