void PEHeaderParser::init()
{
if (getLfanew() == 0)
{
throw std::ios_base::failure("Error : bad lfanew value detected. If it is a PE file, it may be corrupted.");
}
if (is32bit())
{
layout_ = OptionalHeaderLayout<CPUSize::CPU32>::infos.getHolderPtr();
}
else
{
layout_ = OptionalHeaderLayout<CPUSize::CPU64>::infos.getHolderPtr();
}
bool objectFile = false;
if (!hasPESignature())
{
throw std::ios_base::failure("Error : No PE signature detected. If it is a PE file, it may be corrupted.");
}
else if (!hasValidMagicNumber())
{
throw std::ios_base::failure("Error : Bad magic number value detected. If it is a PE file, it may be corrupted.");
}
dllFlags_ = retrieveFieldValue(OptionalHeaderField::DllCharacteristics);
}
static int make_dump_request(debugger_action_t action, pid_t tid) {
const char* socket_name;
debugger_msg_t msg;
size_t msg_len;
void* msg_ptr;
#if defined(__LP64__)
debugger32_msg_t msg32;
if (is32bit(tid)) {
msg_len = sizeof(debugger32_msg_t);
memset(&msg32, 0, msg_len);
msg32.tid = tid;
msg32.action = action;
msg_ptr = &msg32;
socket_name = DEBUGGER32_SOCKET_NAME;
} else
#endif
{
msg_len = sizeof(debugger_msg_t);
memset(&msg, 0, msg_len);
msg.tid = tid;
msg.action = action;
msg_ptr = &msg;
socket_name = DEBUGGER_SOCKET_NAME;
}
int sock_fd = socket_local_client(socket_name, ANDROID_SOCKET_NAMESPACE_ABSTRACT,
SOCK_STREAM | SOCK_CLOEXEC);
if (sock_fd < 0) {
return -1;
}
if (send_request(sock_fd, msg_ptr, msg_len) < 0) {
TEMP_FAILURE_RETRY(close(sock_fd));
return -1;
}
return sock_fd;
}
PassRefPtr<SharedBitmap> SharedBitmap::clipBitmap(const IntRect& rect, bool useAlpha)
{
int oldWidth = width();
int oldHeight = height();
int copyWidth = std::min<int>(rect.width(), oldWidth - rect.x());
int copyHeight = std::min<int>(rect.height(), oldHeight - rect.y());
if (!copyWidth || !copyHeight)
return 0;
RefPtr<SharedBitmap> newBmp = create(IntSize(copyWidth, copyHeight), useAlpha && is32bit() ? BitmapInfo::BitCount32 : BitmapInfo::BitCount16, false);
if (!newBmp || !newBmp->bytes())
return 0;
DCHolder dcNew(newBmp.get());
StretchDIBits(dcNew.get(), 0, 0, copyWidth, copyHeight, rect.x(), rect.y(), copyWidth, copyHeight,
bytes(), &bitmapInfo(), DIB_RGB_COLORS, SRCCOPY);
return newBmp;
}
void SharedBitmap::drawPattern(HDC hdc, const AffineTransform& transform, const FloatRect& tileRectIn, const AffineTransform& patternTransform,
const FloatPoint& phase, ColorSpace styleColorSpace, CompositeOperator op, const FloatRect& destRect, const IntSize& origSourceSize)
{
if (!m_pixels)
return;
if (tileRectIn.width() <= 0 || tileRectIn.height() <= 0)
return;
bool useAlpha = op == CompositeSourceOver && hasAlpha() && is32bit();
int bmpWidth = width();
int bmpHeight = height();
FloatRect tileRect(tileRectIn);
if (bmpWidth != origSourceSize.width()) {
double rate = static_cast<double>(bmpWidth) / origSourceSize.width();
double temp = tileRect.width() * rate;
tileRect.setX(tileRect.x() * rate);
tileRect.setWidth(temp);
temp = tileRect.height() * rate;
tileRect.setY(tileRect.y() * rate);
tileRect.setHeight(temp);
}
OwnPtr<HBITMAP> clippedBmp;
if (tileRect.x() || tileRect.y() || tileRect.width() != bmpWidth || tileRect.height() != bmpHeight) {
BitmapInfo patternBmpInfo;
void* patternPixels;
clippedBmp = clipBitmap(IntRect(tileRect), useAlpha, patternBmpInfo, patternPixels);
if (!clippedBmp)
return;
bmpWidth = tileRect.width();
bmpHeight = tileRect.height();
}
AffineTransform tf = patternTransform * transform;
FloatRect trRect = tf.mapRect(destRect);
RECT clipBox;
int clipType = GetClipBox(hdc, &clipBox);
if (clipType == SIMPLEREGION)
trRect.intersect(FloatRect(clipBox.left, clipBox.top, clipBox.right - clipBox.left, clipBox.bottom - clipBox.top));
else if (clipType == COMPLEXREGION) {
OwnPtr<HRGN> clipRgn = adoptPtr(CreateRectRgn(0, 0, 0, 0));
if (GetClipRgn(hdc, clipRgn.get()) > 0) {
DWORD regionDataSize = GetRegionData(clipRgn.get(), sizeof(RGNDATA), 0);
if (regionDataSize) {
Vector<RGNDATA> regionData(regionDataSize);
GetRegionData(clipRgn.get(), regionDataSize, regionData.data());
RECT* rect = reinterpret_cast<RECT*>(regionData[0].Buffer);
for (DWORD i = 0; i < regionData[0].rdh.nCount; ++i, ++rect)
trRect.intersect(FloatRect(rect->left, rect->top, rect->right - rect->left, rect->bottom - rect->top));
}
}
}
if (trRect.width() <= 0 || trRect.height() <= 0)
return;
trRect.inflate(1);
IntRect visibleDstRect = enclosingIntRect(tf.inverse().mapRect(trRect));
visibleDstRect.intersect(IntRect(destRect));
if (visibleDstRect.width() <= 0 || visibleDstRect.height() <= 0)
return;
trRect = tf.mapRect(visibleDstRect);
RECT dstRectWin = {
stableRound(trRect.x()),
stableRound(trRect.y()),
stableRound(trRect.maxX()),
stableRound(trRect.maxY()),
};
if (dstRectWin.right <= dstRectWin.left || dstRectWin.bottom <= dstRectWin.top)
return;
SIZE bmpSize = { bmpWidth, bmpHeight };
// Relative to destination, in bitmap pixels
POINT phaseWin = { stableRound(visibleDstRect.x() - phase.x()), stableRound(visibleDstRect.y() - phase.y()) };
phaseWin.x = normalizePhase(phaseWin.x, bmpSize.cx);
phaseWin.y = normalizePhase(phaseWin.y, bmpSize.cy);
RECT srcRectWin = {
0,
0,
stableRound(visibleDstRect.maxX()) - stableRound(visibleDstRect.x()),
stableRound(visibleDstRect.maxY()) - stableRound(visibleDstRect.y())
};
if (srcRectWin.right <= 0 || srcRectWin.bottom <= 0)
return;
BitmapInfo bmpInfo = BitmapInfo::createBottomUp(IntSize(srcRectWin.right, srcRectWin.bottom), useAlpha ? BitmapInfo::BitCount32 : BitmapInfo::BitCount16);
void* pixels;
OwnPtr<HBITMAP> hbmpTemp = adoptPtr(CreateDIBSection(0, &bmpInfo, DIB_RGB_COLORS, &pixels, 0, 0));
if (!hbmpTemp)
return;
OwnPtr<HDC> hmemdc = adoptPtr(CreateCompatibleDC(hdc));
HGDIOBJ oldBmp = SelectObject(hmemdc.get(), hbmpTemp.get());
if (clippedBmp)
drawPatternSimple(hmemdc.get(), srcRectWin, clippedBmp.get(), phaseWin);
else if ((op != CompositeSourceOver || canUseDIBits()) && srcRectWin.right <= bmpSize.cx * 2 && srcRectWin.bottom <= bmpSize.cy * 2)
drawPatternSimple(hmemdc.get(), srcRectWin, this, bmpSize, phaseWin);
else if (ensureHandle())
drawPatternSimple(hmemdc.get(), srcRectWin, getHandle(), phaseWin);
else {
void* pixels;
BitmapInfo bmpInfo;
OwnPtr<HBITMAP> hbmp = createHandle(&pixels, &bmpInfo, -1, false);
if (hbmp)
drawPatternSimple(hmemdc.get(), srcRectWin, hbmp.get(), phaseWin);
else {
SelectObject(hmemdc.get(), oldBmp);
return;
}
}
if (useAlpha && hasAlphaBlendSupport()) {
static const BLENDFUNCTION blend = { AC_SRC_OVER, 0, 255, AC_SRC_ALPHA };
bool success = alphaBlendIfSupported(hdc, dstRectWin.left, dstRectWin.top, dstRectWin.right - dstRectWin.left, dstRectWin.bottom - dstRectWin.top,
hmemdc.get(), 0, 0, srcRectWin.right, srcRectWin.bottom, blend);
ASSERT_UNUSED(success, success);
} else if (useAlpha && !hasAlphaBlendSupport() || op == CompositeSourceOver && usesTransparentColor()) {
TransparentBlt(hdc, dstRectWin.left, dstRectWin.top, dstRectWin.right - dstRectWin.left,
dstRectWin.bottom - dstRectWin.top, hmemdc.get(), 0, 0, srcRectWin.right, srcRectWin.bottom, transparentColor());
} else {
DWORD bmpOp = op == CompositeCopy ? SRCCOPY
: op == CompositeSourceOver ? SRCCOPY
: op == CompositeXOR ? PATINVERT
: op == CompositeClear ? WHITENESS
: SRCCOPY; // FIXEME: other types?
StretchDIBits(hdc, dstRectWin.left, dstRectWin.top, dstRectWin.right - dstRectWin.left,
dstRectWin.bottom - dstRectWin.top, 0, 0, srcRectWin.right, srcRectWin.bottom,
pixels, &bmpInfo, DIB_RGB_COLORS, bmpOp);
}
SelectObject(hmemdc.get(), oldBmp);
}
PassOwnPtr<HBITMAP> SharedBitmap::clipBitmap(const IntRect& rect, bool useAlpha, BitmapInfo& bmpInfo, void*& pixels)
{
if (!bytes())
return nullptr;
int oldWidth = width();
int oldHeight = height();
int copyWidth = std::min<int>(rect.width(), oldWidth - rect.x());
int copyHeight = std::min<int>(rect.height(), oldHeight - rect.y());
if (!copyWidth || !copyHeight)
return nullptr;
bmpInfo = BitmapInfo::createBottomUp(IntSize(copyWidth, copyHeight), (useAlpha && is32bit()) ? BitmapInfo::BitCount32 : BitmapInfo::BitCount16);
OwnPtr<HBITMAP> newBmp = adoptPtr(CreateDIBSection(0, &bmpInfo, DIB_RGB_COLORS, &pixels, 0, 0));
if (!newBmp)
return nullptr;
OwnPtr<HDC> dcNew = adoptPtr(CreateCompatibleDC(0));
HGDIOBJ tmpNew = SelectObject(dcNew.get(), newBmp.get());
StretchDIBits(dcNew.get(), 0, 0, copyWidth, copyHeight, rect.x(), rect.y(), copyWidth, copyHeight,
bytes(), &bitmapInfo(), DIB_RGB_COLORS, SRCCOPY);
SelectObject(dcNew.get(), tmpNew);
return newBmp.release();
}
static void monitor_worker_process(int child_pid, const debugger_request_t& request) {
struct timespec timeout = {.tv_sec = 10, .tv_nsec = 0 };
if (should_attach_gdb(request)) {
// If wait_for_gdb is enabled, set the timeout to something large.
timeout.tv_sec = INT_MAX;
}
sigset_t signal_set;
sigemptyset(&signal_set);
sigaddset(&signal_set, SIGCHLD);
bool kill_worker = false;
bool kill_target = false;
bool kill_self = false;
int status;
siginfo_t siginfo;
int signal = TEMP_FAILURE_RETRY(sigtimedwait(&signal_set, &siginfo, &timeout));
if (signal == SIGCHLD) {
pid_t rc = waitpid(-1, &status, WNOHANG | WUNTRACED);
if (rc != child_pid) {
ALOGE("debuggerd: waitpid returned unexpected pid (%d), committing murder-suicide", rc);
if (WIFEXITED(status)) {
ALOGW("debuggerd: pid %d exited with status %d", rc, WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
ALOGW("debuggerd: pid %d received signal %d", rc, WTERMSIG(status));
} else if (WIFSTOPPED(status)) {
ALOGW("debuggerd: pid %d stopped by signal %d", rc, WSTOPSIG(status));
} else if (WIFCONTINUED(status)) {
ALOGW("debuggerd: pid %d continued", rc);
}
kill_worker = true;
kill_target = true;
kill_self = true;
} else if (WIFSIGNALED(status)) {
ALOGE("debuggerd: worker process %d terminated due to signal %d", child_pid, WTERMSIG(status));
kill_worker = false;
kill_target = true;
} else if (WIFSTOPPED(status)) {
ALOGE("debuggerd: worker process %d stopped due to signal %d", child_pid, WSTOPSIG(status));
kill_worker = true;
kill_target = true;
}
} else {
ALOGE("debuggerd: worker process %d timed out", child_pid);
kill_worker = true;
kill_target = true;
}
if (kill_worker) {
// Something bad happened, kill the worker.
if (kill(child_pid, SIGKILL) != 0) {
ALOGE("debuggerd: failed to kill worker process %d: %s", child_pid, strerror(errno));
} else {
waitpid(child_pid, &status, 0);
}
}
int exit_signal = SIGCONT;
if (kill_target && request.action == DEBUGGER_ACTION_CRASH) {
ALOGE("debuggerd: killing target %d", request.pid);
exit_signal = SIGKILL;
} else {
ALOGW("debuggerd: resuming target %d", request.pid);
}
if (kill(request.pid, exit_signal) != 0) {
ALOGE("debuggerd: failed to send signal %d to target: %s", exit_signal, strerror(errno));
}
if (kill_self) {
stop_signal_sender();
_exit(1);
}
}
static void handle_request(int fd) {
ALOGV("handle_request(%d)\n", fd);
android::base::unique_fd closer(fd);
debugger_request_t request;
memset(&request, 0, sizeof(request));
int status = read_request(fd, &request);
if (status != 0) {
return;
}
ALOGW("debuggerd: handling request: pid=%d uid=%d gid=%d tid=%d\n", request.pid, request.uid,
request.gid, request.tid);
#if defined(__LP64__)
// On 64 bit systems, requests to dump 32 bit and 64 bit tids come
// to the 64 bit debuggerd. If the process is a 32 bit executable,
// redirect the request to the 32 bit debuggerd.
if (is32bit(request.tid)) {
// Only dump backtrace and dump tombstone requests can be redirected.
if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE ||
request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
redirect_to_32(fd, &request);
} else {
ALOGE("debuggerd: Not allowed to redirect action %d to 32 bit debuggerd\n", request.action);
}
return;
}
#endif
// Fork a child to handle the rest of the request.
pid_t fork_pid = fork();
if (fork_pid == -1) {
ALOGE("debuggerd: failed to fork: %s\n", strerror(errno));
} else if (fork_pid == 0) {
worker_process(fd, request);
} else {
monitor_worker_process(fork_pid, request);
}
}
static void handle_request(int fd) {
ALOGV("handle_request(%d)\n", fd);
debugger_request_t request;
memset(&request, 0, sizeof(request));
int status = read_request(fd, &request);
if (!status) {
ALOGV("BOOM: pid=%d uid=%d gid=%d tid=%d\n",
request.pid, request.uid, request.gid, request.tid);
#if defined(__LP64__)
// On 64 bit systems, requests to dump 32 bit and 64 bit tids come
// to the 64 bit debuggerd. If the process is a 32 bit executable,
// redirect the request to the 32 bit debuggerd.
if (is32bit(request.tid)) {
// Only dump backtrace and dump tombstone requests can be redirected.
if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE
|| request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
redirect_to_32(fd, &request);
} else {
ALOGE("debuggerd: Not allowed to redirect action %d to 32 bit debuggerd\n",
request.action);
}
close(fd);
return;
}
#endif
// At this point, the thread that made the request is blocked in
// a read() call. If the thread has crashed, then this gives us
// time to PTRACE_ATTACH to it before it has a chance to really fault.
//
// The PTRACE_ATTACH sends a SIGSTOP to the target process, but it
// won't necessarily have stopped by the time ptrace() returns. (We
// currently assume it does.) We write to the file descriptor to
// ensure that it can run as soon as we call PTRACE_CONT below.
// See details in bionic/libc/linker/debugger.c, in function
// debugger_signal_handler().
if (ptrace(PTRACE_ATTACH, request.tid, 0, 0)) {
ALOGE("ptrace attach failed: %s\n", strerror(errno));
} else {
bool detach_failed = false;
bool tid_unresponsive = false;
bool attach_gdb = should_attach_gdb(&request);
if (TEMP_FAILURE_RETRY(write(fd, "\0", 1)) != 1) {
ALOGE("failed responding to client: %s\n", strerror(errno));
} else {
char* tombstone_path = NULL;
if (request.action == DEBUGGER_ACTION_CRASH) {
close(fd);
fd = -1;
}
int total_sleep_time_usec = 0;
for (;;) {
int signal = wait_for_sigstop(request.tid, &total_sleep_time_usec, &detach_failed);
if (signal == -1) {
tid_unresponsive = true;
break;
}
switch (signal) {
case SIGSTOP:
if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
ALOGV("stopped -- dumping to tombstone\n");
tombstone_path = engrave_tombstone(request.pid, request.tid,
signal, request.original_si_code,
request.abort_msg_address, true,
&detach_failed, &total_sleep_time_usec);
} else if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE) {
ALOGV("stopped -- dumping to fd\n");
dump_backtrace(fd, -1, request.pid, request.tid, &detach_failed,
&total_sleep_time_usec);
} else {
ALOGV("stopped -- continuing\n");
status = ptrace(PTRACE_CONT, request.tid, 0, 0);
if (status) {
ALOGE("ptrace continue failed: %s\n", strerror(errno));
}
continue; // loop again
}
break;
case SIGABRT:
case SIGBUS:
case SIGFPE:
case SIGILL:
case SIGSEGV:
#ifdef SIGSTKFLT
case SIGSTKFLT:
#endif
case SIGTRAP:
ALOGV("stopped -- fatal signal\n");
// Send a SIGSTOP to the process to make all of
// the non-signaled threads stop moving. Without
// this we get a lot of "ptrace detach failed:
// No such process".
kill(request.pid, SIGSTOP);
// don't dump sibling threads when attaching to GDB because it
// makes the process less reliable, apparently...
tombstone_path = engrave_tombstone(request.pid, request.tid,
signal, request.original_si_code,
request.abort_msg_address, !attach_gdb,
&detach_failed, &total_sleep_time_usec);
break;
default:
ALOGE("process stopped due to unexpected signal %d\n", signal);
break;
}
break;
}
if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
if (tombstone_path) {
write(fd, tombstone_path, strlen(tombstone_path));
}
close(fd);
fd = -1;
}
free(tombstone_path);
}
if (!tid_unresponsive) {
ALOGV("detaching");
if (attach_gdb) {
// stop the process so we can debug
kill(request.pid, SIGSTOP);
}
if (ptrace(PTRACE_DETACH, request.tid, 0, 0)) {
ALOGE("ptrace detach from %d failed: %s", request.tid, strerror(errno));
detach_failed = true;
} else if (attach_gdb) {
// if debug.db.uid is set, its value indicates if we should wait
// for user action for the crashing process.
// in this case, we log a message and turn the debug LED on
// waiting for a gdb connection (for instance)
wait_for_user_action(request);
}
}
// resume stopped process (so it can crash in peace).
kill(request.pid, SIGCONT);
// If we didn't successfully detach, we're still the parent, and the
// actual parent won't receive a death notification via wait(2). At this point
// there's not much we can do about that.
if (detach_failed) {
ALOGE("debuggerd committing suicide to free the zombie!\n");
kill(getpid(), SIGKILL);
}
}
}
if (fd >= 0) {
close(fd);
}
}
cString IA32IntelNotation::string(OpcodeFormatStruct* formatStruct) const
{
// Get the instruction address
ProcessorAddress ipAddress(gNullPointerProcessorAddress);
bool shouldUseIp = m_data->getOpcodeAddress(ipAddress);
// Mark new instruction
m_dataFormatter.newInstruction(shouldUseIp, ipAddress);
// Add all the prepost-prefix name
cString ret;
// Add all the prepost-prefix name
for (uint i = 0; i < m_opcode->m_prefixsCount; i++)
for (uint j = 0; j < ia32dis::IA32_NUMBER_OF_PREFIXS; j++)
if ((m_opcode->m_prefixs[i] == ia32dis::gIa32PrefixTable[j].m_opcode) &&
(!ia32dis::gIa32PrefixTable[j].m_isSegmentSelector) &&
(ia32dis::gIa32PrefixTable[j].m_isOpcodeNameValid))
{
ret+= ia32dis::gIa32PrefixTable[j].m_prefixName;
ret+= " ";
}
if (formatStruct != NULL)
formatStruct->m_opcodeNameStart = ret.length();
// Add the opcode name
cString opcodeName = m_opcode->m_opcode->m_opcodeName;
// Replace name convenstion
if (opcodeName.find("/") < opcodeName.length())
{
// TODO! 64bit
if (is32bit())
opcodeName = opcodeName.left(opcodeName.find("/"));
else
opcodeName = opcodeName.part(opcodeName.find("/") + 1,
opcodeName.length() - 1);
}
uint namePos = opcodeName.find("#");
while (namePos != opcodeName.length()) {
switch (opcodeName[namePos + 1])
{
case XSTL_CHAR('d'):
opcodeName = opcodeName.left(namePos) +
(is32bit() ? "d" : "") +
opcodeName.part(namePos + 2, opcodeName.length() - 1);
break;
case XSTL_CHAR('e'):
opcodeName = opcodeName.left(namePos) +
(is32bit() ? "e" : "") +
opcodeName.part(namePos + 2, opcodeName.length() - 1);
break;
case XSTL_CHAR('#'):
opcodeName = opcodeName.left(namePos) +
(is32bit() ? "d" : "w") +
opcodeName.part(namePos + 2, opcodeName.length() - 1);
break;
}
namePos = opcodeName.find("#");
}
ret+= m_dataFormatter.reparseOpcode(opcodeName);
if (formatStruct != NULL)
formatStruct->m_opcodeOperandsStart = ret.length();
// Start adding operands
// Add operands
if (m_opcode->m_opcode->m_firstOperand == ia32dis::OPND_NO_OPERAND)
{
ASSERT(m_opcode->m_opcode->m_secondOperand == ia32dis::OPND_NO_OPERAND);
ASSERT(m_opcode->m_opcode->m_thridOperand == ia32dis::OPND_NO_OPERAND);
return m_dataFormatter.endInstruction(ret);
}
ret+= m_dataFormatter.reparseFirstOperand(
stringOperand(m_opcode->m_opcode->m_firstOperand));
if (m_opcode->m_opcode->m_secondOperand == ia32dis::OPND_NO_OPERAND)
{
ASSERT(m_opcode->m_opcode->m_thridOperand == ia32dis::OPND_NO_OPERAND);
return m_dataFormatter.endInstruction(ret);
}
// Pad with space and first operand
ret+= m_dataFormatter.getOpcodesSeparator(ret);
ret+= m_dataFormatter.reparseSecondOperand(
stringOperand(m_opcode->m_opcode->m_secondOperand));
if (m_opcode->m_opcode->m_thridOperand == ia32dis::OPND_NO_OPERAND)
return m_dataFormatter.endInstruction(ret);
ret+= m_dataFormatter.getOpcodesSeparator(ret);
ret+= m_dataFormatter.reparseThirdOperand(
stringOperand(m_opcode->m_opcode->m_thridOperand));
// Build the instruction
return m_dataFormatter.endInstruction(ret);
}
cString IA32IntelNotation::getModrmString(ia32dis::OperandType type) const
{
cString ret;
uint reg = m_opcode->m_modrm.m_bits.m_rm;
uint mod = m_opcode->m_modrm.m_bits.m_mod;
ia32dis::ModRMTranslationType* modrmTranslator = NULL;
ia32dis::RegisterDescription* registersDescriptor = NULL;
// Load appropriate MOD/RM table. Determined by address size attribute.
switch (m_opcode->m_addressSize)
{
case IntegerEncoding::INTEGER_16BIT:
// 16 bit
modrmTranslator = &ia32dis::gIa32ModRM16;
break;
case IntegerEncoding::INTEGER_32BIT:
// 32 bit
modrmTranslator = &ia32dis::gIa32ModRM32;
break;
default:
// For 64bit and all other unknown value.
CHECK_FAIL();
}
// Load appropriate Register table. Determined by MODR/M mode (Memory
// reference or direct register access) and MODR/M operand type
if ((*modrmTranslator)[mod][reg].m_isReference ||
(type == ia32dis::OPND_MODRM_MEM))
{
// MODR/M reference mode. Load MODR/M table based on address size
// attribute
switch (m_opcode->m_addressSize)
{
case IntegerEncoding::INTEGER_16BIT:
registersDescriptor = ia32dis::gIa16Registers;
break;
case IntegerEncoding::INTEGER_32BIT:
registersDescriptor = ia32dis::gIa32Registers;
break;
// TODO! 64 bit table
default:
CHECK_FAIL();
}
} else
{
// MODR/M Direct register mode (11).
// NOTE: Check if it truly is either reference (00, 01, 10) or direct
// register(11) or not. If not, then redesign is required
switch (type)
{
case ia32dis::OPND_MODRM_dWORDPTR:
switch (m_opcode->m_operandSize)
{
case IntegerEncoding::INTEGER_16BIT:
registersDescriptor = ia32dis::gIa16Registers;
break;
case IntegerEncoding::INTEGER_32BIT:
registersDescriptor = ia32dis::gIa32Registers;
break;
default:
CHECK_FAIL();
}
break;
case ia32dis::OPND_MODRM_WORDPTR:
registersDescriptor = ia32dis::gIa16Registers;
break;
case ia32dis::OPND_MODRM_BYTEPTR:
registersDescriptor = ia32dis::gIa8Registers;
break;
case ia32dis::OPND_MODRM_MEM: // Handled in the previous case.
default:
CHECK_FAIL();
}
}
if ((*modrmTranslator)[mod][reg].m_isReference)
{
switch (type)
{
case ia32dis::OPND_MODRM_dWORDPTR:
switch (m_opcode->m_operandSize)
{
case IntegerEncoding::INTEGER_16BIT: ret+= "word ptr "; break;
case IntegerEncoding::INTEGER_32BIT: ret+= "dword ptr "; break;
default: break;
}
break;
case ia32dis::OPND_MODRM_WORDPTR:
ret+= "word ptr "; break;
case ia32dis::OPND_MODRM_BYTEPTR:
ret+= "byte ptr "; break;
default:
break;
}
ret+= getSegmentSelector();
ret+= "[";
}
uint firstReg = (*modrmTranslator)[mod][reg].m_firstRegisterPointer;
uint secondReg = (*modrmTranslator)[mod][reg].m_secondRegisterPointer;
if (firstReg != ia32dis::NO_REGISTER)
ret+= registersDescriptor[firstReg].m_name;
if (secondReg != ia32dis::NO_REGISTER)
{
ret+= "+";
ret+= registersDescriptor[secondReg].m_name;
}
if ((*modrmTranslator)[mod][reg].m_forceSib)
{
// Start with the index register
// TODO: Should this be m_bits.m_base?
//if (m_opcode->m_sib.m_bits.m_base == ia32dis::IA32_GP32_EBP)
if (m_opcode->m_sib.m_bits.m_index == ia32dis::IA32_GP32_EBP)
{
// mod 0 has no index
if (mod != 0)
{
ret+= registersDescriptor[ia32dis::IA32_GP32_EBP].m_name;
ret+= "+";
}
} else
{
//ret+= registersDescriptor[m_opcode->m_sib.m_bits.m_base].m_name;
ret+= registersDescriptor[m_opcode->m_sib.m_bits.m_index].m_name;
ret+= "+";
}
// Add the scale register
// TODO: Should this be m_bits.m_index?
//if (m_opcode->m_sib.m_bits.m_index != ia32dis::IA32_GP32_ESP)
if (m_opcode->m_sib.m_bits.m_base != ia32dis::IA32_GP32_ESP)
{
//ret+= registersDescriptor[m_opcode->m_sib.m_bits.m_index].m_name;
ret+= registersDescriptor[m_opcode->m_sib.m_bits.m_base].m_name;
if (m_opcode->m_sib.m_bits.m_scale != 0)
{
ret+= "*";
switch (m_opcode->m_sib.m_bits.m_scale)
{
case 1: ret+= "2"; break;
case 2: ret+= "4"; break;
case 3: ret+= "8"; break;
}
}
}
}
if (m_opcode->m_displacementLength > 0)
{
int32 displacement = 0;
switch (m_opcode->m_displacementLength)
{
case 1: displacement = (int8)(m_opcode->m_displacement); break;
case 2: displacement = (int16)(m_opcode->m_displacement); break;
case 4: displacement = (int32)(m_opcode->m_displacement); break;
default:
CHECK_FAIL();
}
if ((*modrmTranslator)[mod][reg].m_displacementRelative)
{
/*
* TODO! How should I treat the displacement? As an address or as a
* const?, For now I think I will use it as an address relative+
* to 0...
*
ret+= m_dataFormatter.translateRelativeAddress(displacement,
false,
gNullPointerProcessorAddress);
*/
ret+= m_dataFormatter.translateRelativeDisplacement(displacement);
} else
{
switch (m_opcode->m_displacementLength)
{
case 1: ret+= m_dataFormatter.translateUint8(displacement); break;
case 2: if (is32bit())
ret+= m_dataFormatter.translateUint16(displacement);
else
ret+= m_dataFormatter.translateAbsoluteAddress(
ProcessorAddress(ProcessorAddress::PROCESSOR_16,
displacement));
break;
case 4: if (is32bit())
ret+= m_dataFormatter.translateAbsoluteAddress(
ProcessorAddress(ProcessorAddress::PROCESSOR_32,
displacement));
else
ret+= m_dataFormatter.translateUint32(displacement);
break;
}
}
}
if ((*modrmTranslator)[mod][reg].m_isReference)
ret+= "]";
return ret;
}
static void handle_request(int fd) {
ALOGV("handle_request(%d)\n", fd);
ScopedFd closer(fd);
debugger_request_t request;
memset(&request, 0, sizeof(request));
int status = read_request(fd, &request);
if (status != 0) {
return;
}
ALOGV("BOOM: pid=%d uid=%d gid=%d tid=%d\n", request.pid, request.uid, request.gid, request.tid);
#if defined(__LP64__)
// On 64 bit systems, requests to dump 32 bit and 64 bit tids come
// to the 64 bit debuggerd. If the process is a 32 bit executable,
// redirect the request to the 32 bit debuggerd.
if (is32bit(request.tid)) {
// Only dump backtrace and dump tombstone requests can be redirected.
if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE ||
request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
redirect_to_32(fd, &request);
} else {
ALOGE("debuggerd: Not allowed to redirect action %d to 32 bit debuggerd\n", request.action);
}
return;
}
#endif
// Fork a child to handle the rest of the request.
pid_t fork_pid = fork();
if (fork_pid == -1) {
ALOGE("debuggerd: failed to fork: %s\n", strerror(errno));
return;
} else if (fork_pid != 0) {
waitpid(fork_pid, nullptr, 0);
return;
}
// Open the tombstone file if we need it.
std::string tombstone_path;
int tombstone_fd = -1;
switch (request.action) {
case DEBUGGER_ACTION_DUMP_TOMBSTONE:
case DEBUGGER_ACTION_CRASH:
tombstone_fd = open_tombstone(&tombstone_path);
if (tombstone_fd == -1) {
ALOGE("debuggerd: failed to open tombstone file: %s\n", strerror(errno));
exit(1);
}
break;
case DEBUGGER_ACTION_DUMP_BACKTRACE:
break;
default:
ALOGE("debuggerd: unexpected request action: %d", request.action);
exit(1);
}
// At this point, the thread that made the request is blocked in
// a read() call. If the thread has crashed, then this gives us
// time to PTRACE_ATTACH to it before it has a chance to really fault.
//
// The PTRACE_ATTACH sends a SIGSTOP to the target process, but it
// won't necessarily have stopped by the time ptrace() returns. (We
// currently assume it does.) We write to the file descriptor to
// ensure that it can run as soon as we call PTRACE_CONT below.
// See details in bionic/libc/linker/debugger.c, in function
// debugger_signal_handler().
// Attach to the target process.
if (ptrace(PTRACE_ATTACH, request.tid, 0, 0) != 0) {
ALOGE("debuggerd: ptrace attach failed: %s", strerror(errno));
exit(1);
}
// Don't attach to the sibling threads if we want to attach gdb.
// Supposedly, it makes the process less reliable.
bool attach_gdb = should_attach_gdb(&request);
int signal_in_fd = -1;
int signal_out_fd = -1;
pid_t signal_pid = 0;
if (attach_gdb) {
// Open all of the input devices we need to listen for VOLUMEDOWN before dropping privileges.
if (init_getevent() != 0) {
ALOGE("debuggerd: failed to initialize input device, not waiting for gdb");
attach_gdb = false;
}
// Fork a process that stays root, and listens on a pipe to pause and resume the target.
if (!fork_signal_sender(&signal_in_fd, &signal_out_fd, &signal_pid, request.pid)) {
attach_gdb = false;
}
}
auto notify_signal_sender = [=]() {
char buf[1];
if (TEMP_FAILURE_RETRY(write(signal_in_fd, "", 1)) != 1) {
ALOGE("debuggerd: failed to notify signal process: %s", strerror(errno));
} else if (TEMP_FAILURE_RETRY(read(signal_out_fd, buf, 1)) != 1) {
ALOGE("debuggerd: failed to read response from signal process: %s", strerror(errno));
}
};
std::set<pid_t> siblings;
if (!attach_gdb) {
ptrace_siblings(request.pid, request.tid, siblings);
}
// Generate the backtrace map before dropping privileges.
std::unique_ptr<BacktraceMap> backtrace_map(BacktraceMap::Create(request.pid));
bool succeeded = false;
// Now that we've done everything that requires privileges, we can drop them.
if (drop_privileges()) {
succeeded = perform_dump(request, fd, tombstone_fd, backtrace_map.get(), siblings);
if (succeeded) {
if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
if (!tombstone_path.empty()) {
write(fd, tombstone_path.c_str(), tombstone_path.length());
}
}
}
if (attach_gdb) {
// Tell the signal process to send SIGSTOP to the target.
notify_signal_sender();
}
}
if (ptrace(PTRACE_DETACH, request.tid, 0, 0) != 0) {
ALOGE("debuggerd: ptrace detach from %d failed: %s", request.tid, strerror(errno));
}
for (pid_t sibling : siblings) {
ptrace(PTRACE_DETACH, sibling, 0, 0);
}
// Wait for gdb, if requested.
if (attach_gdb && succeeded) {
wait_for_user_action(request);
// Tell the signal process to send SIGCONT to the target.
notify_signal_sender();
uninit_getevent();
waitpid(signal_pid, nullptr, 0);
}
exit(!succeeded);
}
