Exemplo n.º 1
0
R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) {
	int has_bp;
	ut64 pc;

	if (r_debug_is_dead (dbg))
		return R_FALSE;

	// Check if there was another breakpoint set at addr
	has_bp = r_bp_get_in (dbg->bp, addr, R_BP_PROT_EXEC) != NULL;
	if (!has_bp)
		r_bp_add_sw (dbg->bp, addr, dbg->bpsize, R_BP_PROT_EXEC);

	// Continue until the bp is reached
	for (;;) {
		if (r_debug_is_dead (dbg))
			break;

		pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
		if (pc == addr)
			break;
		if (r_bp_get_at (dbg->bp, pc))
                        break;
		r_debug_continue (dbg);
	}

	// Clean up if needed
	if (!has_bp)
		r_bp_del (dbg->bp, addr);

	return R_TRUE;
}
Exemplo n.º 2
0
// XXX: this function uses 'oeax' which is linux-i386-specific
R_API int r_debug_continue_syscall(struct r_debug_t *dbg, int sc) {
	int reg, ret = R_FALSE;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg && dbg->h) {
		if (dbg->h->contsc) {
			do {
				ret = dbg->h->contsc (dbg, dbg->pid, sc);
				if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) {
					eprintf ("--> eol\n");
					sc = 0;
					break;
				}
				reg = (int)r_debug_reg_get (dbg, "oeax"); // XXX
				eprintf ("--> syscall %d\n", reg);
				if (reg == 0LL)
					break;
				// TODO: must use r_core_cmd(as)..import code from rcore
			} while (sc != 0 && sc != reg);
		} else {
			r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0);
			reg = (int)r_debug_reg_get (dbg, "oeax"); // XXX
			eprintf ("--> syscall %d\n", reg);
		}
	}
	return ret;
}
Exemplo n.º 3
0
R_API int r_debug_step_hard(RDebug *dbg) {
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (!dbg->h->step (dbg))
		return R_FALSE;
	return r_debug_wait (dbg);
}
Exemplo n.º 4
0
/* Returns PID */
R_API int r_debug_wait(RDebug *dbg) {
	int ret = 0;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg && dbg->h && dbg->h->wait) {
		dbg->reason = R_DBG_REASON_UNKNOWN;
		ret = dbg->h->wait (dbg, dbg->pid);
		dbg->reason = ret;
		dbg->newstate = 1;
		if (ret == -1) {
			eprintf ("\n==> Process finished\n\n");
			r_debug_select (dbg, -1, -1);
		}
		//eprintf ("wait = %d\n", ret);
		if (dbg->trace->enabled)
			r_debug_trace_pc (dbg);
		if (ret == R_DBG_REASON_SIGNAL && dbg->signum != -1) {
			/* handle signal on continuations here */
			int what = r_debug_signal_what (dbg, dbg->signum);
			const char *name = r_debug_signal_resolve_i (dbg, dbg->signum);
			if (strcmp ("SIGTRAP", name))
				r_cons_printf ("[+] signal %d aka %s received\n",
					dbg->signum, name);
			if (what & R_DBG_SIGNAL_SKIP) {
				dbg->signum = 0;
				// TODO: use ptrace-setsiginfo to ignore signal
			}
			if (what & R_DBG_SIGNAL_CONT) {
				// XXX: support step, steptrace, continue_until_foo, etc..
				r_debug_continue (dbg);
			}
		}
	}
	return ret;
}
Exemplo n.º 5
0
/* Returns PID */
R_API int r_debug_wait(RDebug *dbg) {
	int ret = 0;
	if (!dbg)
		return R_FALSE;
	dbg->reason.type = R_DEBUG_REASON_UNKNOWN;
	if (r_debug_is_dead (dbg)) {
		return dbg->reason.type = R_DEBUG_REASON_DEAD;
	}
	if (dbg->h && dbg->h->wait) {
		dbg->reason.type = R_DEBUG_REASON_UNKNOWN;
		ret = dbg->h->wait (dbg, dbg->pid);
		dbg->newstate = 1;
		if (ret == -1) {
			eprintf ("\n==> Process finished\n\n");
			r_debug_select (dbg, -1, -1);
		}
		//eprintf ("wait = %d\n", ret);
		if (dbg->trace->enabled)
			r_debug_trace_pc (dbg);
		if (ret == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) {
			/* handle signal on continuations here */
			int what = r_debug_signal_what (dbg, dbg->reason.signum);
			const char *name = r_debug_signal_resolve_i (dbg, dbg->reason.signum);
			if (name && strcmp ("SIGTRAP", name))
				r_cons_printf ("[+] signal %d aka %s received %d\n",
						dbg->reason.signum, name, what);
		}
	}
	return ret;
}
Exemplo n.º 6
0
/* restore program counter after breakpoint hit */
static int r_debug_recoil(RDebug *dbg) {
	int recoil;
	RRegItem *ri;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
	ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1);
	dbg->reason.bpi = NULL;
	if (ri) {
		ut64 addr = r_reg_get_value (dbg->reg, ri);
		recoil = r_bp_recoil (dbg->bp, addr);
		//eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil);
#if __arm__
		if (recoil<1) recoil = 0; // XXX Hack :D
#else
		if (recoil<1) recoil = 0; //1; // XXX Hack :D (x86 only?)
#endif
		if (recoil) {
			dbg->reason.type = R_DEBUG_REASON_BREAKPOINT;
			dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil);
			dbg->reason.addr = addr - recoil;
			r_reg_set_value (dbg->reg, ri, addr-recoil);
			if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) {
				eprintf ("r_debug_recoil: Cannot set program counter\n");
				return R_FALSE;
			}
			r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE);
			//eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil));
			return R_TRUE;
		}
	} else eprintf ("r_debug_recoil: Cannot get program counter\n");
	return R_FALSE;
}
Exemplo n.º 7
0
/* optimization: avoid so many reads */
R_API int r_debug_continue_until_optype(RDebug *dbg, int type, int over) {
	int (*step)(RDebug *d, int n);
	int ret, n = 0;
	ut64 pc = 0;
	RAnalOp op;
	ut8 buf[64];

	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg->anal && dbg->reg) {
		const char *pcreg = dbg->reg->name[R_REG_NAME_PC];
		step = over? r_debug_step_over: r_debug_step;
		for (;;) {
			pc = r_debug_reg_get (dbg, pcreg);
			dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf));
			ret = r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf));
			if (ret>0 && op.type&type)
				break;
			if (!step (dbg, 1)) {
				eprintf ("r_debug_step: failed\n");
				break;
			}
			n++;
		}
	} else eprintf ("Undefined pointer at dbg->anal\n");
	return n;
}
Exemplo n.º 8
0
R_API int r_debug_step_over(RDebug *dbg, int steps) {
	RAnalOp op;
	ut8 buf[64];
	int ret = -1;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg->h && dbg->h->step_over) {
		if (steps<1) steps = 1;
		while (steps--)
			if (!dbg->h->step_over (dbg))
				return R_FALSE;
		return R_TRUE;
	}
	if (dbg->anal && dbg->reg) {
		ut64 pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
		dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf));
		r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf));
		if (op.type & R_ANAL_OP_TYPE_CALL
		   || op.type & R_ANAL_OP_TYPE_UCALL) {
			ut64 bpaddr = pc + op.length;
			r_bp_add_sw (dbg->bp, bpaddr, 1, R_BP_PROT_EXEC);
			ret = r_debug_continue (dbg);
			r_bp_del (dbg->bp, bpaddr);
		} else {
			ret = r_debug_step (dbg, 1);
		}
	} else eprintf ("Undefined debugger backend\n");
	return ret;
}
Exemplo n.º 9
0
// XXX: very experimental
R_API int r_debug_step_soft(RDebug *dbg) {
	int ret;
	ut8 buf[32];
	RAnalOp op;
	ut64 pc0, pc1, pc2;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	pc0 = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
	dbg->iob.read_at (dbg->iob.io, pc0, buf, sizeof (buf));
	ret = r_anal_op (dbg->anal, &op, pc0, buf, sizeof (buf));
//eprintf ("read from pc0 = 0x%llx\n", pc0);
	pc1 = pc0 + op.length;
//eprintf ("oplen = %d\n", op.length);
//eprintf ("breakpoint at pc1 = 0x%llx\n", pc1);
	// XXX: Does not works for 'ret'
	pc2 = op.jump? op.jump: 0;
//eprintf ("ADD SECOND BREAKPOINT FRO CALLS %llx\n", op.jump);
//eprintf ("breakpoint 2 at pc2 = 0x%llx\n", pc2);

	r_bp_add_sw (dbg->bp, pc1, 4, R_BP_PROT_EXEC);
	if (pc2) r_bp_add_sw (dbg->bp, pc2, 4, R_BP_PROT_EXEC);
	r_debug_continue (dbg);
//eprintf ("wait\n");
	//r_debug_wait (dbg);
//eprintf ("del\n");
	r_bp_del (dbg->bp, pc1);
	if (pc2) r_bp_del (dbg->bp, pc2);

	return ret;
}
Exemplo n.º 10
0
R_API int r_debug_step(RDebug *dbg, int steps) {
	int i, ret;

	if (!dbg || !dbg->h)
		return R_FALSE;
	dbg->reason.type = R_DEBUG_REASON_STEP;

	if (r_debug_is_dead (dbg)) {
		return R_FALSE;
	}

	if (steps < 1)
		steps = 1;

	for (i = 0; i < steps; i++) {
		ret = dbg->swstep?
			r_debug_step_soft (dbg):
			r_debug_step_hard (dbg);
		if (!ret) {
			eprintf ("Stepping failed!\n");
			return R_FALSE;
		} else {
			dbg->steps++;
			dbg->reason.type = R_DEBUG_REASON_STEP;
			//dbg->reason.addr = 
		}
	}

	return i;
}
Exemplo n.º 11
0
/* restore program counter after breakpoint hit */
static int r_debug_recoil(RDebug *dbg) {
	int recoil;
	RRegItem *ri;
	if (r_debug_is_dead (dbg)) {
		return false;
	}
	r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false);
	ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1);
	dbg->reason.bpi = NULL;
	if (ri) {
		ut64 addr = r_reg_get_value (dbg->reg, ri);
		recoil = r_bp_recoil (dbg->bp, addr - dbg->bpsize);
		//eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil);
		if (recoil < 1)
			recoil = 0; // XXX Hack :D
		if (recoil) {
			dbg->in_recoil = true;
			dbg->reason.type = R_DEBUG_REASON_BREAKPOINT;
			dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil);
			dbg->reason.addr = addr - recoil;
			r_reg_set_value (dbg->reg, ri, addr-recoil);
			if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) {
				eprintf ("r_debug_recoil: Cannot set program counter\n");
				return false;
			}
			r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true);
			//eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil));
			return true;
		}
	} else {
		eprintf ("r_debug_recoil: Cannot get program counter\n");
	}
	return false;
}
Exemplo n.º 12
0
R_API int r_debug_continue_until(struct r_debug_t *dbg, ut64 addr) {
// TODO: use breakpoint+continue... more efficient
	int n = 0;
	ut64 pc = 0;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	do {
		if (pc !=0) r_debug_step (dbg, 1);
		n++;
	} while (pc != addr && !r_debug_is_dead (dbg));
	return n;
	//struct r_debug_bp_t *bp = r_debug_bp_add (dbg, addr);
	//int ret = r_debug_continue(dbg);
	/* TODO: check if the debugger stops at the right address */
	//r_debug_bp_del(dbg, bp);
	//return -1;
}
Exemplo n.º 13
0
R_API int r_debug_step_hard(RDebug *dbg) {
	dbg->reason.type = R_DEBUG_REASON_STEP;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (!dbg->h->step (dbg))
		return R_FALSE;
	return r_debug_wait (dbg);
}
Exemplo n.º 14
0
/* 
 * Save 4096 bytes from %esp
 * TODO: Add support for reverse stack architectures
 * Also known as r_debug_inject()
 */
R_API ut64 r_debug_execute(RDebug *dbg, const ut8 *buf, int len, int restore) {
	int orig_sz;
	ut8 stackbackup[4096];
	ut8 *backup, *orig = NULL;
	RRegItem *ri, *risp, *ripc;
	ut64 rsp, rpc, ra0 = 0LL;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	ripc = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR);
	risp = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_SP], R_REG_TYPE_GPR);
	if (ripc) {
		r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
		orig = r_reg_get_bytes (dbg->reg, -1, &orig_sz);
		if (orig == NULL) {
			eprintf ("Cannot get register arena bytes\n");
			return 0LL;
		}
		rpc = r_reg_get_value (dbg->reg, ripc);
		rsp = r_reg_get_value (dbg->reg, risp);

		backup = malloc (len);
		if (backup == NULL) {
			free (orig);
			return 0LL;
		}
		dbg->iob.read_at (dbg->iob.io, rpc, backup, len);
		dbg->iob.read_at (dbg->iob.io, rsp, stackbackup, len);

		r_bp_add_sw (dbg->bp, rpc+len, dbg->bpsize, R_BP_PROT_EXEC);

		/* execute code here */
		dbg->iob.write_at (dbg->iob.io, rpc, buf, len);
	//r_bp_add_sw (dbg->bp, rpc+len, 4, R_BP_PROT_EXEC);
		r_debug_continue (dbg);
	//r_bp_del (dbg->bp, rpc+len);
		/* TODO: check if stopped in breakpoint or not */

		r_bp_del (dbg->bp, rpc+len);
		dbg->iob.write_at (dbg->iob.io, rpc, backup, len);
		if (restore) {
			dbg->iob.write_at (dbg->iob.io, rsp, stackbackup, len);
		}

		r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
		ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_A0], R_REG_TYPE_GPR);
		ra0 = r_reg_get_value (dbg->reg, ri);
		if (restore) {
			r_reg_set_bytes (dbg->reg, -1, orig, orig_sz);
		} else {
			r_reg_set_value (dbg->reg, ripc, rpc);
		}
		r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE);
		free (backup);
		free (orig);
		eprintf ("ra0=0x%08"PFMT64x"\n", ra0);
	} else eprintf ("r_debug_execute: Cannot get program counter\n");
	return (ra0);
}
Exemplo n.º 15
0
R_API int r_debug_step_hard(RDebug *dbg) {
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (!dbg->h->step (dbg))
		return R_FALSE;
	r_debug_wait (dbg);
	/* return value ignored? */
	return R_TRUE;
}
Exemplo n.º 16
0
R_API int r_debug_kill(RDebug *dbg, int pid, int tid, int sig) {
	int ret = R_FALSE;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg->h && dbg->h->kill)
		ret = dbg->h->kill (dbg, pid, tid, sig);
	else eprintf ("Backend does not implements kill()\n");
	return ret;
}
Exemplo n.º 17
0
R_API int r_debug_continue_until_optype(RDebug *dbg, int type, int over) {
	int ret, n = 0;
	ut64 pc, buf_pc = 0;
	RAnalOp op;
	ut8 buf[DBG_BUF_SIZE];

	if (r_debug_is_dead (dbg)) {
		return R_FALSE;
	}

	if (!dbg->anal || !dbg->reg) { 
		eprintf ("Undefined pointer at dbg->anal\n");
		return R_FALSE;
	}

	r_debug_step (dbg, 1);
	r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);

	// Initial refill
	buf_pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
	dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf));

	// step first, we dont want to check current optype
	for (;;) {
		r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
		pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
		// Try to keep the buffer full 
		if (pc - buf_pc > sizeof (buf)) { 
			buf_pc = pc;
			dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf));
		}
		// Analyze the opcode
		if (!r_anal_op (dbg->anal, &op, pc, buf + (pc - buf_pc), sizeof (buf) - (pc - buf_pc))) {
			eprintf ("Decode error at %"PFMT64x"\n", pc);
			return R_FALSE;
		}
		if (op.type == type) 
			break;
		// Step over and repeat
		ret = over ?
			r_debug_step_over (dbg, 1) :
			r_debug_step (dbg, 1);

		if (!ret) {
			eprintf ("r_debug_step: failed\n");
			break;
		}
		n++;
	}

	return n;
}
Exemplo n.º 18
0
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) {
	int i, size;
	if (!dbg || !dbg->reg || !dbg->h)
		return R_FALSE;

	// Theres no point in syncing a dead target
	if (r_debug_is_dead (dbg))
		return R_FALSE;

	// Check if the functions needed are available
	if (write && !dbg->h->reg_write)
		return R_FALSE;
	if (!write && !dbg->h->reg_read)
		return R_FALSE;

	// Sync all the types sequentially if asked
	i = (type == R_REG_TYPE_ALL) ? R_REG_TYPE_GPR : type;

	do {
		if (write) {
			ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size);
			if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) {
				if (i==0)
					eprintf ("r_debug_reg: error writing registers %d to %d\n", i, dbg->pid);
				return R_FALSE;
			}
		} else {
			//int bufsize = R_MAX (1024, dbg->reg->size*2); // i know. its hacky
			int bufsize = dbg->reg->size;
			ut8 *buf = malloc (bufsize);
			if (!buf) return R_FALSE;
			//we have already checked dbg->h and dbg->h->reg_read above
			size = dbg->h->reg_read (dbg, i, buf, bufsize);
			// we need to check against zero because reg_read can return R_FALSE
			if (!size) {
				eprintf ("r_debug_reg: error reading registers\n");
				free (buf);
				return R_FALSE;
			} else
				r_reg_set_bytes (dbg->reg, i, buf, R_MIN(size, bufsize));

			free (buf);
		}
		// DO NOT BREAK R_REG_TYPE_ALL PLEASE
		//   break;

		// Continue the syncronization or just stop if it was asked only for a single type of regs 
	} while ((type==R_REG_TYPE_ALL) && (i++ < R_REG_TYPE_LAST));
	return R_TRUE;
}
Exemplo n.º 19
0
R_API int r_debug_continue_syscalls(RDebug *dbg, int *sc, int n_sc) {
	int i, reg, ret = R_FALSE;
	if (!dbg || !dbg->h || r_debug_is_dead (dbg))
		return R_FALSE;
	if (!dbg->h->contsc) {
		/* user-level syscall tracing */
		r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0);
		return show_syscall (dbg, "a0");
	}

	if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) {
		eprintf ("--> cannot read registers\n");
		return -1;
	}
	{
		int err;
		reg = (int)r_debug_reg_get_err (dbg, "sn", &err);
		if (err) {
			eprintf ("Cannot find 'sn' register for current arch-os.\n");
			return -1;
		}
	}
	for (;;) {
		if (r_cons_singleton()->breaked)
			break;
#if __linux__
		// step is needed to avoid dupped contsc results
		r_debug_step (dbg, 1);
#endif
		dbg->h->contsc (dbg, dbg->pid, 0); // TODO handle return value
		// wait until continuation
		r_debug_wait (dbg);
		if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) {
			eprintf ("--> cannot sync regs, process is probably dead\n");
			return -1;
		}
		reg = show_syscall (dbg, "sn");
		if (n_sc == -1)
			continue;
		if (n_sc == 0) {
			break;
		}
		for (i=0; i<n_sc; i++) {
			if (sc[i] == reg)
				return reg;
		}
		// TODO: must use r_core_cmd(as)..import code from rcore
	}
	return ret;
}
Exemplo n.º 20
0
R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) {
// TODO: use breakpoint+continue... more efficient
	RRegItem *ripc = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR);
	int n = 0;
	ut64 pc = r_reg_get_value (dbg->reg, ripc);
	while (pc != addr && !r_debug_is_dead (dbg)) {
		r_debug_step (dbg, 1);
		// TODO: obey breakpoints too?
	/* TODO: check if the debugger stops at the right address */
		pc = r_reg_get_value (dbg->reg, ripc);
		n++;
	}
	return n;
}
Exemplo n.º 21
0
R_API int r_debug_continue_syscalls(RDebug *dbg, int *sc, int n_sc) {
	const char *sysname;
	int i, reg, ret = R_FALSE;
	if (!dbg || !dbg->h || r_debug_is_dead (dbg))
		return R_FALSE;
	if (!dbg->h->contsc) {
		/* user-level syscall tracing */
		r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0);
		reg = (int)r_debug_reg_get (dbg, "a0"); // XXX
		sysname = r_syscall_get_i (dbg->anal->syscall, reg, -1);
		if (!sysname) sysname = "unknown";
		eprintf ("--> syscall %d %s\n", reg, sysname);
		return reg;
	}

	if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) {
		eprintf ("--> cannot read registers\n");
		return -1;
	}
	reg = (int)r_debug_reg_get (dbg, "sn");
	if (reg == (int)UT64_MAX) {
		eprintf ("Cannot find 'sn' register for current arch-os.\n");
		return -1;
	}
	for (;;) {
		dbg->h->contsc (dbg, dbg->pid, 0); // TODO handle return value
		if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) {
			eprintf ("--> eol\n");
			return -1;
		}
		reg = (int)r_debug_reg_get (dbg, "sn");
		if (reg == (int)UT64_MAX)
			return -1;
		sysname = r_syscall_get_i (dbg->anal->syscall, reg, -1);
		if (!sysname) sysname = "unknown";
		eprintf ("--> syscall %d %s\n", reg, sysname);
		for (i=0; i<n_sc; i++) {
			if (sc[i] == reg)
				return reg;
		}
		// TODO: must use r_core_cmd(as)..import code from rcore
	}
	return ret;
}
Exemplo n.º 22
0
/* Returns PID */
R_API int r_debug_wait(RDebug *dbg) {
	int ret = 0;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg && dbg->h && dbg->h->wait) {
		dbg->reason = R_DBG_REASON_UNKNOWN;
		ret = dbg->h->wait (dbg, dbg->pid);
		dbg->reason = ret;
		dbg->newstate = 1;
		if (ret == -1) {
			eprintf ("\n==> Process finished\n\n");
			r_debug_select (dbg, -1, -1); //dbg->pid = -1;
		}
		//eprintf ("wait = %d\n", ret);
		if (dbg->trace->enabled)
			r_debug_trace_pc (dbg);
	}
	return ret;
}
Exemplo n.º 23
0
Arquivo: reg.c Projeto: futex/radare2 
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) {
	int i, size;

	if (!dbg || !dbg->reg || !dbg->h)
		return R_FALSE;

	// Theres no point in syncing a dead target
	if (r_debug_is_dead(dbg))
		return R_FALSE;

	// Check if the functions needed are available
	if (write && !dbg->h->reg_write)
		return R_FALSE;
	if (!write && !dbg->h->reg_read)
		return R_FALSE;

	// Sync all the types sequentially if asked
	i = (type == R_REG_TYPE_ALL) ? R_REG_TYPE_GPR : type;

	do {
		if (write) {
			ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size);
			if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) {
				eprintf ("r_debug_reg: error writing registers\n");
				return R_FALSE;
			}
		} else {
			// TODO : Get an exact size of the profile
			ut8 buf[2048];
			size = dbg->h->reg_read (dbg, i, buf, sizeof (buf));
			if (!size) {
				eprintf ("r_debug_reg: error reading registers\n");
				return R_FALSE;
			}
			r_reg_set_bytes (dbg->reg, i, buf, size);
		}
		// Continue the syncronization or just stop if it was asked only for a single type of regs 
	} while(i++ < R_REG_TYPE_LAST && type != R_REG_TYPE_ALL);

	return R_TRUE;
}
Exemplo n.º 24
0
R_API int r_debug_continue_kill(RDebug *dbg, int sig) {
	int ret = R_FALSE;
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg && dbg->h && dbg->h->cont) {
		r_bp_restore (dbg->bp, R_FALSE); // set sw breakpoints
		ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig);
		r_debug_wait (dbg);
		r_bp_restore (dbg->bp, R_TRUE); // unset sw breakpoints
		r_debug_recoil (dbg);
#if 0
#if __UNIX__
		/* XXX Uh? */
		if (dbg->stop_all_threads && dbg->pid>0)
			r_sandbox_kill (dbg->pid, SIGSTOP);
#endif
#endif
		r_debug_select (dbg, dbg->pid, ret);
	}
	return ret;
}
Exemplo n.º 25
0
R_API int r_debug_step(RDebug *dbg, int steps) {
	int i, ret;

	if (!dbg || !dbg->h)
		return R_FALSE;

	if (r_debug_is_dead (dbg))
		return R_FALSE;

	if (steps < 1)
		steps = 1;

	for (i = 0; i < steps; i++) {
		ret = dbg->swstep?
			r_debug_step_soft (dbg):
			r_debug_step_hard (dbg);
		if (!ret) {
			eprintf ("Stepping failed!\n");
			return R_FALSE;
		} else dbg->steps++;
	}

	return i;
}
Exemplo n.º 26
0
R_API int r_debug_continue_kill(RDebug *dbg, int sig) {
	ut64 pc;
	int retwait, ret = R_FALSE;
	if (!dbg)
		return R_FALSE;
#if __WINDOWS__
	r_cons_break(w32_break_process, dbg);
#endif
repeat:
	if (r_debug_is_dead (dbg))
		return R_FALSE;
	if (dbg->h && dbg->h->cont) {
		r_bp_restore (dbg->bp, R_TRUE); // set sw breakpoints
		ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig);
		dbg->reason.signum = 0;
		retwait = r_debug_wait (dbg);
#if __WINDOWS__
		if (retwait != R_DEBUG_REASON_DEAD) {
			ret = dbg->tid;
		}
#endif
		r_bp_restore (dbg->bp, R_FALSE); // unset sw breakpoints
		//r_debug_recoil (dbg);
		if (r_debug_recoil (dbg) || (dbg->reason.type == R_DEBUG_REASON_BREAKPOINT)) {
			/* check if cur bp demands tracing or not */
			pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
			RBreakpointItem *b = r_bp_get_at (dbg->bp, pc);
			if (b) {
				/* check if cur bp demands tracing or not */
				if (b->trace) {
					eprintf("hit tracepoit at: %"PFMT64x"\n",pc);
				} else {
					eprintf("hit breakpoint at: %"PFMT64x"\n",pc);
				}
				if (dbg->trace->enabled)
					r_debug_trace_pc (dbg);
				// TODO: delegate this to RCore.bphit(RCore, RBreakopintItem)
				if (dbg->corebind.core && dbg->corebind.bphit) {
					dbg->corebind.bphit (dbg->corebind.core, b);
				}
				if (b->trace) {
					r_debug_step (dbg, 1);
					goto repeat;
				}
			}
		}
#if 0
#if __UNIX__
		/* XXX Uh? */
		if (dbg->stop_all_threads && dbg->pid>0)
			r_sandbox_kill (dbg->pid, SIGSTOP);
#endif
#endif
		r_debug_select (dbg, dbg->pid, ret);
		sig = 0; // clear continuation after signal if needed
		if (retwait == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) {
			int what = r_debug_signal_what (dbg, dbg->reason.signum);
			if (what & R_DBG_SIGNAL_CONT) {
				sig = dbg->reason.signum;
				eprintf ("Continue into the signal %d handler\n", sig);
				goto repeat;
			} else if (what & R_DBG_SIGNAL_SKIP) {
				// skip signal. requires skipping one instruction
				ut8 buf[64];
				RAnalOp op = {0};
				ut64 pc = r_debug_reg_get (dbg, "pc");
				dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf));
				r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf));
				if (op.size>0) {
					const char *signame = r_debug_signal_resolve_i (dbg, dbg->reason.signum);
					r_debug_reg_set (dbg, "pc", pc+op.size);
					eprintf ("Skip signal %d handler %s\n",
						dbg->reason.signum, signame);
					goto repeat;
				} else  {
					ut64 pc = r_debug_reg_get (dbg, "pc");
					eprintf ("Stalled with an exception at 0x%08"PFMT64x"\n", pc);
				}
			}
		}
	}
	return ret;
}
Exemplo n.º 27
0
R_API int r_debug_step_over(RDebug *dbg, int steps) {
	RAnalOp op;
	ut64 buf_pc, pc;
	ut8 buf[DBG_BUF_SIZE];
	int i;

	if (r_debug_is_dead (dbg))
		return R_FALSE;

	if (steps < 1)
		steps = 1;

	if (dbg->h && dbg->h->step_over) {
		for (i = 0; i < steps; i++)
			if (!dbg->h->step_over (dbg))
				return R_FALSE;
		return i;
	}

	if (!dbg->anal || !dbg->reg)
		return R_FALSE;

	// Initial refill
	buf_pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
	dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf));

	for (i = 0; i < steps; i++) {
		pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
		// Try to keep the buffer full 
		if (pc - buf_pc > sizeof (buf)) { 
			buf_pc = pc;
			dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf));
		}
		// Analyze the opcode
		if (!r_anal_op (dbg->anal, &op, pc, buf + (pc - buf_pc), sizeof (buf) - (pc - buf_pc))) {
			eprintf ("Decode error at %"PFMT64x"\n", pc);
			return R_FALSE;
		}

		// Skip over all the subroutine calls
		if (op.type == R_ANAL_OP_TYPE_CALL  ||
			op.type == R_ANAL_OP_TYPE_CCALL ||
			op.type == R_ANAL_OP_TYPE_UCALL ||
			op.type == R_ANAL_OP_TYPE_UCCALL) {

			// Use op.fail here instead of pc+op.size to enforce anal backends to fill in this field
			if (!r_debug_continue_until (dbg, op.fail)) {
				eprintf ("Could not step over call @ 0x%"PFMT64x"\n", pc);
				return R_FALSE;
			}
		} else if ((op.prefix & (R_ANAL_OP_PREFIX_REP | R_ANAL_OP_PREFIX_REPNE | R_ANAL_OP_PREFIX_LOCK))) {
			//eprintf ("REP: skip to next instruction...\n");
			if (!r_debug_continue_until (dbg, pc+op.size)) {
				eprintf ("step over failed over rep\n");
				return R_FALSE;
			}
		} else r_debug_step (dbg, 1);
	}

	return i;
}
Exemplo n.º 28
0
R_API int r_debug_step_soft(RDebug *dbg) {
	ut8 buf[32];
	ut64 pc, sp;
	ut64 next[2];
	RAnalOp op;
	int br, i, ret;
	union {
		ut64 r64;
		ut32 r32[2];
	} sp_top;

	if (r_debug_is_dead (dbg))
		return R_FALSE;

	pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
	sp = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_SP]);

	if (dbg->iob.read_at) {
		if (dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)) < 0)
			return R_FALSE;
	} else return R_FALSE;

	if (!r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf)))
		return R_FALSE;

	if (op.type == R_ANAL_OP_TYPE_ILL)
		return R_FALSE;

	switch (op.type) {
	case R_ANAL_OP_TYPE_RET:
		dbg->iob.read_at (dbg->iob.io, sp, (ut8 *)&sp_top, 8);
		next[0] = (dbg->bits == R_SYS_BITS_32) ? sp_top.r32[0] : sp_top.r64;
		br = 1;
		break;

	case R_ANAL_OP_TYPE_CJMP:
	case R_ANAL_OP_TYPE_CCALL:
		next[0] = op.jump;
		next[1] = op.fail;
		br = 2;
		break;

	case R_ANAL_OP_TYPE_CALL:
	case R_ANAL_OP_TYPE_JMP:
		next[0] = op.jump;
		br = 1;
		break;

	default:
		next[0] = op.addr + op.size;
		br = 1;
		break;
	}

	for (i = 0; i < br; i++)
		r_bp_add_sw (dbg->bp, next[i], dbg->bpsize, R_BP_PROT_EXEC);

	ret = r_debug_continue (dbg);

	for (i = 0; i < br; i++)
		r_bp_del (dbg->bp, next[i]);

	return ret;
}
Exemplo n.º 29
0
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) {
	int i, n, size;
	if (!dbg || !dbg->reg || !dbg->h) {
		return false;
	}
	// Theres no point in syncing a dead target
	if (r_debug_is_dead (dbg)) {
		return false;
	}
	// Check if the functions needed are available
	if (write && !dbg->h->reg_write) {
		return false;
	}
	if (!write && !dbg->h->reg_read) {
		return false;
	}
	// Sync all the types sequentially if asked
	i = (type == R_REG_TYPE_ALL)? R_REG_TYPE_GPR: type;
	// Check to get the correct arena when using @ into reg profile (arena!=type)
	// if request type is positive and the request regset dont have regs
	if (i >= R_REG_TYPE_GPR && dbg->reg->regset[i].regs && !dbg->reg->regset[i].regs->length) {
		// seek into the other arena for redirections.
		for (n = R_REG_TYPE_GPR; n < R_REG_TYPE_LAST; n++) {
			// get regset mask
			int mask = dbg->reg->regset[n].maskregstype;
			// convert request arena to mask value
			int v = ((int)1 << i);
			// skip checks on same request arena and check if this arena have inside the request arena type
			if (n != i && (mask & v)) {
				//eprintf(" req = %i arena = %i mask = %x search = %x \n", i, n, mask, v);
				//eprintf(" request arena %i found at arena %i\n", i, n );
				// if this arena have the request arena type, force to use this arena.
				i = n;
				break;
			}
		}
	}
	do {
		if (write) {
			ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size);
			if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) {
				if (!i) {
					eprintf ("r_debug_reg: error writing "
						"registers %d to %d\n", i, dbg->tid);
				}
				free (buf);
				return false;
			}
			free (buf);
		} else {
			// int bufsize = R_MAX (1024, dbg->reg->size*2); // i know. its hacky
			int bufsize = dbg->reg->size;
			//int bufsize = dbg->reg->regset[i].arena->size;
			if (bufsize > 0) {
				ut8 *buf = calloc (1 + 1, bufsize);
				if (!buf) {
					return false;
				}
				//we have already checked dbg->h and dbg->h->reg_read above
				size = dbg->h->reg_read (dbg, i, buf, bufsize);
				// we need to check against zero because reg_read can return false
				if (size > 0) {
					r_reg_set_bytes (dbg->reg, i, buf, size); //R_MIN (size, bufsize));
			//		free (buf);
			//		return true;
				}
				free (buf);
			}
		}
		// DO NOT BREAK R_REG_TYPE_ALL PLEASE
		//   break;
		// Continue the syncronization or just stop if it was asked only for a single type of regs
		i++;
	} while ((type == R_REG_TYPE_ALL) && (i < R_REG_TYPE_LAST));
	return true;
}