R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) { int has_bp; ut64 pc; if (r_debug_is_dead (dbg)) return R_FALSE; // Check if there was another breakpoint set at addr has_bp = r_bp_get_in (dbg->bp, addr, R_BP_PROT_EXEC) != NULL; if (!has_bp) r_bp_add_sw (dbg->bp, addr, dbg->bpsize, R_BP_PROT_EXEC); // Continue until the bp is reached for (;;) { if (r_debug_is_dead (dbg)) break; pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); if (pc == addr) break; if (r_bp_get_at (dbg->bp, pc)) break; r_debug_continue (dbg); } // Clean up if needed if (!has_bp) r_bp_del (dbg->bp, addr); return R_TRUE; }
// XXX: this function uses 'oeax' which is linux-i386-specific R_API int r_debug_continue_syscall(struct r_debug_t *dbg, int sc) { int reg, ret = R_FALSE; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg && dbg->h) { if (dbg->h->contsc) { do { ret = dbg->h->contsc (dbg, dbg->pid, sc); if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) { eprintf ("--> eol\n"); sc = 0; break; } reg = (int)r_debug_reg_get (dbg, "oeax"); // XXX eprintf ("--> syscall %d\n", reg); if (reg == 0LL) break; // TODO: must use r_core_cmd(as)..import code from rcore } while (sc != 0 && sc != reg); } else { r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0); reg = (int)r_debug_reg_get (dbg, "oeax"); // XXX eprintf ("--> syscall %d\n", reg); } } return ret; }
R_API int r_debug_step_hard(RDebug *dbg) { if (r_debug_is_dead (dbg)) return R_FALSE; if (!dbg->h->step (dbg)) return R_FALSE; return r_debug_wait (dbg); }
/* Returns PID */ R_API int r_debug_wait(RDebug *dbg) { int ret = 0; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg && dbg->h && dbg->h->wait) { dbg->reason = R_DBG_REASON_UNKNOWN; ret = dbg->h->wait (dbg, dbg->pid); dbg->reason = ret; dbg->newstate = 1; if (ret == -1) { eprintf ("\n==> Process finished\n\n"); r_debug_select (dbg, -1, -1); } //eprintf ("wait = %d\n", ret); if (dbg->trace->enabled) r_debug_trace_pc (dbg); if (ret == R_DBG_REASON_SIGNAL && dbg->signum != -1) { /* handle signal on continuations here */ int what = r_debug_signal_what (dbg, dbg->signum); const char *name = r_debug_signal_resolve_i (dbg, dbg->signum); if (strcmp ("SIGTRAP", name)) r_cons_printf ("[+] signal %d aka %s received\n", dbg->signum, name); if (what & R_DBG_SIGNAL_SKIP) { dbg->signum = 0; // TODO: use ptrace-setsiginfo to ignore signal } if (what & R_DBG_SIGNAL_CONT) { // XXX: support step, steptrace, continue_until_foo, etc.. r_debug_continue (dbg); } } } return ret; }
/* Returns PID */ R_API int r_debug_wait(RDebug *dbg) { int ret = 0; if (!dbg) return R_FALSE; dbg->reason.type = R_DEBUG_REASON_UNKNOWN; if (r_debug_is_dead (dbg)) { return dbg->reason.type = R_DEBUG_REASON_DEAD; } if (dbg->h && dbg->h->wait) { dbg->reason.type = R_DEBUG_REASON_UNKNOWN; ret = dbg->h->wait (dbg, dbg->pid); dbg->newstate = 1; if (ret == -1) { eprintf ("\n==> Process finished\n\n"); r_debug_select (dbg, -1, -1); } //eprintf ("wait = %d\n", ret); if (dbg->trace->enabled) r_debug_trace_pc (dbg); if (ret == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) { /* handle signal on continuations here */ int what = r_debug_signal_what (dbg, dbg->reason.signum); const char *name = r_debug_signal_resolve_i (dbg, dbg->reason.signum); if (name && strcmp ("SIGTRAP", name)) r_cons_printf ("[+] signal %d aka %s received %d\n", dbg->reason.signum, name, what); } } return ret; }
/* restore program counter after breakpoint hit */ static int r_debug_recoil(RDebug *dbg) { int recoil; RRegItem *ri; if (r_debug_is_dead (dbg)) return R_FALSE; r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1); dbg->reason.bpi = NULL; if (ri) { ut64 addr = r_reg_get_value (dbg->reg, ri); recoil = r_bp_recoil (dbg->bp, addr); //eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil); #if __arm__ if (recoil<1) recoil = 0; // XXX Hack :D #else if (recoil<1) recoil = 0; //1; // XXX Hack :D (x86 only?) #endif if (recoil) { dbg->reason.type = R_DEBUG_REASON_BREAKPOINT; dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil); dbg->reason.addr = addr - recoil; r_reg_set_value (dbg->reg, ri, addr-recoil); if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) { eprintf ("r_debug_recoil: Cannot set program counter\n"); return R_FALSE; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE); //eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil)); return R_TRUE; } } else eprintf ("r_debug_recoil: Cannot get program counter\n"); return R_FALSE; }
/* optimization: avoid so many reads */ R_API int r_debug_continue_until_optype(RDebug *dbg, int type, int over) { int (*step)(RDebug *d, int n); int ret, n = 0; ut64 pc = 0; RAnalOp op; ut8 buf[64]; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg->anal && dbg->reg) { const char *pcreg = dbg->reg->name[R_REG_NAME_PC]; step = over? r_debug_step_over: r_debug_step; for (;;) { pc = r_debug_reg_get (dbg, pcreg); dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)); ret = r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf)); if (ret>0 && op.type&type) break; if (!step (dbg, 1)) { eprintf ("r_debug_step: failed\n"); break; } n++; } } else eprintf ("Undefined pointer at dbg->anal\n"); return n; }
R_API int r_debug_step_over(RDebug *dbg, int steps) { RAnalOp op; ut8 buf[64]; int ret = -1; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg->h && dbg->h->step_over) { if (steps<1) steps = 1; while (steps--) if (!dbg->h->step_over (dbg)) return R_FALSE; return R_TRUE; } if (dbg->anal && dbg->reg) { ut64 pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)); r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf)); if (op.type & R_ANAL_OP_TYPE_CALL || op.type & R_ANAL_OP_TYPE_UCALL) { ut64 bpaddr = pc + op.length; r_bp_add_sw (dbg->bp, bpaddr, 1, R_BP_PROT_EXEC); ret = r_debug_continue (dbg); r_bp_del (dbg->bp, bpaddr); } else { ret = r_debug_step (dbg, 1); } } else eprintf ("Undefined debugger backend\n"); return ret; }
// XXX: very experimental R_API int r_debug_step_soft(RDebug *dbg) { int ret; ut8 buf[32]; RAnalOp op; ut64 pc0, pc1, pc2; if (r_debug_is_dead (dbg)) return R_FALSE; pc0 = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); dbg->iob.read_at (dbg->iob.io, pc0, buf, sizeof (buf)); ret = r_anal_op (dbg->anal, &op, pc0, buf, sizeof (buf)); //eprintf ("read from pc0 = 0x%llx\n", pc0); pc1 = pc0 + op.length; //eprintf ("oplen = %d\n", op.length); //eprintf ("breakpoint at pc1 = 0x%llx\n", pc1); // XXX: Does not works for 'ret' pc2 = op.jump? op.jump: 0; //eprintf ("ADD SECOND BREAKPOINT FRO CALLS %llx\n", op.jump); //eprintf ("breakpoint 2 at pc2 = 0x%llx\n", pc2); r_bp_add_sw (dbg->bp, pc1, 4, R_BP_PROT_EXEC); if (pc2) r_bp_add_sw (dbg->bp, pc2, 4, R_BP_PROT_EXEC); r_debug_continue (dbg); //eprintf ("wait\n"); //r_debug_wait (dbg); //eprintf ("del\n"); r_bp_del (dbg->bp, pc1); if (pc2) r_bp_del (dbg->bp, pc2); return ret; }
R_API int r_debug_step(RDebug *dbg, int steps) { int i, ret; if (!dbg || !dbg->h) return R_FALSE; dbg->reason.type = R_DEBUG_REASON_STEP; if (r_debug_is_dead (dbg)) { return R_FALSE; } if (steps < 1) steps = 1; for (i = 0; i < steps; i++) { ret = dbg->swstep? r_debug_step_soft (dbg): r_debug_step_hard (dbg); if (!ret) { eprintf ("Stepping failed!\n"); return R_FALSE; } else { dbg->steps++; dbg->reason.type = R_DEBUG_REASON_STEP; //dbg->reason.addr = } } return i; }
/* restore program counter after breakpoint hit */ static int r_debug_recoil(RDebug *dbg) { int recoil; RRegItem *ri; if (r_debug_is_dead (dbg)) { return false; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false); ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1); dbg->reason.bpi = NULL; if (ri) { ut64 addr = r_reg_get_value (dbg->reg, ri); recoil = r_bp_recoil (dbg->bp, addr - dbg->bpsize); //eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil); if (recoil < 1) recoil = 0; // XXX Hack :D if (recoil) { dbg->in_recoil = true; dbg->reason.type = R_DEBUG_REASON_BREAKPOINT; dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil); dbg->reason.addr = addr - recoil; r_reg_set_value (dbg->reg, ri, addr-recoil); if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) { eprintf ("r_debug_recoil: Cannot set program counter\n"); return false; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true); //eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil)); return true; } } else { eprintf ("r_debug_recoil: Cannot get program counter\n"); } return false; }
R_API int r_debug_continue_until(struct r_debug_t *dbg, ut64 addr) { // TODO: use breakpoint+continue... more efficient int n = 0; ut64 pc = 0; if (r_debug_is_dead (dbg)) return R_FALSE; do { if (pc !=0) r_debug_step (dbg, 1); n++; } while (pc != addr && !r_debug_is_dead (dbg)); return n; //struct r_debug_bp_t *bp = r_debug_bp_add (dbg, addr); //int ret = r_debug_continue(dbg); /* TODO: check if the debugger stops at the right address */ //r_debug_bp_del(dbg, bp); //return -1; }
R_API int r_debug_step_hard(RDebug *dbg) { dbg->reason.type = R_DEBUG_REASON_STEP; if (r_debug_is_dead (dbg)) return R_FALSE; if (!dbg->h->step (dbg)) return R_FALSE; return r_debug_wait (dbg); }
/* * Save 4096 bytes from %esp * TODO: Add support for reverse stack architectures * Also known as r_debug_inject() */ R_API ut64 r_debug_execute(RDebug *dbg, const ut8 *buf, int len, int restore) { int orig_sz; ut8 stackbackup[4096]; ut8 *backup, *orig = NULL; RRegItem *ri, *risp, *ripc; ut64 rsp, rpc, ra0 = 0LL; if (r_debug_is_dead (dbg)) return R_FALSE; ripc = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR); risp = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_SP], R_REG_TYPE_GPR); if (ripc) { r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); orig = r_reg_get_bytes (dbg->reg, -1, &orig_sz); if (orig == NULL) { eprintf ("Cannot get register arena bytes\n"); return 0LL; } rpc = r_reg_get_value (dbg->reg, ripc); rsp = r_reg_get_value (dbg->reg, risp); backup = malloc (len); if (backup == NULL) { free (orig); return 0LL; } dbg->iob.read_at (dbg->iob.io, rpc, backup, len); dbg->iob.read_at (dbg->iob.io, rsp, stackbackup, len); r_bp_add_sw (dbg->bp, rpc+len, dbg->bpsize, R_BP_PROT_EXEC); /* execute code here */ dbg->iob.write_at (dbg->iob.io, rpc, buf, len); //r_bp_add_sw (dbg->bp, rpc+len, 4, R_BP_PROT_EXEC); r_debug_continue (dbg); //r_bp_del (dbg->bp, rpc+len); /* TODO: check if stopped in breakpoint or not */ r_bp_del (dbg->bp, rpc+len); dbg->iob.write_at (dbg->iob.io, rpc, backup, len); if (restore) { dbg->iob.write_at (dbg->iob.io, rsp, stackbackup, len); } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_A0], R_REG_TYPE_GPR); ra0 = r_reg_get_value (dbg->reg, ri); if (restore) { r_reg_set_bytes (dbg->reg, -1, orig, orig_sz); } else { r_reg_set_value (dbg->reg, ripc, rpc); } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE); free (backup); free (orig); eprintf ("ra0=0x%08"PFMT64x"\n", ra0); } else eprintf ("r_debug_execute: Cannot get program counter\n"); return (ra0); }
R_API int r_debug_step_hard(RDebug *dbg) { if (r_debug_is_dead (dbg)) return R_FALSE; if (!dbg->h->step (dbg)) return R_FALSE; r_debug_wait (dbg); /* return value ignored? */ return R_TRUE; }
R_API int r_debug_kill(RDebug *dbg, int pid, int tid, int sig) { int ret = R_FALSE; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg->h && dbg->h->kill) ret = dbg->h->kill (dbg, pid, tid, sig); else eprintf ("Backend does not implements kill()\n"); return ret; }
R_API int r_debug_continue_until_optype(RDebug *dbg, int type, int over) { int ret, n = 0; ut64 pc, buf_pc = 0; RAnalOp op; ut8 buf[DBG_BUF_SIZE]; if (r_debug_is_dead (dbg)) { return R_FALSE; } if (!dbg->anal || !dbg->reg) { eprintf ("Undefined pointer at dbg->anal\n"); return R_FALSE; } r_debug_step (dbg, 1); r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); // Initial refill buf_pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf)); // step first, we dont want to check current optype for (;;) { r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); // Try to keep the buffer full if (pc - buf_pc > sizeof (buf)) { buf_pc = pc; dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf)); } // Analyze the opcode if (!r_anal_op (dbg->anal, &op, pc, buf + (pc - buf_pc), sizeof (buf) - (pc - buf_pc))) { eprintf ("Decode error at %"PFMT64x"\n", pc); return R_FALSE; } if (op.type == type) break; // Step over and repeat ret = over ? r_debug_step_over (dbg, 1) : r_debug_step (dbg, 1); if (!ret) { eprintf ("r_debug_step: failed\n"); break; } n++; } return n; }
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) { int i, size; if (!dbg || !dbg->reg || !dbg->h) return R_FALSE; // Theres no point in syncing a dead target if (r_debug_is_dead (dbg)) return R_FALSE; // Check if the functions needed are available if (write && !dbg->h->reg_write) return R_FALSE; if (!write && !dbg->h->reg_read) return R_FALSE; // Sync all the types sequentially if asked i = (type == R_REG_TYPE_ALL) ? R_REG_TYPE_GPR : type; do { if (write) { ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size); if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) { if (i==0) eprintf ("r_debug_reg: error writing registers %d to %d\n", i, dbg->pid); return R_FALSE; } } else { //int bufsize = R_MAX (1024, dbg->reg->size*2); // i know. its hacky int bufsize = dbg->reg->size; ut8 *buf = malloc (bufsize); if (!buf) return R_FALSE; //we have already checked dbg->h and dbg->h->reg_read above size = dbg->h->reg_read (dbg, i, buf, bufsize); // we need to check against zero because reg_read can return R_FALSE if (!size) { eprintf ("r_debug_reg: error reading registers\n"); free (buf); return R_FALSE; } else r_reg_set_bytes (dbg->reg, i, buf, R_MIN(size, bufsize)); free (buf); } // DO NOT BREAK R_REG_TYPE_ALL PLEASE // break; // Continue the syncronization or just stop if it was asked only for a single type of regs } while ((type==R_REG_TYPE_ALL) && (i++ < R_REG_TYPE_LAST)); return R_TRUE; }
R_API int r_debug_continue_syscalls(RDebug *dbg, int *sc, int n_sc) { int i, reg, ret = R_FALSE; if (!dbg || !dbg->h || r_debug_is_dead (dbg)) return R_FALSE; if (!dbg->h->contsc) { /* user-level syscall tracing */ r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0); return show_syscall (dbg, "a0"); } if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) { eprintf ("--> cannot read registers\n"); return -1; } { int err; reg = (int)r_debug_reg_get_err (dbg, "sn", &err); if (err) { eprintf ("Cannot find 'sn' register for current arch-os.\n"); return -1; } } for (;;) { if (r_cons_singleton()->breaked) break; #if __linux__ // step is needed to avoid dupped contsc results r_debug_step (dbg, 1); #endif dbg->h->contsc (dbg, dbg->pid, 0); // TODO handle return value // wait until continuation r_debug_wait (dbg); if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) { eprintf ("--> cannot sync regs, process is probably dead\n"); return -1; } reg = show_syscall (dbg, "sn"); if (n_sc == -1) continue; if (n_sc == 0) { break; } for (i=0; i<n_sc; i++) { if (sc[i] == reg) return reg; } // TODO: must use r_core_cmd(as)..import code from rcore } return ret; }
R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) { // TODO: use breakpoint+continue... more efficient RRegItem *ripc = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], R_REG_TYPE_GPR); int n = 0; ut64 pc = r_reg_get_value (dbg->reg, ripc); while (pc != addr && !r_debug_is_dead (dbg)) { r_debug_step (dbg, 1); // TODO: obey breakpoints too? /* TODO: check if the debugger stops at the right address */ pc = r_reg_get_value (dbg->reg, ripc); n++; } return n; }
R_API int r_debug_continue_syscalls(RDebug *dbg, int *sc, int n_sc) { const char *sysname; int i, reg, ret = R_FALSE; if (!dbg || !dbg->h || r_debug_is_dead (dbg)) return R_FALSE; if (!dbg->h->contsc) { /* user-level syscall tracing */ r_debug_continue_until_optype (dbg, R_ANAL_OP_TYPE_SWI, 0); reg = (int)r_debug_reg_get (dbg, "a0"); // XXX sysname = r_syscall_get_i (dbg->anal->syscall, reg, -1); if (!sysname) sysname = "unknown"; eprintf ("--> syscall %d %s\n", reg, sysname); return reg; } if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) { eprintf ("--> cannot read registers\n"); return -1; } reg = (int)r_debug_reg_get (dbg, "sn"); if (reg == (int)UT64_MAX) { eprintf ("Cannot find 'sn' register for current arch-os.\n"); return -1; } for (;;) { dbg->h->contsc (dbg, dbg->pid, 0); // TODO handle return value if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE)) { eprintf ("--> eol\n"); return -1; } reg = (int)r_debug_reg_get (dbg, "sn"); if (reg == (int)UT64_MAX) return -1; sysname = r_syscall_get_i (dbg->anal->syscall, reg, -1); if (!sysname) sysname = "unknown"; eprintf ("--> syscall %d %s\n", reg, sysname); for (i=0; i<n_sc; i++) { if (sc[i] == reg) return reg; } // TODO: must use r_core_cmd(as)..import code from rcore } return ret; }
/* Returns PID */ R_API int r_debug_wait(RDebug *dbg) { int ret = 0; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg && dbg->h && dbg->h->wait) { dbg->reason = R_DBG_REASON_UNKNOWN; ret = dbg->h->wait (dbg, dbg->pid); dbg->reason = ret; dbg->newstate = 1; if (ret == -1) { eprintf ("\n==> Process finished\n\n"); r_debug_select (dbg, -1, -1); //dbg->pid = -1; } //eprintf ("wait = %d\n", ret); if (dbg->trace->enabled) r_debug_trace_pc (dbg); } return ret; }
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) { int i, size; if (!dbg || !dbg->reg || !dbg->h) return R_FALSE; // Theres no point in syncing a dead target if (r_debug_is_dead(dbg)) return R_FALSE; // Check if the functions needed are available if (write && !dbg->h->reg_write) return R_FALSE; if (!write && !dbg->h->reg_read) return R_FALSE; // Sync all the types sequentially if asked i = (type == R_REG_TYPE_ALL) ? R_REG_TYPE_GPR : type; do { if (write) { ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size); if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) { eprintf ("r_debug_reg: error writing registers\n"); return R_FALSE; } } else { // TODO : Get an exact size of the profile ut8 buf[2048]; size = dbg->h->reg_read (dbg, i, buf, sizeof (buf)); if (!size) { eprintf ("r_debug_reg: error reading registers\n"); return R_FALSE; } r_reg_set_bytes (dbg->reg, i, buf, size); } // Continue the syncronization or just stop if it was asked only for a single type of regs } while(i++ < R_REG_TYPE_LAST && type != R_REG_TYPE_ALL); return R_TRUE; }
R_API int r_debug_continue_kill(RDebug *dbg, int sig) { int ret = R_FALSE; if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg && dbg->h && dbg->h->cont) { r_bp_restore (dbg->bp, R_FALSE); // set sw breakpoints ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig); r_debug_wait (dbg); r_bp_restore (dbg->bp, R_TRUE); // unset sw breakpoints r_debug_recoil (dbg); #if 0 #if __UNIX__ /* XXX Uh? */ if (dbg->stop_all_threads && dbg->pid>0) r_sandbox_kill (dbg->pid, SIGSTOP); #endif #endif r_debug_select (dbg, dbg->pid, ret); } return ret; }
R_API int r_debug_step(RDebug *dbg, int steps) { int i, ret; if (!dbg || !dbg->h) return R_FALSE; if (r_debug_is_dead (dbg)) return R_FALSE; if (steps < 1) steps = 1; for (i = 0; i < steps; i++) { ret = dbg->swstep? r_debug_step_soft (dbg): r_debug_step_hard (dbg); if (!ret) { eprintf ("Stepping failed!\n"); return R_FALSE; } else dbg->steps++; } return i; }
R_API int r_debug_continue_kill(RDebug *dbg, int sig) { ut64 pc; int retwait, ret = R_FALSE; if (!dbg) return R_FALSE; #if __WINDOWS__ r_cons_break(w32_break_process, dbg); #endif repeat: if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg->h && dbg->h->cont) { r_bp_restore (dbg->bp, R_TRUE); // set sw breakpoints ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig); dbg->reason.signum = 0; retwait = r_debug_wait (dbg); #if __WINDOWS__ if (retwait != R_DEBUG_REASON_DEAD) { ret = dbg->tid; } #endif r_bp_restore (dbg->bp, R_FALSE); // unset sw breakpoints //r_debug_recoil (dbg); if (r_debug_recoil (dbg) || (dbg->reason.type == R_DEBUG_REASON_BREAKPOINT)) { /* check if cur bp demands tracing or not */ pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); RBreakpointItem *b = r_bp_get_at (dbg->bp, pc); if (b) { /* check if cur bp demands tracing or not */ if (b->trace) { eprintf("hit tracepoit at: %"PFMT64x"\n",pc); } else { eprintf("hit breakpoint at: %"PFMT64x"\n",pc); } if (dbg->trace->enabled) r_debug_trace_pc (dbg); // TODO: delegate this to RCore.bphit(RCore, RBreakopintItem) if (dbg->corebind.core && dbg->corebind.bphit) { dbg->corebind.bphit (dbg->corebind.core, b); } if (b->trace) { r_debug_step (dbg, 1); goto repeat; } } } #if 0 #if __UNIX__ /* XXX Uh? */ if (dbg->stop_all_threads && dbg->pid>0) r_sandbox_kill (dbg->pid, SIGSTOP); #endif #endif r_debug_select (dbg, dbg->pid, ret); sig = 0; // clear continuation after signal if needed if (retwait == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) { int what = r_debug_signal_what (dbg, dbg->reason.signum); if (what & R_DBG_SIGNAL_CONT) { sig = dbg->reason.signum; eprintf ("Continue into the signal %d handler\n", sig); goto repeat; } else if (what & R_DBG_SIGNAL_SKIP) { // skip signal. requires skipping one instruction ut8 buf[64]; RAnalOp op = {0}; ut64 pc = r_debug_reg_get (dbg, "pc"); dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)); r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf)); if (op.size>0) { const char *signame = r_debug_signal_resolve_i (dbg, dbg->reason.signum); r_debug_reg_set (dbg, "pc", pc+op.size); eprintf ("Skip signal %d handler %s\n", dbg->reason.signum, signame); goto repeat; } else { ut64 pc = r_debug_reg_get (dbg, "pc"); eprintf ("Stalled with an exception at 0x%08"PFMT64x"\n", pc); } } } } return ret; }
R_API int r_debug_step_over(RDebug *dbg, int steps) { RAnalOp op; ut64 buf_pc, pc; ut8 buf[DBG_BUF_SIZE]; int i; if (r_debug_is_dead (dbg)) return R_FALSE; if (steps < 1) steps = 1; if (dbg->h && dbg->h->step_over) { for (i = 0; i < steps; i++) if (!dbg->h->step_over (dbg)) return R_FALSE; return i; } if (!dbg->anal || !dbg->reg) return R_FALSE; // Initial refill buf_pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf)); for (i = 0; i < steps; i++) { pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); // Try to keep the buffer full if (pc - buf_pc > sizeof (buf)) { buf_pc = pc; dbg->iob.read_at (dbg->iob.io, buf_pc, buf, sizeof (buf)); } // Analyze the opcode if (!r_anal_op (dbg->anal, &op, pc, buf + (pc - buf_pc), sizeof (buf) - (pc - buf_pc))) { eprintf ("Decode error at %"PFMT64x"\n", pc); return R_FALSE; } // Skip over all the subroutine calls if (op.type == R_ANAL_OP_TYPE_CALL || op.type == R_ANAL_OP_TYPE_CCALL || op.type == R_ANAL_OP_TYPE_UCALL || op.type == R_ANAL_OP_TYPE_UCCALL) { // Use op.fail here instead of pc+op.size to enforce anal backends to fill in this field if (!r_debug_continue_until (dbg, op.fail)) { eprintf ("Could not step over call @ 0x%"PFMT64x"\n", pc); return R_FALSE; } } else if ((op.prefix & (R_ANAL_OP_PREFIX_REP | R_ANAL_OP_PREFIX_REPNE | R_ANAL_OP_PREFIX_LOCK))) { //eprintf ("REP: skip to next instruction...\n"); if (!r_debug_continue_until (dbg, pc+op.size)) { eprintf ("step over failed over rep\n"); return R_FALSE; } } else r_debug_step (dbg, 1); } return i; }
R_API int r_debug_step_soft(RDebug *dbg) { ut8 buf[32]; ut64 pc, sp; ut64 next[2]; RAnalOp op; int br, i, ret; union { ut64 r64; ut32 r32[2]; } sp_top; if (r_debug_is_dead (dbg)) return R_FALSE; pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); sp = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_SP]); if (dbg->iob.read_at) { if (dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)) < 0) return R_FALSE; } else return R_FALSE; if (!r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf))) return R_FALSE; if (op.type == R_ANAL_OP_TYPE_ILL) return R_FALSE; switch (op.type) { case R_ANAL_OP_TYPE_RET: dbg->iob.read_at (dbg->iob.io, sp, (ut8 *)&sp_top, 8); next[0] = (dbg->bits == R_SYS_BITS_32) ? sp_top.r32[0] : sp_top.r64; br = 1; break; case R_ANAL_OP_TYPE_CJMP: case R_ANAL_OP_TYPE_CCALL: next[0] = op.jump; next[1] = op.fail; br = 2; break; case R_ANAL_OP_TYPE_CALL: case R_ANAL_OP_TYPE_JMP: next[0] = op.jump; br = 1; break; default: next[0] = op.addr + op.size; br = 1; break; } for (i = 0; i < br; i++) r_bp_add_sw (dbg->bp, next[i], dbg->bpsize, R_BP_PROT_EXEC); ret = r_debug_continue (dbg); for (i = 0; i < br; i++) r_bp_del (dbg->bp, next[i]); return ret; }
R_API int r_debug_reg_sync(RDebug *dbg, int type, int write) { int i, n, size; if (!dbg || !dbg->reg || !dbg->h) { return false; } // Theres no point in syncing a dead target if (r_debug_is_dead (dbg)) { return false; } // Check if the functions needed are available if (write && !dbg->h->reg_write) { return false; } if (!write && !dbg->h->reg_read) { return false; } // Sync all the types sequentially if asked i = (type == R_REG_TYPE_ALL)? R_REG_TYPE_GPR: type; // Check to get the correct arena when using @ into reg profile (arena!=type) // if request type is positive and the request regset dont have regs if (i >= R_REG_TYPE_GPR && dbg->reg->regset[i].regs && !dbg->reg->regset[i].regs->length) { // seek into the other arena for redirections. for (n = R_REG_TYPE_GPR; n < R_REG_TYPE_LAST; n++) { // get regset mask int mask = dbg->reg->regset[n].maskregstype; // convert request arena to mask value int v = ((int)1 << i); // skip checks on same request arena and check if this arena have inside the request arena type if (n != i && (mask & v)) { //eprintf(" req = %i arena = %i mask = %x search = %x \n", i, n, mask, v); //eprintf(" request arena %i found at arena %i\n", i, n ); // if this arena have the request arena type, force to use this arena. i = n; break; } } } do { if (write) { ut8 *buf = r_reg_get_bytes (dbg->reg, i, &size); if (!buf || !dbg->h->reg_write (dbg, i, buf, size)) { if (!i) { eprintf ("r_debug_reg: error writing " "registers %d to %d\n", i, dbg->tid); } free (buf); return false; } free (buf); } else { // int bufsize = R_MAX (1024, dbg->reg->size*2); // i know. its hacky int bufsize = dbg->reg->size; //int bufsize = dbg->reg->regset[i].arena->size; if (bufsize > 0) { ut8 *buf = calloc (1 + 1, bufsize); if (!buf) { return false; } //we have already checked dbg->h and dbg->h->reg_read above size = dbg->h->reg_read (dbg, i, buf, bufsize); // we need to check against zero because reg_read can return false if (size > 0) { r_reg_set_bytes (dbg->reg, i, buf, size); //R_MIN (size, bufsize)); // free (buf); // return true; } free (buf); } } // DO NOT BREAK R_REG_TYPE_ALL PLEASE // break; // Continue the syncronization or just stop if it was asked only for a single type of regs i++; } while ((type == R_REG_TYPE_ALL) && (i < R_REG_TYPE_LAST)); return true; }