R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) {
int has_bp;
ut64 pc;
if (r_debug_is_dead (dbg))
return R_FALSE;
// Check if there was another breakpoint set at addr
has_bp = r_bp_get_in (dbg->bp, addr, R_BP_PROT_EXEC) != NULL;
if (!has_bp)
r_bp_add_sw (dbg->bp, addr, dbg->bpsize, R_BP_PROT_EXEC);
// Continue until the bp is reached
for (;;) {
if (r_debug_is_dead (dbg))
break;
pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
if (pc == addr)
break;
if (r_bp_get_at (dbg->bp, pc))
break;
r_debug_continue (dbg);
}
// Clean up if needed
if (!has_bp)
r_bp_del (dbg->bp, addr);
return R_TRUE;
}
/* restore program counter after breakpoint hit */
static int r_debug_recoil(RDebug *dbg) {
int recoil;
RRegItem *ri;
if (r_debug_is_dead (dbg))
return R_FALSE;
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE);
ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1);
dbg->reason.bpi = NULL;
if (ri) {
ut64 addr = r_reg_get_value (dbg->reg, ri);
recoil = r_bp_recoil (dbg->bp, addr);
//eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil);
#if __arm__
if (recoil<1) recoil = 0; // XXX Hack :D
#else
if (recoil<1) recoil = 0; //1; // XXX Hack :D (x86 only?)
#endif
if (recoil) {
dbg->reason.type = R_DEBUG_REASON_BREAKPOINT;
dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil);
dbg->reason.addr = addr - recoil;
r_reg_set_value (dbg->reg, ri, addr-recoil);
if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) {
eprintf ("r_debug_recoil: Cannot set program counter\n");
return R_FALSE;
}
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE);
//eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil));
return R_TRUE;
}
} else eprintf ("r_debug_recoil: Cannot get program counter\n");
return R_FALSE;
}
/* restore program counter after breakpoint hit */
static int r_debug_recoil(RDebug *dbg) {
int recoil;
RRegItem *ri;
if (r_debug_is_dead (dbg)) {
return false;
}
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false);
ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1);
dbg->reason.bpi = NULL;
if (ri) {
ut64 addr = r_reg_get_value (dbg->reg, ri);
recoil = r_bp_recoil (dbg->bp, addr - dbg->bpsize);
//eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil);
if (recoil < 1)
recoil = 0; // XXX Hack :D
if (recoil) {
dbg->in_recoil = true;
dbg->reason.type = R_DEBUG_REASON_BREAKPOINT;
dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil);
dbg->reason.addr = addr - recoil;
r_reg_set_value (dbg->reg, ri, addr-recoil);
if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) {
eprintf ("r_debug_recoil: Cannot set program counter\n");
return false;
}
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true);
//eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil));
return true;
}
} else {
eprintf ("r_debug_recoil: Cannot get program counter\n");
}
return false;
}
R_API int r_debug_continue_kill(RDebug *dbg, int sig) {
ut64 pc;
int retwait, ret = R_FALSE;
if (!dbg)
return R_FALSE;
#if __WINDOWS__
r_cons_break(w32_break_process, dbg);
#endif
repeat:
if (r_debug_is_dead (dbg))
return R_FALSE;
if (dbg->h && dbg->h->cont) {
r_bp_restore (dbg->bp, R_TRUE); // set sw breakpoints
ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig);
dbg->reason.signum = 0;
retwait = r_debug_wait (dbg);
#if __WINDOWS__
if (retwait != R_DEBUG_REASON_DEAD) {
ret = dbg->tid;
}
#endif
r_bp_restore (dbg->bp, R_FALSE); // unset sw breakpoints
//r_debug_recoil (dbg);
if (r_debug_recoil (dbg) || (dbg->reason.type == R_DEBUG_REASON_BREAKPOINT)) {
/* check if cur bp demands tracing or not */
pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
RBreakpointItem *b = r_bp_get_at (dbg->bp, pc);
if (b) {
/* check if cur bp demands tracing or not */
if (b->trace) {
eprintf("hit tracepoit at: %"PFMT64x"\n",pc);
} else {
eprintf("hit breakpoint at: %"PFMT64x"\n",pc);
}
if (dbg->trace->enabled)
r_debug_trace_pc (dbg);
// TODO: delegate this to RCore.bphit(RCore, RBreakopintItem)
if (dbg->corebind.core && dbg->corebind.bphit) {
dbg->corebind.bphit (dbg->corebind.core, b);
}
if (b->trace) {
r_debug_step (dbg, 1);
goto repeat;
}
}
}
#if 0
#if __UNIX__
/* XXX Uh? */
if (dbg->stop_all_threads && dbg->pid>0)
r_sandbox_kill (dbg->pid, SIGSTOP);
#endif
#endif
r_debug_select (dbg, dbg->pid, ret);
sig = 0; // clear continuation after signal if needed
if (retwait == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) {
int what = r_debug_signal_what (dbg, dbg->reason.signum);
if (what & R_DBG_SIGNAL_CONT) {
sig = dbg->reason.signum;
eprintf ("Continue into the signal %d handler\n", sig);
goto repeat;
} else if (what & R_DBG_SIGNAL_SKIP) {
// skip signal. requires skipping one instruction
ut8 buf[64];
RAnalOp op = {0};
ut64 pc = r_debug_reg_get (dbg, "pc");
dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf));
r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf));
if (op.size>0) {
const char *signame = r_debug_signal_resolve_i (dbg, dbg->reason.signum);
r_debug_reg_set (dbg, "pc", pc+op.size);
eprintf ("Skip signal %d handler %s\n",
dbg->reason.signum, signame);
goto repeat;
} else {
ut64 pc = r_debug_reg_get (dbg, "pc");
eprintf ("Stalled with an exception at 0x%08"PFMT64x"\n", pc);
}
}
}
}
return ret;
}
/*
* Recoiling after a breakpoint has two stages:
* 1. remove the breakpoint and fix the program counter.
* 2. on resume, single step once and then replace the breakpoint.
*
* Thus, we have two functions to handle these situations.
* r_debug_bp_hit handles stage 1.
* r_debug_recoil handles stage 2.
*/
static int r_debug_bp_hit(RDebug *dbg, RRegItem *pc_ri, ut64 pc) {
RBreakpointItem *b;
/* if we are tracing, update the tracing data */
if (dbg->trace->enabled) {
r_debug_trace_pc (dbg, pc);
}
/* remove all sw breakpoints for now. we'll set them back in stage 2
*
* this is necessary because while stopped we don't want any breakpoints in
* the code messing up our analysis.
*/
if (!r_bp_restore (dbg->bp, false)) { // unset sw breakpoints
return false;
}
/* if we are recoiling, tell r_debug_step that we ignored a breakpoint
* event */
if (!dbg->swstep && dbg->recoil_mode != R_DBG_RECOIL_NONE) {
dbg->reason.bp_addr = 0;
return true;
}
/* see if we really have a breakpoint here... */
b = r_bp_get_at (dbg->bp, pc - dbg->bpsize);
if (!b) { /* we don't. nothing left to do */
return true;
}
/* set the pc value back */
pc -= b->size;
if (!r_reg_set_value (dbg->reg, pc_ri, pc)) {
eprintf ("failed to set PC!\n");
return false;
}
if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true)) {
eprintf ("cannot set registers!\n");
return false;
}
/* if we are on a software stepping breakpoint, we hide what is going on... */
if (b->swstep) {
dbg->reason.bp_addr = 0;
return true;
}
/* setup our stage 2 */
dbg->reason.bp_addr = b->addr;
/* inform the user of what happened */
eprintf ("hit %spoint at: %"PFMT64x "\n",
b->trace ? "trace" : "break", pc);
/* now that we've cleaned up after the breakpoint, call the other
* potential breakpoint handlers
*/
if (dbg->corebind.core && dbg->corebind.bphit) {
dbg->corebind.bphit (dbg->corebind.core, b);
}
/* XXX(jjd): i don't think this goes here...
if (b->trace) {
r_debug_step (dbg, 1);
goto repeat;
}
*/
return true;
}
/*
* Recoiling after a breakpoint has two stages:
* 1. remove the breakpoint and fix the program counter.
* 2. on resume, single step once and then replace the breakpoint.
*
* Thus, we have two functions to handle these situations.
* r_debug_bp_hit handles stage 1.
* r_debug_recoil handles stage 2.
*/
static int r_debug_bp_hit(RDebug *dbg, RRegItem *pc_ri, ut64 pc, RBreakpointItem **pb) {
RBreakpointItem *b;
if (!pb) {
eprintf ("BreakpointItem is NULL!\n");
return false;
}
/* initialize the output parameter */
*pb = NULL;
/* if we are tracing, update the tracing data */
if (dbg->trace->enabled) {
r_debug_trace_pc (dbg, pc);
}
/* remove all sw breakpoints for now. we'll set them back in stage 2
*
* this is necessary because while stopped we don't want any breakpoints in
* the code messing up our analysis.
*/
if (!r_bp_restore (dbg->bp, false)) { // unset sw breakpoints
return false;
}
/* if we are recoiling, tell r_debug_step that we ignored a breakpoint
* event */
if (!dbg->swstep && dbg->recoil_mode != R_DBG_RECOIL_NONE) {
dbg->reason.bp_addr = 0;
return true;
}
/* The MIPS ptrace has a different behaviour */
# if __mips__
/* see if we really have a breakpoint here... */
b = r_bp_get_at (dbg->bp, pc);
if (!b) { /* we don't. nothing left to do */
return true;
}
# else
int pc_off = dbg->bpsize;
/* see if we really have a breakpoint here... */
b = r_bp_get_at (dbg->bp, pc - dbg->bpsize);
if (!b) { /* we don't. nothing left to do */
/* Some targets set pc to breakpoint */
b = r_bp_get_at (dbg->bp, pc);
if (!b) {
return true;
}
pc_off = 0;
}
/* set the pc value back */
if (pc_off) {
pc -= pc_off;
if (!r_reg_set_value (dbg->reg, pc_ri, pc)) {
eprintf ("failed to set PC!\n");
return false;
}
if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true)) {
eprintf ("cannot set registers!\n");
return false;
}
}
# endif
*pb = b;
/* if we are on a software stepping breakpoint, we hide what is going on... */
if (b->swstep) {
dbg->reason.bp_addr = 0;
return true;
}
/* setup our stage 2 */
dbg->reason.bp_addr = b->addr;
/* inform the user of what happened */
if (dbg->hitinfo) {
eprintf ("hit %spoint at: %"PFMT64x "\n",
b->trace ? "trace" : "break", pc);
}
/* now that we've cleaned up after the breakpoint, call the other
* potential breakpoint handlers
*/
if (dbg->corebind.core && dbg->corebind.bphit) {
dbg->corebind.bphit (dbg->corebind.core, b);
}
return true;
}
