R_API int r_debug_continue_until(RDebug *dbg, ut64 addr) { int has_bp; ut64 pc; if (r_debug_is_dead (dbg)) return R_FALSE; // Check if there was another breakpoint set at addr has_bp = r_bp_get_in (dbg->bp, addr, R_BP_PROT_EXEC) != NULL; if (!has_bp) r_bp_add_sw (dbg->bp, addr, dbg->bpsize, R_BP_PROT_EXEC); // Continue until the bp is reached for (;;) { if (r_debug_is_dead (dbg)) break; pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); if (pc == addr) break; if (r_bp_get_at (dbg->bp, pc)) break; r_debug_continue (dbg); } // Clean up if needed if (!has_bp) r_bp_del (dbg->bp, addr); return R_TRUE; }
/* restore program counter after breakpoint hit */ static int r_debug_recoil(RDebug *dbg) { int recoil; RRegItem *ri; if (r_debug_is_dead (dbg)) return R_FALSE; r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_FALSE); ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1); dbg->reason.bpi = NULL; if (ri) { ut64 addr = r_reg_get_value (dbg->reg, ri); recoil = r_bp_recoil (dbg->bp, addr); //eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil); #if __arm__ if (recoil<1) recoil = 0; // XXX Hack :D #else if (recoil<1) recoil = 0; //1; // XXX Hack :D (x86 only?) #endif if (recoil) { dbg->reason.type = R_DEBUG_REASON_BREAKPOINT; dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil); dbg->reason.addr = addr - recoil; r_reg_set_value (dbg->reg, ri, addr-recoil); if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) { eprintf ("r_debug_recoil: Cannot set program counter\n"); return R_FALSE; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, R_TRUE); //eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil)); return R_TRUE; } } else eprintf ("r_debug_recoil: Cannot get program counter\n"); return R_FALSE; }
/* restore program counter after breakpoint hit */ static int r_debug_recoil(RDebug *dbg) { int recoil; RRegItem *ri; if (r_debug_is_dead (dbg)) { return false; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false); ri = r_reg_get (dbg->reg, dbg->reg->name[R_REG_NAME_PC], -1); dbg->reason.bpi = NULL; if (ri) { ut64 addr = r_reg_get_value (dbg->reg, ri); recoil = r_bp_recoil (dbg->bp, addr - dbg->bpsize); //eprintf ("[R2] Breakpoint recoil at 0x%"PFMT64x" = %d\n", addr, recoil); if (recoil < 1) recoil = 0; // XXX Hack :D if (recoil) { dbg->in_recoil = true; dbg->reason.type = R_DEBUG_REASON_BREAKPOINT; dbg->reason.bpi = r_bp_get_at (dbg->bp, addr-recoil); dbg->reason.addr = addr - recoil; r_reg_set_value (dbg->reg, ri, addr-recoil); if (r_reg_get_value (dbg->reg, ri) != (addr-recoil)) { eprintf ("r_debug_recoil: Cannot set program counter\n"); return false; } r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true); //eprintf ("[BP Hit] Setting pc to 0x%"PFMT64x"\n", (addr-recoil)); return true; } } else { eprintf ("r_debug_recoil: Cannot get program counter\n"); } return false; }
R_API int r_debug_continue_kill(RDebug *dbg, int sig) { ut64 pc; int retwait, ret = R_FALSE; if (!dbg) return R_FALSE; #if __WINDOWS__ r_cons_break(w32_break_process, dbg); #endif repeat: if (r_debug_is_dead (dbg)) return R_FALSE; if (dbg->h && dbg->h->cont) { r_bp_restore (dbg->bp, R_TRUE); // set sw breakpoints ret = dbg->h->cont (dbg, dbg->pid, dbg->tid, sig); dbg->reason.signum = 0; retwait = r_debug_wait (dbg); #if __WINDOWS__ if (retwait != R_DEBUG_REASON_DEAD) { ret = dbg->tid; } #endif r_bp_restore (dbg->bp, R_FALSE); // unset sw breakpoints //r_debug_recoil (dbg); if (r_debug_recoil (dbg) || (dbg->reason.type == R_DEBUG_REASON_BREAKPOINT)) { /* check if cur bp demands tracing or not */ pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]); RBreakpointItem *b = r_bp_get_at (dbg->bp, pc); if (b) { /* check if cur bp demands tracing or not */ if (b->trace) { eprintf("hit tracepoit at: %"PFMT64x"\n",pc); } else { eprintf("hit breakpoint at: %"PFMT64x"\n",pc); } if (dbg->trace->enabled) r_debug_trace_pc (dbg); // TODO: delegate this to RCore.bphit(RCore, RBreakopintItem) if (dbg->corebind.core && dbg->corebind.bphit) { dbg->corebind.bphit (dbg->corebind.core, b); } if (b->trace) { r_debug_step (dbg, 1); goto repeat; } } } #if 0 #if __UNIX__ /* XXX Uh? */ if (dbg->stop_all_threads && dbg->pid>0) r_sandbox_kill (dbg->pid, SIGSTOP); #endif #endif r_debug_select (dbg, dbg->pid, ret); sig = 0; // clear continuation after signal if needed if (retwait == R_DEBUG_REASON_SIGNAL && dbg->reason.signum != -1) { int what = r_debug_signal_what (dbg, dbg->reason.signum); if (what & R_DBG_SIGNAL_CONT) { sig = dbg->reason.signum; eprintf ("Continue into the signal %d handler\n", sig); goto repeat; } else if (what & R_DBG_SIGNAL_SKIP) { // skip signal. requires skipping one instruction ut8 buf[64]; RAnalOp op = {0}; ut64 pc = r_debug_reg_get (dbg, "pc"); dbg->iob.read_at (dbg->iob.io, pc, buf, sizeof (buf)); r_anal_op (dbg->anal, &op, pc, buf, sizeof (buf)); if (op.size>0) { const char *signame = r_debug_signal_resolve_i (dbg, dbg->reason.signum); r_debug_reg_set (dbg, "pc", pc+op.size); eprintf ("Skip signal %d handler %s\n", dbg->reason.signum, signame); goto repeat; } else { ut64 pc = r_debug_reg_get (dbg, "pc"); eprintf ("Stalled with an exception at 0x%08"PFMT64x"\n", pc); } } } } return ret; }
/* * Recoiling after a breakpoint has two stages: * 1. remove the breakpoint and fix the program counter. * 2. on resume, single step once and then replace the breakpoint. * * Thus, we have two functions to handle these situations. * r_debug_bp_hit handles stage 1. * r_debug_recoil handles stage 2. */ static int r_debug_bp_hit(RDebug *dbg, RRegItem *pc_ri, ut64 pc) { RBreakpointItem *b; /* if we are tracing, update the tracing data */ if (dbg->trace->enabled) { r_debug_trace_pc (dbg, pc); } /* remove all sw breakpoints for now. we'll set them back in stage 2 * * this is necessary because while stopped we don't want any breakpoints in * the code messing up our analysis. */ if (!r_bp_restore (dbg->bp, false)) { // unset sw breakpoints return false; } /* if we are recoiling, tell r_debug_step that we ignored a breakpoint * event */ if (!dbg->swstep && dbg->recoil_mode != R_DBG_RECOIL_NONE) { dbg->reason.bp_addr = 0; return true; } /* see if we really have a breakpoint here... */ b = r_bp_get_at (dbg->bp, pc - dbg->bpsize); if (!b) { /* we don't. nothing left to do */ return true; } /* set the pc value back */ pc -= b->size; if (!r_reg_set_value (dbg->reg, pc_ri, pc)) { eprintf ("failed to set PC!\n"); return false; } if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true)) { eprintf ("cannot set registers!\n"); return false; } /* if we are on a software stepping breakpoint, we hide what is going on... */ if (b->swstep) { dbg->reason.bp_addr = 0; return true; } /* setup our stage 2 */ dbg->reason.bp_addr = b->addr; /* inform the user of what happened */ eprintf ("hit %spoint at: %"PFMT64x "\n", b->trace ? "trace" : "break", pc); /* now that we've cleaned up after the breakpoint, call the other * potential breakpoint handlers */ if (dbg->corebind.core && dbg->corebind.bphit) { dbg->corebind.bphit (dbg->corebind.core, b); } /* XXX(jjd): i don't think this goes here... if (b->trace) { r_debug_step (dbg, 1); goto repeat; } */ return true; }
/* * Recoiling after a breakpoint has two stages: * 1. remove the breakpoint and fix the program counter. * 2. on resume, single step once and then replace the breakpoint. * * Thus, we have two functions to handle these situations. * r_debug_bp_hit handles stage 1. * r_debug_recoil handles stage 2. */ static int r_debug_bp_hit(RDebug *dbg, RRegItem *pc_ri, ut64 pc, RBreakpointItem **pb) { RBreakpointItem *b; if (!pb) { eprintf ("BreakpointItem is NULL!\n"); return false; } /* initialize the output parameter */ *pb = NULL; /* if we are tracing, update the tracing data */ if (dbg->trace->enabled) { r_debug_trace_pc (dbg, pc); } /* remove all sw breakpoints for now. we'll set them back in stage 2 * * this is necessary because while stopped we don't want any breakpoints in * the code messing up our analysis. */ if (!r_bp_restore (dbg->bp, false)) { // unset sw breakpoints return false; } /* if we are recoiling, tell r_debug_step that we ignored a breakpoint * event */ if (!dbg->swstep && dbg->recoil_mode != R_DBG_RECOIL_NONE) { dbg->reason.bp_addr = 0; return true; } /* The MIPS ptrace has a different behaviour */ # if __mips__ /* see if we really have a breakpoint here... */ b = r_bp_get_at (dbg->bp, pc); if (!b) { /* we don't. nothing left to do */ return true; } # else int pc_off = dbg->bpsize; /* see if we really have a breakpoint here... */ b = r_bp_get_at (dbg->bp, pc - dbg->bpsize); if (!b) { /* we don't. nothing left to do */ /* Some targets set pc to breakpoint */ b = r_bp_get_at (dbg->bp, pc); if (!b) { return true; } pc_off = 0; } /* set the pc value back */ if (pc_off) { pc -= pc_off; if (!r_reg_set_value (dbg->reg, pc_ri, pc)) { eprintf ("failed to set PC!\n"); return false; } if (!r_debug_reg_sync (dbg, R_REG_TYPE_GPR, true)) { eprintf ("cannot set registers!\n"); return false; } } # endif *pb = b; /* if we are on a software stepping breakpoint, we hide what is going on... */ if (b->swstep) { dbg->reason.bp_addr = 0; return true; } /* setup our stage 2 */ dbg->reason.bp_addr = b->addr; /* inform the user of what happened */ if (dbg->hitinfo) { eprintf ("hit %spoint at: %"PFMT64x "\n", b->trace ? "trace" : "break", pc); } /* now that we've cleaned up after the breakpoint, call the other * potential breakpoint handlers */ if (dbg->corebind.core && dbg->corebind.bphit) { dbg->corebind.bphit (dbg->corebind.core, b); } return true; }