]> git.saurik.com Git - cycript.git/blame - Mach/Inject.cpp
Crazy variable naming optimization of doom.
[cycript.git] / Mach / Inject.cpp
CommitLineData
e91fbe93
JF
1/* Cycript - Inlining/Optimizing JavaScript Compiler
2 * Copyright (C) 2009 Jay Freeman (saurik)
3*/
4
5/* Modified BSD License {{{ */
6/*
7 * Redistribution and use in source and binary
8 * forms, with or without modification, are permitted
9 * provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the
12 * above copyright notice, this list of conditions
13 * and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the
15 * above copyright notice, this list of conditions
16 * and the following disclaimer in the documentation
17 * and/or other materials provided with the
18 * distribution.
19 * 3. The name of the author may not be used to endorse
20 * or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
25 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
29 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
31 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
34 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
35 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
36 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37*/
38/* }}} */
39
b6961e53
JF
40#include <dlfcn.h>
41#include <mach/mach.h>
42
43extern "C" {
44#include <mach-o/nlist.h>
45}
46
47#include <cstdio>
48#include <pthread.h>
b166b11b 49#include <unistd.h>
b6961e53
JF
50
51#include "Baton.hpp"
52#include "Exception.hpp"
53#include "Pooling.hpp"
54#include "Trampoline.t.hpp"
55
7c6c5b0a 56extern "C" void __pthread_set_self(pthread_t);
b6961e53
JF
57
58template <typename Type_>
59static void nlset(Type_ &function, struct nlist *nl, size_t index) {
60 struct nlist &name(nl[index]);
61 uintptr_t value(name.n_value);
7c6c5b0a 62 _assert(value != 0);
b6961e53
JF
63 if ((name.n_desc & N_ARM_THUMB_DEF) != 0)
64 value |= 0x00000001;
7c6c5b0a 65 function = value;
b6961e53
JF
66}
67
68void InjectLibrary(pid_t pid) {
b166b11b
JF
69 // XXX: break this into the build environment
70 const char *library("/usr/lib/libcycript.dylib");
b6961e53
JF
71
72 static const size_t Stack_(8 * 1024);
73 size_t length(strlen(library) + 1), depth(sizeof(Baton) + length);
74 depth = (depth + sizeof(uintptr_t) + 1) / sizeof(uintptr_t) * sizeof(uintptr_t);
75
76 CYPool pool;
77 uint8_t *local(reinterpret_cast<uint8_t *>(apr_palloc(pool, depth)));
b6961e53 78 Baton *baton(reinterpret_cast<Baton *>(local));
b6961e53 79
7c6c5b0a
JF
80 uintptr_t set_self_internal;
81 uintptr_t set_self_external;
82
83 struct nlist nl[3];
b6961e53
JF
84 memset(nl, 0, sizeof(nl));
85 nl[0].n_un.n_name = (char *) "__pthread_set_self";
7c6c5b0a 86 nl[1].n_un.n_name = (char *) "___pthread_set_self";
b6961e53 87 nlist("/usr/lib/libSystem.B.dylib", nl);
7c6c5b0a
JF
88 nlset(set_self_internal, nl, 0);
89 nlset(set_self_external, nl, 1);
90
91 baton->_pthread_set_self = reinterpret_cast<void (*)(pthread_t)>(reinterpret_cast<uintptr_t>(&__pthread_set_self) - set_self_external + set_self_internal);
b6961e53 92
b166b11b
JF
93 baton->pthread_create = &pthread_create;
94 baton->pthread_join = &pthread_join;
95
96 baton->dlopen = &dlopen;
97 baton->dlsym = &dlsym;
98
99 baton->mach_thread_self = &mach_thread_self;
100 baton->thread_terminate = &thread_terminate;
101
102 baton->pid = getpid();
103 memcpy(baton->library, library, length);
104
b6961e53
JF
105 vm_size_t size(depth + Stack_);
106
107 mach_port_t self(mach_task_self()), task;
108 _krncall(task_for_pid(self, pid, &task));
109
7c6c5b0a
JF
110 vm_address_t stack;
111 _krncall(vm_allocate(task, &stack, size, true));
112 vm_address_t data(stack + Stack_);
113
b6961e53
JF
114 vm_write(task, data, reinterpret_cast<vm_address_t>(baton), depth);
115
116 vm_address_t code;
117 _krncall(vm_allocate(task, &code, sizeof(Trampoline_), true));
118 vm_write(task, code, reinterpret_cast<vm_address_t>(Trampoline_), sizeof(Trampoline_));
119 _krncall(vm_protect(task, code, sizeof(Trampoline_), false, VM_PROT_READ | VM_PROT_EXECUTE));
120
121 thread_act_t thread;
122 _krncall(thread_create(task, &thread));
123
124 thread_state_flavor_t flavor;
125 mach_msg_type_number_t count;
7c6c5b0a 126 size_t push;
b6961e53
JF
127
128#if defined(__arm__)
129 arm_thread_state_t state;
b6961e53
JF
130 flavor = ARM_THREAD_STATE;
131 count = ARM_THREAD_STATE_COUNT;
7c6c5b0a 132 push = 0;
19c91c37 133#elif defined(__i386__) || defined(__x86_64__)
7c6c5b0a
JF
134 i386_thread_state_t state;
135 flavor = i386_THREAD_STATE;
136 count = i386_THREAD_STATE_COUNT;
137 push = 5;
b166b11b
JF
138#else
139 #error XXX: implement
140#endif
b6961e53 141
7c6c5b0a
JF
142 uintptr_t frame[push];
143 if (sizeof(frame) != 0)
144 memset(frame, 0, sizeof(frame));
145
b166b11b 146 memset(&state, 0, sizeof(state));
b6961e53 147
b166b11b
JF
148 mach_msg_type_number_t read(count);
149 _krncall(thread_get_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), &read));
150 _assert(count == count);
151
152#if defined(__arm__)
b6961e53 153 state.r[0] = data;
b6961e53
JF
154 state.sp = stack + Stack_;
155 state.pc = code;
156
157 if ((state.pc & 0x1) != 0) {
158 state.pc &= ~0x1;
159 state.cpsr |= 0x20;
160 }
19c91c37 161#elif defined(__i386__) || defined(__x86_64__)
7c6c5b0a
JF
162 frame[0] = 0;
163 frame[1] = data;
164
165 state.__eip = code;
166 state.__esp = stack + Stack_ - sizeof(frame);
b6961e53
JF
167#else
168 #error XXX: implement
169#endif
170
7c6c5b0a
JF
171 if (sizeof(frame) != 0)
172 vm_write(task, stack + Stack_ - sizeof(frame), reinterpret_cast<vm_address_t>(frame), sizeof(frame));
173
b166b11b 174 _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
b6961e53
JF
175 _krncall(thread_resume(thread));
176
b166b11b 177 _krncall(mach_port_deallocate(self, task));
b6961e53 178}