]> git.saurik.com Git - cycript.git/blob - Mach/Inject.cpp
projects / cycript.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix a regression in iconv detection; cleaner clean.
[cycript.git] / Mach / Inject.cpp
1 /* Cycript - Inlining/Optimizing JavaScript Compiler
2 * Copyright (C) 2009 Jay Freeman (saurik)
3 */
4
5 /* Modified BSD License {{{ */
6 /*
7 * Redistribution and use in source and binary
8 * forms, with or without modification, are permitted
9 * provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the
12 * above copyright notice, this list of conditions
13 * and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the
15 * above copyright notice, this list of conditions
16 * and the following disclaimer in the documentation
17 * and/or other materials provided with the
18 * distribution.
19 * 3. The name of the author may not be used to endorse
20 * or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
25 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
29 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
31 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
34 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
35 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
36 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 */
38 /* }}} */
39
40 #include <dlfcn.h>
41 #include <mach/mach.h>
42
43 extern "C" {
44 #include <mach-o/nlist.h>
45 }
46
47 #include <cstdio>
48 #include <pthread.h>
49 #include <unistd.h>
50
51 #include "Baton.hpp"
52 #include "Exception.hpp"
53 #include "Pooling.hpp"
54 #include "Trampoline.t.hpp"
55
56 extern "C" void __pthread_set_self(pthread_t);
57
58 template <typename Type_>
59 static void nlset(Type_ &function, struct nlist *nl, size_t index) {
60 struct nlist &name(nl[index]);
61 uintptr_t value(name.n_value);
62 _assert(value != 0);
63 if ((name.n_desc & N_ARM_THUMB_DEF) != 0)
64 value |= 0x00000001;
65 function = value;
66 }
67
68 void InjectLibrary(pid_t pid) {
69 // XXX: break this into the build environment
70 const char *library("/usr/lib/libcycript.dylib");
71
72 static const size_t Stack_(8 * 1024);
73 size_t length(strlen(library) + 1), depth(sizeof(Baton) + length);
74 depth = (depth + sizeof(uintptr_t) + 1) / sizeof(uintptr_t) * sizeof(uintptr_t);
75
76 CYPool pool;
77 uint8_t *local(reinterpret_cast<uint8_t *>(apr_palloc(pool, depth)));
78 Baton *baton(reinterpret_cast<Baton *>(local));
79
80 uintptr_t set_self_internal;
81 uintptr_t set_self_external;
82
83 struct nlist nl[3];
84 memset(nl, 0, sizeof(nl));
85 nl[0].n_un.n_name = (char *) "__pthread_set_self";
86 nl[1].n_un.n_name = (char *) "___pthread_set_self";
87 nlist("/usr/lib/libSystem.B.dylib", nl);
88 nlset(set_self_internal, nl, 0);
89 nlset(set_self_external, nl, 1);
90
91 baton->_pthread_set_self = reinterpret_cast<void (*)(pthread_t)>(reinterpret_cast<uintptr_t>(&__pthread_set_self) - set_self_external + set_self_internal);
92
93 baton->pthread_create = &pthread_create;
94 baton->pthread_join = &pthread_join;
95
96 baton->dlopen = &dlopen;
97 baton->dlsym = &dlsym;
98
99 baton->mach_thread_self = &mach_thread_self;
100 baton->thread_terminate = &thread_terminate;
101
102 baton->pid = getpid();
103 memcpy(baton->library, library, length);
104
105 vm_size_t size(depth + Stack_);
106
107 mach_port_t self(mach_task_self()), task;
108 _krncall(task_for_pid(self, pid, &task));
109
110 vm_address_t stack;
111 _krncall(vm_allocate(task, &stack, size, true));
112 vm_address_t data(stack + Stack_);
113
114 vm_write(task, data, reinterpret_cast<vm_address_t>(baton), depth);
115
116 vm_address_t code;
117 _krncall(vm_allocate(task, &code, sizeof(Trampoline_), true));
118 vm_write(task, code, reinterpret_cast<vm_address_t>(Trampoline_), sizeof(Trampoline_));
119 _krncall(vm_protect(task, code, sizeof(Trampoline_), false, VM_PROT_READ | VM_PROT_EXECUTE));
120
121 thread_act_t thread;
122 _krncall(thread_create(task, &thread));
123
124 thread_state_flavor_t flavor;
125 mach_msg_type_number_t count;
126 size_t push;
127
128 #if defined(__arm__)
129 arm_thread_state_t state;
130 flavor = ARM_THREAD_STATE;
131 count = ARM_THREAD_STATE_COUNT;
132 push = 0;
133 #elif defined(__i386__) || defined(__x86_64__)
134 i386_thread_state_t state;
135 flavor = i386_THREAD_STATE;
136 count = i386_THREAD_STATE_COUNT;
137 push = 5;
138 #else
139 #error XXX: implement
140 #endif
141
142 uintptr_t frame[push];
143 if (sizeof(frame) != 0)
144 memset(frame, 0, sizeof(frame));
145
146 memset(&state, 0, sizeof(state));
147
148 mach_msg_type_number_t read(count);
149 _krncall(thread_get_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), &read));
150 _assert(count == count);
151
152 #if defined(__arm__)
153 state.r[0] = data;
154 state.sp = stack + Stack_;
155 state.pc = code;
156
157 if ((state.pc & 0x1) != 0) {
158 state.pc &= ~0x1;
159 state.cpsr |= 0x20;
160 }
161 #elif defined(__i386__) || defined(__x86_64__)
162 frame[0] = 0;
163 frame[1] = data;
164
165 state.__eip = code;
166 state.__esp = stack + Stack_ - sizeof(frame);
167 #else
168 #error XXX: implement
169 #endif
170
171 if (sizeof(frame) != 0)
172 vm_write(task, stack + Stack_ - sizeof(frame), reinterpret_cast<vm_address_t>(frame), sizeof(frame));
173
174 _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
175 _krncall(thread_resume(thread));
176
177 _krncall(mach_port_deallocate(self, task));
178 }
Cycript