]> git.saurik.com Git - cycript.git/blobdiff - Mach/Inject.cpp
projects / cycript.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use OS X (not Simulator) build for x86_64 on OS X.
[cycript.git] / Mach / Inject.cpp
diff --git a/Mach/Inject.cpp b/Mach/Inject.cpp
index 765a4ab6f37e41d23355206851d22b5694ef9316..7d805992c09c31a88515e0aa3b648b395f5cf0e6 100644 (file)
--- a/Mach/Inject.cpp
+++ b/Mach/Inject.cpp
@@ -1,174 +1,305 @@
-/* Cycript - Inlining/Optimizing JavaScript Compiler
- * Copyright (C) 2009  Jay Freeman (saurik)
+/* Cycript - Optimizing JavaScript Compiler/Runtime
+ * Copyright (C) 2009-2013  Jay Freeman (saurik)
 */
 
 */
 
-/* Modified BSD License {{{ */
+/* GNU General Public License, Version 3 {{{ */
 /*
 /*
- *        Redistribution and use in source and binary
- * forms, with or without modification, are permitted
- * provided that the following conditions are met:
+ * Cycript is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation, either version 3 of the License,
+ * or (at your option) any later version.
  *
  *
- * 1. Redistributions of source code must retain the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the
- *    above copyright notice, this list of conditions
- *    and the following disclaimer in the documentation
- *    and/or other materials provided with the
- *    distribution.
- * 3. The name of the author may not be used to endorse
- *    or promote products derived from this software
- *    without specific prior written permission.
+ * Cycript is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
- * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
+ * You should have received a copy of the GNU General Public License
+ * along with Cycript.  If not, see <http://www.gnu.org/licenses/>.
+**/
 /* }}} */
 
 /* }}} */
 
+#include "TargetConditionals.h"
+#if TARGET_OS_IPHONE
+#undef __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__
+#define __ENVIRONMENT_IPHONE_OS_VERSION_MIN_REQUIRED__ __IPHONE_5_0
+#endif
+
 #include <dlfcn.h>
 #include <dlfcn.h>
+#include <pthread.h>
+#include <unistd.h>
+
 #include <mach/mach.h>
 #include <mach/mach.h>
+#include <mach/vm_map.h>
+#include <mach/mach_vm.h>
 
 
-#include <mach/i386/thread_status.h>
+#include <mach/machine/thread_status.h>
 
 
-#include <cstdio>
-#include <pthread.h>
-#include <unistd.h>
+#ifdef __arm__
+#include "Mach/Memory.hpp"
+#endif
 
 #include "Baton.hpp"
 #include "Exception.hpp"
 #include "Pooling.hpp"
 #include "Trampoline.t.hpp"
 
 
 #include "Baton.hpp"
 #include "Exception.hpp"
 #include "Pooling.hpp"
 #include "Trampoline.t.hpp"
 
-extern "C" void __pthread_set_self(pthread_t);
-
-void InjectLibrary(pid_t pid) {
-    // DOUG: turn this into some kind of -D passed from configure
-    const char *library("/usr/lib/libcycript.dylib");
-
-    static const size_t Stack_(8 * 1024);
-    size_t length(strlen(library) + 1), depth(sizeof(Baton) + length);
-    depth = (depth + sizeof(uintptr_t) + 1) / sizeof(uintptr_t) * sizeof(uintptr_t);
-
-    CYPool pool;
-    uint8_t *local(reinterpret_cast<uint8_t *>(apr_palloc(pool, depth)));
-    Baton *baton(reinterpret_cast<Baton *>(local));
-
-    baton->__pthread_set_self = &__pthread_set_self;
-
-    baton->pthread_create = &pthread_create;
-    baton->pthread_join = &pthread_join;
-
-    baton->dlopen = &dlopen;
-    baton->dlsym = &dlsym;
+extern "C" void CYHandleServer(pid_t);
 
 
-    baton->mach_thread_self = &mach_thread_self;
-    baton->thread_terminate = &thread_terminate;
+extern "C" void *_dyld_get_all_image_infos();
 
 
-    baton->pid = getpid();
-    memcpy(baton->library, library, length);
-
-    vm_size_t size(depth + Stack_);
+void InjectLibrary(pid_t pid) {
+    Dl_info addr;
+    _assert(dladdr(reinterpret_cast<void *>(&CYHandleServer), &addr) != 0);
+
+    size_t flength(strlen(addr.dli_fname));
+    char library[flength + 4 + 1];
+    memcpy(library, addr.dli_fname, flength);
+    library[flength] = '\0';
+    _assert(strcmp(library + flength - 6, ".dylib") == 0);
+#if !TARGET_OS_IPHONE
+    strcpy(library + flength - 6, "-any.dylib");
+#endif
 
     mach_port_t self(mach_task_self()), task;
     _krncall(task_for_pid(self, pid, &task));
 
 
     mach_port_t self(mach_task_self()), task;
     _krncall(task_for_pid(self, pid, &task));
 
-    vm_address_t stack;
-    _krncall(vm_allocate(task, &stack, size, true));
-    vm_address_t data(stack + Stack_);
-
-    vm_write(task, data, reinterpret_cast<vm_address_t>(baton), depth);
+    task_dyld_info info;
+#ifdef __arm__
+    union {
+        struct {
+            uint32_t all_image_info_addr;
+        } info_1;
+
+        struct {
+            uint32_t all_image_info_addr;
+            uint32_t all_image_info_size;
+            int32_t all_image_info_format;
+        } info32;
+
+        struct {
+            uint64_t all_image_info_addr;
+            uint64_t all_image_info_size;
+            int32_t all_image_info_format;
+        } info64;
+    } infoXX;
+
+    mach_msg_type_number_t count(sizeof(infoXX) / sizeof(natural_t));
+    _krncall(task_info(task, TASK_DYLD_INFO, reinterpret_cast<task_info_t>(&infoXX), &count));
+
+    bool broken;
+
+    switch (count) {
+        case sizeof(infoXX.info_1) / sizeof(natural_t):
+            broken = true;
+            info.all_image_info_addr = infoXX.info_1.all_image_info_addr;
+            info.all_image_info_size = 0;
+            info.all_image_info_format = TASK_DYLD_ALL_IMAGE_INFO_32;
+            break;
+        case sizeof(infoXX.info32) / sizeof(natural_t):
+            broken = true;
+            info.all_image_info_addr = infoXX.info32.all_image_info_addr;
+            info.all_image_info_size = infoXX.info32.all_image_info_size;
+            info.all_image_info_format = infoXX.info32.all_image_info_format;
+            break;
+        case sizeof(infoXX.info64) / sizeof(natural_t):
+            broken = false;
+            info.all_image_info_addr = infoXX.info64.all_image_info_addr;
+            info.all_image_info_size = infoXX.info64.all_image_info_size;
+            info.all_image_info_format = infoXX.info64.all_image_info_format;
+            break;
+        default:
+            _assert(false);
+    }
+#else
+    mach_msg_type_number_t count(TASK_DYLD_INFO_COUNT);
+    _krncall(task_info(task, TASK_DYLD_INFO, reinterpret_cast<task_info_t>(&info), &count));
+    _assert(count == TASK_DYLD_INFO_COUNT);
+#endif
+    _assert(info.all_image_info_addr != 0);
 
     thread_act_t thread;
     _krncall(thread_create(task, &thread));
 
 
     thread_act_t thread;
     _krncall(thread_create(task, &thread));
 
+    thread_state_t bottom;
     thread_state_flavor_t flavor;
     thread_state_flavor_t flavor;
-    mach_msg_type_number_t count;
-    size_t push;
+
+#if defined (__i386__) || defined(__x86_64__)
+    x86_thread_state_t state;
+    memset(&state, 0, sizeof(state));
+
+    bottom = reinterpret_cast<thread_state_t>(&state);
+    flavor = MACHINE_THREAD_STATE;
+    count = MACHINE_THREAD_STATE_COUNT;
+#elif defined(__arm__) || defined(__arm64__)
+    arm_unified_thread_state_t state;
+    memset(&state, 0, sizeof(state));
+
+    switch (info.all_image_info_format) {
+        case TASK_DYLD_ALL_IMAGE_INFO_32:
+            bottom = reinterpret_cast<thread_state_t>(&state.ts_32);
+            flavor = ARM_THREAD_STATE;
+            count = ARM_THREAD_STATE_COUNT;
+            state.ash.flavor = ARM_THREAD_STATE32;
+            break;
+        case TASK_DYLD_ALL_IMAGE_INFO_64:
+            bottom = reinterpret_cast<thread_state_t>(&state.ts_64);
+            flavor = ARM_THREAD_STATE64;
+            count = ARM_THREAD_STATE64_COUNT + 1;
+            state.ash.flavor = ARM_THREAD_STATE64;
+            break;
+        default:
+            _assert(false);
+    }
+#else
+    #error XXX: implement
+#endif
+
+    mach_msg_type_number_t read(count);
+    _krncall(thread_get_state(thread, flavor, bottom, &read));
+    _assert(read == count);
 
     Trampoline *trampoline;
 
     Trampoline *trampoline;
+    size_t align;
+    size_t push;
 
 
-#if defined(__arm__)
-    trampoline = &Trampoline_arm_;
-    arm_thread_state_t state;
-    flavor = ARM_THREAD_STATE;
-    count = ARM_THREAD_STATE_COUNT;
-    push = 0;
-#elif defined(__i386__)
-    trampoline = &Trampoline_i386_;
-    i386_thread_state_t state;
-    flavor = i386_THREAD_STATE;
-    count = i386_THREAD_STATE_COUNT;
-    push = 5;
-#elif defined(__x86_64__)
-    trampoline = &Trampoline_x86_64_;
-    x86_thread_state64_t state;
-    flavor = x86_THREAD_STATE64;
-    count = x86_THREAD_STATE64_COUNT;
-    push = 2;
+#if defined(__i386__) || defined(__x86_64__)
+    switch (state.tsh.flavor) {
+        case i386_THREAD_STATE:
+            trampoline = &Trampoline_i386_;
+            align = 4;
+            push = 5;
+            break;
+        case x86_THREAD_STATE64:
+            trampoline = &Trampoline_x86_64_;
+            align = 8;
+            push = 2;
+            break;
+        default:
+            _assert(false);
+    }
+#elif defined(__arm__) || defined(__arm64__)
+    switch (state.ash.flavor) {
+        case ARM_THREAD_STATE32:
+            trampoline = &Trampoline_armv6_;
+            align = 4;
+            push = 0;
+            break;
+        case ARM_THREAD_STATE64:
+            trampoline = &Trampoline_arm64_;
+            align = 8;
+            push = 0;
+            break;
+        default:
+            _assert(false);
+    }
 #else
     #error XXX: implement
 #endif
 
 #else
     #error XXX: implement
 #endif
 
-    vm_address_t code;
-    _krncall(vm_allocate(task, &code, trampoline->size_, true));
-    vm_write(task, code, reinterpret_cast<vm_address_t>(trampoline->data_), trampoline->size_);
-    _krncall(vm_protect(task, code, trampoline->size_, false, VM_PROT_READ | VM_PROT_EXECUTE));
+    static const size_t Stack_(8 * 1024);
+    size_t length(strlen(library) + 1), depth(sizeof(Baton) + length);
+    depth = (depth + align + 1) / align * align;
+
+    CYPool pool;
+    uint8_t *local(pool.malloc<uint8_t>(depth));
+    Baton *baton(reinterpret_cast<Baton *>(local));
+
+    baton->dyld = info.all_image_info_addr;
+    baton->pid = getpid();
+    memset(baton->error, 0, sizeof(baton->error));
+    memcpy(baton->library, library, length);
+
+    mach_vm_size_t size(depth + Stack_);
+    mach_vm_address_t stack;
+    _krncall(mach_vm_allocate(task, &stack, size, true));
+
+    mach_vm_address_t data(stack + Stack_);
+    _krncall(mach_vm_write(task, data, reinterpret_cast<mach_vm_address_t>(baton), depth));
 
 
-    /*
-    printf("_ptss:%p\n", baton->__pthread_set_self);
-    printf("dlsym:%p\n", baton->dlsym);
-    printf("code:%zx\n", (size_t) code);
-    */
+    mach_vm_address_t code;
+    _krncall(mach_vm_allocate(task, &code, trampoline->size_, true));
+    _krncall(mach_vm_write(task, code, reinterpret_cast<vm_offset_t>(trampoline->data_), trampoline->size_));
+    _krncall(mach_vm_protect(task, code, trampoline->size_, false, VM_PROT_READ | VM_PROT_EXECUTE));
 
     uint32_t frame[push];
     if (sizeof(frame) != 0)
         memset(frame, 0, sizeof(frame));
 
     uint32_t frame[push];
     if (sizeof(frame) != 0)
         memset(frame, 0, sizeof(frame));
-    memset(&state, 0, sizeof(state));
 
 
-    mach_msg_type_number_t read(count);
-    _krncall(thread_get_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), &read));
-    _assert(count == count);
-
-#if defined(__arm__)
-    state.r[0] = data;
-    state.sp = stack + Stack_;
-    state.pc = code + trampoline->entry_;
-
-    if ((state.pc & 0x1) != 0) {
-        state.pc &= ~0x1;
-        state.cpsr |= 0x20;
+#if defined(__i386__) || defined(__x86_64__)
+    switch (state.tsh.flavor) {
+        case i386_THREAD_STATE:
+            frame[1] = data;
+            state.uts.ts32.__eip = code + trampoline->entry_;
+            state.uts.ts32.__esp = stack + Stack_ - sizeof(frame);
+            break;
+        case x86_THREAD_STATE64:
+            state.uts.ts64.__rdi = data;
+            state.uts.ts64.__rip = code + trampoline->entry_;
+            state.uts.ts64.__rsp = stack + Stack_ - sizeof(frame);
+            break;
+        default:
+            _assert(false);
+    }
+#elif defined(__arm__) || defined(__arm64__)
+    switch (state.ash.flavor) {
+        case ARM_THREAD_STATE32:
+            state.ts_32.__r[0] = data;
+            state.ts_32.__pc = code + trampoline->entry_;
+            state.ts_32.__sp = stack + Stack_ - sizeof(frame);
+
+            if ((state.ts_32.__pc & 0x1) != 0) {
+                state.ts_32.__pc &= ~0x1;
+                state.ts_32.__cpsr |= 0x20;
+            }
+
+            break;
+
+        case ARM_THREAD_STATE64:
+            state.ts_64.__x[0] = data;
+            state.ts_64.__pc = code + trampoline->entry_;
+            state.ts_64.__sp = stack + Stack_ - sizeof(frame);
+            break;
+
+        default:
+            _assert(false);
     }
     }
-#elif defined(__i386__)
-    frame[1] = data;
-
-    state.__eip = code + trampoline->entry_;
-    state.__esp = stack + Stack_ - sizeof(frame);
-#elif defined(__x86_64__)
-    frame[0] = 0xdeadbeef;
-    state.__rdi = data;
-    state.__rip = code + trampoline->entry_;
-    state.__rsp = stack + Stack_ - sizeof(frame);
 #else
     #error XXX: implement
 #endif
 
     if (sizeof(frame) != 0)
 #else
     #error XXX: implement
 #endif
 
     if (sizeof(frame) != 0)
-        vm_write(task, stack + Stack_ - sizeof(frame), reinterpret_cast<vm_address_t>(frame), sizeof(frame));
+        _krncall(mach_vm_write(task, stack + Stack_ - sizeof(frame), reinterpret_cast<mach_vm_address_t>(frame), sizeof(frame)));
 
 
-    _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
+    _krncall(thread_set_state(thread, flavor, bottom, read));
     _krncall(thread_resume(thread));
 
     _krncall(thread_resume(thread));
 
+    loop: switch (kern_return_t status = thread_get_state(thread, flavor, bottom, &(read = count))) {
+        case KERN_SUCCESS:
+            usleep(10000);
+            goto loop;
+
+        case KERN_TERMINATED:
+        case MACH_SEND_INVALID_DEST:
+            break;
+
+        default:
+            _assert(false);
+    }
+
+    _krncall(mach_port_deallocate(self, thread));
+
+    mach_vm_size_t error(sizeof(baton->error));
+    _krncall(mach_vm_read_overwrite(task, data + offsetof(Baton, error), sizeof(baton->error), reinterpret_cast<mach_vm_address_t>(&baton->error), &error));
+    _assert(error == sizeof(baton->error));
+
+    if (baton->error[0] != '\0') {
+        baton->error[sizeof(baton->error) - 1] = '\0';
+        CYThrow("%s", baton->error);
+    }
+
+    _krncall(mach_vm_deallocate(task, code, trampoline->size_));
+    _krncall(mach_vm_deallocate(task, stack, size));
+
     _krncall(mach_port_deallocate(self, task));
 }
     _krncall(mach_port_deallocate(self, task));
 }
Cycript