]> git.saurik.com Git - cycript.git/blobdiff - Mach/Inject.cpp
projects / cycript.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added runloop detection support, ported Handler back to the iPhone, setup RunLoop...
[cycript.git] / Mach / Inject.cpp
diff --git a/Mach/Inject.cpp b/Mach/Inject.cpp
index ca1f07cfab097935bc6849c0ff81ae4970b4ae4f..6eb9dad11246bc8d71bdc8652a275f031e6413b2 100644 (file)
--- a/Mach/Inject.cpp
+++ b/Mach/Inject.cpp
@@ -7,6 +7,7 @@ extern "C" {
 
 #include <cstdio>
 #include <pthread.h>
+#include <unistd.h>
 
 #include "Baton.hpp"
 #include "Exception.hpp"
@@ -25,7 +26,8 @@ static void nlset(Type_ &function, struct nlist *nl, size_t index) {
 }
 
 void InjectLibrary(pid_t pid) {
-    const char *library("/Library/MobileSubstrate/DynamicLibraries/Cycript.dylib");
+    // XXX: break this into the build environment
+    const char *library("/usr/lib/libcycript.dylib");
 
     static const size_t Stack_(8 * 1024);
     size_t length(strlen(library) + 1), depth(sizeof(Baton) + length);
@@ -33,20 +35,26 @@ void InjectLibrary(pid_t pid) {
 
     CYPool pool;
     uint8_t *local(reinterpret_cast<uint8_t *>(apr_palloc(pool, depth)));
-
     Baton *baton(reinterpret_cast<Baton *>(local));
-    baton->pthread_create = &pthread_create;
-    baton->pthread_detach = &pthread_detach;
-    baton->dlopen = &dlopen;
-    baton->mach_thread_self = &mach_thread_self;
-    baton->thread_terminate = &thread_terminate;
-    memcpy(baton->library, library, length);
 
     struct nlist nl[2];
     memset(nl, 0, sizeof(nl));
     nl[0].n_un.n_name = (char *) "__pthread_set_self";
     nlist("/usr/lib/libSystem.B.dylib", nl);
     nlset(baton->_pthread_set_self, nl, 0);
+    _assert(baton->_pthread_set_self != NULL);
+
+    baton->pthread_create = &pthread_create;
+    baton->pthread_join = &pthread_join;
+
+    baton->dlopen = &dlopen;
+    baton->dlsym = &dlsym;
+
+    baton->mach_thread_self = &mach_thread_self;
+    baton->thread_terminate = &thread_terminate;
+
+    baton->pid = getpid();
+    memcpy(baton->library, library, length);
 
     vm_size_t size(depth + Stack_);
 
@@ -71,14 +79,19 @@ void InjectLibrary(pid_t pid) {
 
 #if defined(__arm__)
     arm_thread_state_t state;
-    memset(&state, 0, sizeof(state));
-
     flavor = ARM_THREAD_STATE;
     count = ARM_THREAD_STATE_COUNT;
+#else
+    #error XXX: implement
+#endif
 
-    _krncall(thread_get_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), &count));
-    _assert(count == ARM_THREAD_STATE_COUNT);
+    memset(&state, 0, sizeof(state));
 
+    mach_msg_type_number_t read(count);
+    _krncall(thread_get_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), &read));
+    _assert(count == count);
+
+#if defined(__arm__)
     state.r[0] = data;
     state.r[1] = RTLD_LAZY | RTLD_GLOBAL;
     state.sp = stack + Stack_;
@@ -88,15 +101,12 @@ void InjectLibrary(pid_t pid) {
         state.pc &= ~0x1;
         state.cpsr |= 0x20;
     }
-
-    _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
 #else
     #error XXX: implement
 #endif
 
+    _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
     _krncall(thread_resume(thread));
 
-    //_krncall(thread_create_running(task, flavor, reinterpret_cast<thread_state_t>(&state), count, &thread));
-
-    //_krncall(mach_port_deallocate(self, task));
+    _krncall(mach_port_deallocate(self, task));
 }
Cycript