X-Git-Url: https://git.saurik.com/cycript.git/blobdiff_plain/bb1c419ccbc0db9f1f4cec0c7d0602871be33018..c30687a7155e8c96310eaddd8213f6d3a69cab0e:/Mach/Inject.cpp

diff --git a/Mach/Inject.cpp b/Mach/Inject.cpp
index 6eb9dad..bd7fba8 100644
--- a/Mach/Inject.cpp
+++ b/Mach/Inject.cpp
@@ -1,3 +1,42 @@
+/* Cycript - Inlining/Optimizing JavaScript Compiler
+ * Copyright (C) 2009  Jay Freeman (saurik)
+*/
+
+/* Modified BSD License {{{ */
+/*
+ *        Redistribution and use in source and binary
+ * forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the
+ *    above copyright notice, this list of conditions
+ *    and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the
+ *    above copyright notice, this list of conditions
+ *    and the following disclaimer in the documentation
+ *    and/or other materials provided with the
+ *    distribution.
+ * 3. The name of the author may not be used to endorse
+ *    or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+/* }}} */
+
 #include <dlfcn.h>
 #include <mach/mach.h>
 
@@ -14,15 +53,16 @@ extern "C" {
 #include "Pooling.hpp"
 #include "Trampoline.t.hpp"
 
-extern "C" void _pthread_set_self(pthread_t);
+extern "C" void __pthread_set_self(pthread_t);
 
 template <typename Type_>
 static void nlset(Type_ &function, struct nlist *nl, size_t index) {
     struct nlist &name(nl[index]);
     uintptr_t value(name.n_value);
+    _assert(value != 0);
     if ((name.n_desc & N_ARM_THUMB_DEF) != 0)
         value |= 0x00000001;
-    function = reinterpret_cast<Type_>(value);
+    function = value;
 }
 
 void InjectLibrary(pid_t pid) {
@@ -37,12 +77,18 @@ void InjectLibrary(pid_t pid) {
     uint8_t *local(reinterpret_cast<uint8_t *>(apr_palloc(pool, depth)));
     Baton *baton(reinterpret_cast<Baton *>(local));
 
-    struct nlist nl[2];
+    uintptr_t set_self_internal;
+    uintptr_t set_self_external;
+
+    struct nlist nl[3];
     memset(nl, 0, sizeof(nl));
     nl[0].n_un.n_name = (char *) "__pthread_set_self";
+    nl[1].n_un.n_name = (char *) "___pthread_set_self";
     nlist("/usr/lib/libSystem.B.dylib", nl);
-    nlset(baton->_pthread_set_self, nl, 0);
-    _assert(baton->_pthread_set_self != NULL);
+    nlset(set_self_internal, nl, 0);
+    nlset(set_self_external, nl, 1);
+
+    baton->_pthread_set_self = reinterpret_cast<void (*)(pthread_t)>(reinterpret_cast<uintptr_t>(&__pthread_set_self) - set_self_external + set_self_internal);
 
     baton->pthread_create = &pthread_create;
     baton->pthread_join = &pthread_join;
@@ -61,9 +107,10 @@ void InjectLibrary(pid_t pid) {
     mach_port_t self(mach_task_self()), task;
     _krncall(task_for_pid(self, pid, &task));
 
-    vm_address_t data;
-    _krncall(vm_allocate(task, &data, size, true));
-    vm_address_t stack(data + depth);
+    vm_address_t stack;
+    _krncall(vm_allocate(task, &stack, size, true));
+    vm_address_t data(stack + Stack_);
+
     vm_write(task, data, reinterpret_cast<vm_address_t>(baton), depth);
 
     vm_address_t code;
@@ -76,15 +123,26 @@ void InjectLibrary(pid_t pid) {
 
     thread_state_flavor_t flavor;
     mach_msg_type_number_t count;
+    size_t push;
 
 #if defined(__arm__)
     arm_thread_state_t state;
     flavor = ARM_THREAD_STATE;
     count = ARM_THREAD_STATE_COUNT;
+    push = 0;
+#elif defined(__i386__) || defined(__x86_64__)
+    i386_thread_state_t state;
+    flavor = i386_THREAD_STATE;
+    count = i386_THREAD_STATE_COUNT;
+    push = 5;
 #else
     #error XXX: implement
 #endif
 
+    uintptr_t frame[push];
+    if (sizeof(frame) != 0)
+        memset(frame, 0, sizeof(frame));
+
     memset(&state, 0, sizeof(state));
 
     mach_msg_type_number_t read(count);
@@ -93,7 +151,6 @@ void InjectLibrary(pid_t pid) {
 
 #if defined(__arm__)
     state.r[0] = data;
-    state.r[1] = RTLD_LAZY | RTLD_GLOBAL;
     state.sp = stack + Stack_;
     state.pc = code;
 
@@ -101,10 +158,19 @@ void InjectLibrary(pid_t pid) {
         state.pc &= ~0x1;
         state.cpsr |= 0x20;
     }
+#elif defined(__i386__) || defined(__x86_64__)
+    frame[0] = 0;
+    frame[1] = data;
+
+    state.__eip = code;
+    state.__esp = stack + Stack_ - sizeof(frame);
 #else
     #error XXX: implement
 #endif
 
+    if (sizeof(frame) != 0)
+        vm_write(task, stack + Stack_ - sizeof(frame), reinterpret_cast<vm_address_t>(frame), sizeof(frame));
+
     _krncall(thread_set_state(thread, flavor, reinterpret_cast<thread_state_t>(&state), count));
     _krncall(thread_resume(thread));