def _handle_prctl(self, mu, option, arg2, arg3, arg4, arg5):
"""
int prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5);
See:
- https://linux.die.net/man/2/prctl
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/prctl.h
For PR_SET_VMA:
- https://android.googlesource.com/platform/bionic/+/263325d/libc/include/sys/prctl.h
- https://sourceforge.net/p/strace/mailman/message/34329772/
"""
if option == PR_SET_VMA:
# arg5 contains ptr to a name.
return 0
elif option == PR_SET_DUMPABLE:
return 0
elif option == PR_GET_NAME:
memory_helpers.write_utf8(mu, arg2, self._process_name)
return 0
elif option == PR_SET_NAME:
self._process_name = memory_helpers.read_utf8(mu, arg2)
return 0
else:
raise NotImplementedError("Unsupported prctl option %d (0x%x)" % (option, option))
def __readlinkat(self, mu, dfd, path, buf, bufsz):
path_utf8 = memory_helpers.read_utf8(mu, path)
logging.info("%x %s %x %r"%(dfd, path_utf8, buf, bufsz))
print(self._virtual_files)
pobj = pcb.get_pcb()
pid = pobj.get_pid()
path_std_utf = path_utf8.replace(str(pid), "self")
fd_base = "/proc/self/fd/"
if (path_std_utf.startswith(fd_base)):
fd_str = os.path.basename(path_std_utf)
fd = int(fd_str)
if (fd in self._virtual_files):
name = self._virtual_files[fd].name
n = len(name)
if (n <= bufsz):
memory_helpers.write_utf8(mu, buf, name)
return 0
#
else:
raise RuntimeError("buffer overflow!!!")
#
else:
raise RuntimeError("fd %d not found in opened file..."%fd)
#
else:
raise NotImplementedError()
#
return -1
def __readlinkat(self, mu, dfd, path, buf, bufsz):
path_utf8 = memory_helpers.read_utf8(mu, path)
logging.info("%x %s %x %r"%(dfd, path_utf8, buf, bufsz))
pobj = pcb.get_pcb()
pid = pobj.get_pid()
path_std_utf = path_utf8.replace(str(pid), "self")
fd_base = "/proc/self/fd/"
if (path_std_utf.startswith(fd_base)):
fd_str = os.path.basename(path_std_utf)
fd = int(fd_str)
detail = self.__pcb.get_fd_detail(fd)
name = detail.name
n = len(name)
if (n <= bufsz):
memory_helpers.write_utf8(mu, buf, name)
return 0
#
else:
raise RuntimeError("buffer overflow!!!")
#
else:
raise NotImplementedError()
#
return -1
def _setup_thread_register(self):
"""
Set up thread register.
This is currently not accurate and just filled with garbage to ensure the emulator does not crash.
https://developer.arm.com/documentation/ddi0211/k/system-control-coprocessor/system-control-coprocessor-register-descriptions/c13--thread-and-process-id-registers
"""
thread_info_size = 64
thread_info = self.memory_manager.allocate(thread_info_size * 5)
thread_info_1 = thread_info + (thread_info_size * 0)
thread_info_2 = thread_info + (thread_info_size * 1)
thread_info_3 = thread_info + (thread_info_size * 2)
thread_info_4 = thread_info + (thread_info_size * 3)
thread_info_5 = thread_info + (thread_info_size * 4)
# Thread name
write_utf8(self.mu, thread_info_5, "AndroidNativeEmu")
# R4
self.mu.mem_write(thread_info_2 + 0x4, int(thread_info_5).to_bytes(4, byteorder='little'))
self.mu.mem_write(thread_info_2 + 0xC, int(thread_info_3).to_bytes(4, byteorder='little'))
# R1
self.mu.mem_write(thread_info_1 + 0x4, int(thread_info_4).to_bytes(4, byteorder='little'))
self.mu.mem_write(thread_info_1 + 0xC, int(thread_info_2).to_bytes(4, byteorder='little'))
self.mu.reg_write(UC_ARM_REG_C13_C0_3, thread_info_1)
def system_property_get(self, uc, name_ptr, buf_ptr):
name = memory_helpers.read_utf8(uc, name_ptr)
logger.debug("Called __system_property_get(%s, 0x%x)" % (name, buf_ptr))
if name in self._emu.system_properties:
memory_helpers.write_utf8(uc, buf_ptr, self._emu.system_properties[name])
else:
raise ValueError('%s was not found in system_properties dictionary.' % name)
return None
def dladdr(self, uc, addr, info):
infos = memory_helpers.read_uints(uc, info, 4)
Dl_info = {}
nm = self._emu.native_memory
isfind = False
for mod in self._module_mgr.modules:
if mod.base <= addr < mod.base + mod.size:
dli_fname = nm.allocate(len(mod.filename) + 1)
memory_helpers.write_utf8(uc, dli_fname, mod.filename + '\x00')
memory_helpers.write_uints(uc, addr, [dli_fname, mod.base, 0, 0])
return 1
def system_property_get(self, uc, name_ptr, buf_ptr):
name = memory_helpers.read_utf8(uc, name_ptr)
logger.debug("Called __system_property_get(%s, 0x%x)" % (name, buf_ptr))
if name in self._emu.system_properties:
p = self._emu.system_properties[name]
nread = len(p)
memory_helpers.write_utf8(uc, buf_ptr, p)
return nread
else:
print ('%s was not found in system_properties dictionary.' % name)
#
return 0
def dladdr(self, uc, addr, info):
infos = memory_helpers.read_uints(uc, info, 4)
nm = self._emu.native_memory
if addr == 0:
addr = uc.reg_read(arm_const.UC_ARM_REG_PC)
# isfind = False
for mod in self._module_mgr.modules:
if mod.base <= addr < mod.base + mod.size:
dli_fname = nm.allocate(len(mod.filename) + 1)
memory_helpers.write_utf8(uc, dli_fname, mod.filename + '\x00')
memory_helpers.write_uints(uc, info,
[dli_fname, mod.base, 0, 0])
return 1
def __test_tls_common(self, emulator, libcm):
env_key_ptr = emulator.call_symbol(libcm, "malloc", 100)
memory_helpers.write_utf8(emulator.mu, env_key_ptr, "ANDROID_ROOT")
env_ptr = emulator.call_symbol(libcm, "getenv", env_key_ptr)
self.assertTrue(env_ptr!=0)
env_str = memory_helpers.read_utf8(emulator.mu, env_ptr)
emulator.call_symbol(libcm, "free", env_key_ptr)
self.assertEqual(env_str, "/system")
key_buf_ptr = emulator.call_symbol(libcm, "malloc", 100)
emulator.call_symbol(libcm, "pthread_key_create", key_buf_ptr, 0)
key = memory_helpers.read_ptr_sz(emulator.mu, key_buf_ptr, emulator.get_ptr_size())
target_int = 3000
emulator.call_symbol(libcm, "pthread_setspecific", key, target_int)
r = emulator.call_symbol(libcm, "pthread_getspecific", key)
emulator.call_symbol(libcm, "free", key_buf_ptr)
self.assertEqual(r, target_int)
def dlerror(self, mu):
logger.info("dlerror")
data = 'dlerror handler...emu,...,'
addr = self._memory.allocate(len(data))
memory_helpers.write_utf8(mu, addr, data)
return addr
