def get_threadcontrol(self, cpu, addr):
if addr == 0:
return False
data = gca.target_memory_read(cpu, addr, 5 * 4 + 4)
tc = unpack("IIIIII", data)
reg = gca.target_memory_read(cpu, addr + 0xD0, 6 * 4)
reg_fp_data = gca.target_memory_read(cpu, addr + 0xE8, 4)
reg_fp_ptr = unpack_int(reg_fp_data)
out = {
"id": tc[2],
"name": data[15:11:-1],
"current_state": tc[4],
"registers": {
"eflags": reg[0:4],
"esp": reg[4:8],
"ebp": reg[8:12],
"ebx": reg[12:16],
"esi": reg[16:20],
"edi": reg[20:24],
},
"registers_fp": reg_fp_ptr,
}
return out
def get_thread_registers(self, cpu, tid):
thread = self.thread_list[tid]
t_regs = thread["registers"]
# FIXME: this is probably wrong eip
t_regs["eip"] = gca.target_memory_read(cpu, unpack_int(t_regs["esp"]), 4)
# fp working regs
# TODO: add missing fp regs, are they even preserved??!
if thread["registers_fp"] != 0:
for i in range(0, 8):
t_regs["fp%d" % i] = gca.target_memory_read(cpu, thread["registers_fp"] + i * 10, 10)
return self._target_cpu.get_gdb_regs(t_regs)
def get_objectcontrol(self, cpu, addr):
data = gca.target_memory_read(cpu, addr, 4 * 4)
oc = unpack("IIII", data)
out = {"next": oc[0], "prev": oc[1], "id": oc[2], "name": data[15:11:-1]}
return out
def get_objectinfo(self, cpu, addr):
data = gca.target_memory_read(cpu, addr, 64)
api = unpack("I", data[:4])[0]
clas = unpack("H", data[4:6])[0]
maximum = unpack("H", data[16:18])[0]
# allocation_size = unpack("H", data[22:24])[0]
# size = unpack("I", data[24:28])[0]
local_table = unpack("I", data[28:32])[0]
out = {"api": api, "class": clas, "maximum": maximum, "local_table": local_table}
return out
def read_table(cpu, ptr, cnt, payload_type = "I"): table = [] payload_size = calcsize(payload_type) for i in range(0, cnt): raw = gca.target_memory_read(cpu, ptr + i * payload_size, payload_size) data = unpack(payload_type, raw) if len(data) == 1: data = data[0] table.append(data) return table
def read_linkedlist(cpu, ptr, payload_type = "I"): table = [] payload_size = calcsize(payload_type) addr = ptr while addr > 0: raw = gca.target_memory_read(cpu, addr, 4 + payload_size) addr = unpack_int(raw[:4]) payload = unpack(payload_type, raw[4:]) if len(payload) == 1: payload = payload[0] table.append(payload) return table
def deref_ptr(cpu, ptr, t = "I"): size = calcsize(t) ptr_data = gca.target_memory_read(cpu, ptr, size) data = unpack(t, ptr_data)[0] return data
def thread_mem_read(cpu, tid, addr, length): return gca.target_memory_read(cpu, addr, length)