def __init__(self, address):
if address != const.NULL_PTR:
self.ip_object_object = IPCObject(address)
self.ip_messages = utils.get_8_byte_at(
address + const.IPCPortOffsets.IP_MSG.value)
self.data = utils.get_8_byte_at(address +
const.IPCPortOffsets.DATA.value)
self.kdata = utils.get_8_byte_at(address +
const.IPCPortOffsets.KDATA.value)
self.kdata2 = utils.get_8_byte_at(
address + const.IPCPortOffsets.KDATA2.value)
self.ip_context = utils.get_8_byte_at(
address + const.IPCPortOffsets.IP_CTXT.value)
four_byte_data = utils.get_4_byte_at(
address + const.IPCPortOffsets.IP_SPREQ.value)
self.ip_sprequests = (four_byte_data & (1 << 0))
self.ip_spimportant = (four_byte_data & (1 << 1))
self.ip_impdonation = (four_byte_data & (1 << 2))
self.ip_tempowner = (four_byte_data & (1 << 3))
self.ip_guarded = (four_byte_data & (1 << 4))
self.ip_strict_guard = (four_byte_data & (1 << 5))
self.ip_specialreply = (four_byte_data & (1 << 6))
self.ip_sync_link_state = (four_byte_data & (0x000001ff))
self.ip_impcount = (four_byte_data & (0xfffffe00))
self.ip_mscount = utils.get_4_byte_at(
address + const.IPCPortOffsets.IP_MSCNT.value)
self.ip_srights = utils.get_4_byte_at(
address + const.IPCPortOffsets.IP_SRIGHTS.value)
self.ip_sorights = utils.get_4_byte_at(
address + const.IPCPortOffsets.IP_SORIGHTS.value)
def __next__(self):
if self.next_thread_ptr != self.stop_contition:
self.result = Thread(self.next_thread_ptr)
if self.type == const.ThrdItrType.GLOBAL:
self.next_thread_ptr = utils.get_8_byte_at(
self.result.global_threads_ptr)
else:
self.next_thread_ptr = utils.get_8_byte_at(
self.result.curr_task_threads_ptr)
return self.result
raise StopIteration
def __iter__(self):
if self.type == const.ThrdItrType.GLOBAL:
self.next_thread_ptr = utils.get_8_byte_at(
const.GLOBAL_THREADS_PTR)
self.stop_contition = const.GLOBAL_THREADS_PTR
else:
relevant_task = Task(self.task_ptr)
self.next_thread_ptr = utils.get_8_byte_at(
relevant_task.threads_lst_ptr)
self.stop_contition = self.task_ptr + \
const.TaskOffsets.THREAD_LST_FROM_TASK.value
return self
def __init__(self, address):
if address != const.NULL_PTR:
self.io_bits = utils.get_4_byte_at(
address) # parse it from ipc_object
self.io_references = utils.get_4_byte_at(
address + const.IPCObjectOffsets.IO_REFS.value)
self.io_lock_data_1 = utils.get_8_byte_at(
address + const.IPCObjectOffsets.IO_LOCK_DATA.value)
self.io_lock_data_2 = utils.get_8_byte_at(
address + const.IPCObjectOffsets.IO_LOCK_DATA.value +
0x08) # next
else:
raise gdb.GdbError(f"Wrong pointer to IPC Object {address}")
def __init__(self, address):
if address != const.NULL_PTR:
self.io_bits = utils.get_4_byte_at(
address) # parse it from ipc_object
self.io_references = utils.get_4_byte_at(
address + const.IPCObjectOffsets.IO_REFS.value)
self.io_lock_data_1 = utils.get_8_byte_at(
address + const.IPCObjectOffsets.IO_LOCK_DATA.value)
self.io_lock_data_2 = utils.get_8_byte_at(
address + const.IPCObjectOffsets.IO_LOCK_DATA.value +
0x08) # next
self.initialized = True
else:
self.initialized = False
def __init__(self, address):
if address != const.NULL_PTR:
self.address = address
self.task_lst_ptr = address + const.TaskOffsets.TASK_NEXT.value
self.threads_lst_ptr = address + const.TaskOffsets.THREAD_LST_FROM_TASK.value
self.bsd_info_ptr = utils.get_8_byte_at(
address + const.TaskOffsets.BSD_INFO.value)
self.itk_self = utils.get_8_byte_at(
address + const.TaskOffsets.ITK_SELF.value)
self.ipc_space = utils.get_8_byte_at(
address + const.TaskOffsets.IPC_SPACE.value)
self.ipc_space_object = IPCSpace(self.ipc_space)
self.bsdinfo_object = BsdInfo(self.bsd_info_ptr)
else:
raise gdb.GdbError(f"Null pointer in {__name__}")
def get_kernel_next_pc(self):
if self.initialized is False or self.kernel_stack_ptr == const.NULL_PTR:
return const.NULL_PTR
# Get SP of thread_invoke. From Switch_context's frame
kernel_saved_state = ThreadSavedState(self.kernel_stack_ptr)
stack_ptr_thread_invoke = kernel_saved_state.sp
# we are in thread_invoke context frame.
# Look at LR and see if the next function is thread_invoke or thread_run
next_to_thread_invoke = utils.get_8_byte_at(
stack_ptr_thread_invoke +
const.NextPcHelpOffsets.STORED_LR_IN_THREAD_INVOKE_FRAME.value)
if next_to_thread_invoke == const.NextPcHelpOffsets.NEXT_IN_THREAD_RUN.value:
# we came to thread invoke from thread_run.
# The next LR will point to the function that we want
kernel_next_pc = utils.get_8_byte_at(
stack_ptr_thread_invoke +
const.NextPcHelpOffsets.THREAD_INVOKE_FRAME_SIZE.value + 0x38)
elif next_to_thread_invoke == const.NextPcHelpOffsets.NEXT_IN_THREAD_BLOCK.value:
# we came to thread invoke from thread_block.
# The next LR will point to the function that we want or to exception return
kernel_next_pc = utils.get_8_byte_at(
stack_ptr_thread_invoke +
const.NextPcHelpOffsets.THREAD_INVOKE_FRAME_SIZE.value + 0x48)
else:
gdb.write(
f"Something went wrong for thread {hex(self.address)} "
f"with getting the next pc, maybe in a middle of thread's "
f"create/exit")
return const.NULL_PTR
# Now we can check whether the next running function is exception_return.
# If so, we need to go one more frame further
if kernel_next_pc == const.NextPcHelpOffsets.EXEPTION_RETURN_PTR.value:
# From the kernel code (Switch_context) we know that the pointer to
# saved state is stored in x21
next_x21_ptr = utils.get_8_byte_at(
stack_ptr_thread_invoke +
const.NextPcHelpOffsets.THREAD_INVOKE_FRAME_SIZE.value +
const.NextPcHelpOffsets.X21_IN_THREAD_INVOKE_FRAME.value)
if next_x21_ptr == const.NULL_PTR:
return const.NULL_PTR
saved_state_exception_return = ThreadSavedState(next_x21_ptr)
# now we have the saved state we can get the PC
pc_from_saved_state = saved_state_exception_return.pc
kernel_next_pc = pc_from_saved_state
return kernel_next_pc
def __init__(self, address):
if address != const.NULL_PTR:
self.address = address
self.task_lst_ptr = address + const.TaskOffsets.TASK_NEXT.value
self.threads_lst_ptr = address + const.TaskOffsets.THREAD_LST_FROM_TASK.value
self.bsd_info_ptr = utils.get_8_byte_at(
address + const.TaskOffsets.BSD_INFO.value)
self.itk_self = utils.get_8_byte_at(
address + const.TaskOffsets.ITK_SELF.value)
self.ipc_space = utils.get_8_byte_at(
address + const.TaskOffsets.IPC_SPACE.value)
self.ipc_space_object = IPCSpace(self.ipc_space)
self.bsdinfo_object = BsdInfo(self.bsd_info_ptr)
self.initialized = True
else:
self.initialized = False
def __init__(self, address):
if address != const.NULL_PTR:
self.iv_hash = utils.get_8_byte_at(address)
self.iv_sum = utils.get_8_byte_at(address + 0x04)
self.iv_refs = utils.get_8_byte_at(address + 0x08)
self.iv_table_size = utils.get_8_byte_at(address + 0x0c)
self.iv_inline_table = utils.get_8_byte_at(address + 0x10)
self.iv_table = utils.get_8_byte_at(address + 0x30)
self.iv_port = utils.get_8_byte_at(address + 0x38)
self.iv_hash_link = utils.get_8_byte_at(address + 0x40)
def __init__(self, address):
if address != const.NULL_PTR:
self.is_table = utils.get_8_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE.value)
self.is_table_size = utils.get_4_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE_SIZE.value)
self.is_table_free = utils.get_4_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE_FREE.value)
else:
raise gdb.GdbError(f"Null pointer for {__name__}")
def __init__(self, address):
if address != const.NULL_PTR:
self.is_table = utils.get_8_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE.value)
self.is_table_size = utils.get_4_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE_SIZE.value)
self.is_table_free = utils.get_4_byte_at(
address + const.IPCSpaceOffsets.IS_TABLE_FREE.value)
self.initialized = True
else:
self.initialized = False
def __init__(self, address):
if address != const.NULL_PTR:
self.address = address
self.task_ptr = utils.get_8_byte_at(address +
const.ThreadOffsets.TASK.value)
self.tid = utils.get_8_byte_at(address +
const.ThreadOffsets.THREAD_ID.value)
self.continuation = utils.get_8_byte_at(
address + const.ThreadOffsets.CONTINUATION.value)
self.global_threads_ptr = address + const.ThreadOffsets.GLOBAL_THREADS.value
self.curr_task_threads_ptr = address + const.ThreadOffsets.TASK_THREADS.value
self.ucontext_data = utils.get_8_byte_at(
address + const.ThreadOffsets.CONTEXT_USER_DATA_PTR.value)
self.kernel_stack_ptr = utils.get_8_byte_at(
address + const.ThreadOffsets.KSTACK_PTR.value)
self.voucher_ptr = utils.get_8_byte_at(
address + const.ThreadOffsets.VOUCHER_PTR.value)
# Meta Data
self.next_pc = const.NULL_PTR
if self.is_currect():
self.next_pc = utils.print_val('$pc')
elif self.ucontext_data != const.NULL_PTR:
user_saved_state = ThreadSavedState(self.ucontext_data)
self.next_pc = user_saved_state.pc
elif self.kernel_stack_ptr != const.NULL_PTR:
self.next_pc = self.get_kernel_next_pc()
self.task_object = Task(self.task_ptr)
else:
raise gdb.GdbError(f"Null pointer in {__name__}")
def __init__(self, address):
if address != const.NULL_PTR:
self.address = address
self.ie_object = utils.get_8_byte_at(address)
self.ie_bits = utils.get_4_byte_at(
address + const.IPCEntryOffsets.IE_BITS.value)
self.ie_index = utils.get_4_byte_at(
address + const.IPCEntryOffsets.IE_INDEX.value)
self.index = utils.get_4_byte_at(address +
const.IPCEntryOffsets.INDEX.value)
if self.ie_object:
self.ie_object_object = IPCObject(self.ie_object)
else:
raise gdb.GdbError(f"Wrong pointer to IPC Entry {address}")
def __init__(self, address):
if address != const.NULL_PTR:
self.address = address
self.ie_object = utils.get_8_byte_at(address)
self.ie_bits = utils.get_4_byte_at(
address + const.IPCEntryOffsets.IE_BITS.value)
self.ie_index = utils.get_4_byte_at(
address + const.IPCEntryOffsets.IE_INDEX.value)
self.index = utils.get_4_byte_at(address +
const.IPCEntryOffsets.INDEX.value)
if self.ie_object:
self.ie_object_object = IPCObject(self.ie_object)
self.initialized = True
else:
self.initialized = False
def __init__(self, addr):
# TODO: support more versions
self.offsets = StructZone.struct_offsets_16B92
self.globals = StructZone.zone_globals_16B92
self.addr = addr
self.cur_size = utils.get_8_byte_at(addr + self.offsets["cur_size"])
self.max_size = utils.get_8_byte_at(addr + self.offsets["max_size"])
self.elem_size = utils.get_8_byte_at(addr + self.offsets["elem_size"])
self.alloc_size = utils.get_8_byte_at(addr +
self.offsets["alloc_size"])
self.page_count = utils.get_8_byte_at(addr +
self.offsets["page_count"])
self.sum_count = utils.get_8_byte_at(addr + self.offsets["sum_count"])
self.flags = utils.get_4_byte_at(addr + self.offsets["flags"])
self.index = utils.get_4_byte_at(addr + self.offsets["index"])
name_ptr = utils.get_8_byte_at(addr + self.offsets["zone_name"])
self.zone_name = utils.get_string_at(name_ptr)
def __next__(self):
if self.next_task_ptr != self.stop_contition:
self.result = Task(self.next_task_ptr)
self.next_task_ptr = utils.get_8_byte_at(self.result.task_lst_ptr)
return self.result
raise StopIteration
def __init__(self):
self.stop_contition = const.GLOBAL_TASKS_PTR
self.next_task_ptr = utils.get_8_byte_at(const.GLOBAL_TASKS_PTR)
self.result = None
def is_valid_ptr(ptr):
try:
utils.get_8_byte_at(ptr)
return True
except Exception:
raise gdb.GdbError(f"Wrong pointer! {hex(ptr)}")
def is_in_kernel_space():
try:
utils.get_8_byte_at(const.GLOBAL_TASKS_PTR)
return True
except Exception:
return False
def get_current_task_ptr():
try:
address = utils.print_val(const.CURRENT_THREAD)
return utils.get_8_byte_at(address + const.ThreadOffsets.TASK.value)
except Exception:
raise gdb.GdbError(f"Error occured, maybe in user land?")
def __init__(self, address):
if address != const.NULL_PTR:
address += 0x08 # skip arm_state_hdr_t ash at arm_saved_state
self._x0 = utils.get_8_byte_at(address)
self._x1 = utils.get_8_byte_at(address + 0x08)
self._x2 = utils.get_8_byte_at(address + 0x10)
self._x3 = utils.get_8_byte_at(address + 0x18)
self._x4 = utils.get_8_byte_at(address + 0x20)
self._x5 = utils.get_8_byte_at(address + 0x28)
self._x6 = utils.get_8_byte_at(address + 0x30)
self._x7 = utils.get_8_byte_at(address + 0x38)
self._x8 = utils.get_8_byte_at(address + 0x40)
self._x9 = utils.get_8_byte_at(address + 0x48)
self._x10 = utils.get_8_byte_at(address + 0x50)
self._x11 = utils.get_8_byte_at(address + 0x58)
self._x12 = utils.get_8_byte_at(address + 0x60)
self._x13 = utils.get_8_byte_at(address + 0x68)
self._x14 = utils.get_8_byte_at(address + 0x70)
self._x15 = utils.get_8_byte_at(address + 0x78)
self._x16 = utils.get_8_byte_at(address + 0x80)
self._x17 = utils.get_8_byte_at(address + 0x88)
self._x18 = utils.get_8_byte_at(address + 0x90)
self._x19 = utils.get_8_byte_at(address + 0x98)
self._x20 = utils.get_8_byte_at(address + 0xa0)
self._x21 = utils.get_8_byte_at(address + 0xa8)
self._x22 = utils.get_8_byte_at(address + 0xb0)
self._x23 = utils.get_8_byte_at(address + 0xb8)
self._x24 = utils.get_8_byte_at(address + 0xc0)
self._x25 = utils.get_8_byte_at(address + 0xc8)
self._x26 = utils.get_8_byte_at(address + 0xd0)
self._x27 = utils.get_8_byte_at(address + 0xd8)
self._x28 = utils.get_8_byte_at(address + 0xe0)
self._fp = utils.get_8_byte_at(address + 0xe8)
self._lr = utils.get_8_byte_at(address + 0xf0)
self.sp = utils.get_8_byte_at(address + 0xf8)
self.pc = utils.get_8_byte_at(address + 0x100)
self._cpsr = utils.get_4_byte_at(address + 0x108)
self._reserved = utils.get_4_byte_at(address + 0x10c)
self._far = utils.get_8_byte_at(address + 0x110)
self._esr = utils.get_4_byte_at(address + 0x118)
self._exception = utils.get_4_byte_at(address + 0x11c)
