def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for proc in data:
for th in proc.threads():
func_addr = th.continuation
(module,
handler_sym) = common.get_handler_name(kaddr_info, func_addr)
if handler_sym:
handler = handler_sym
elif module:
handler = module
else:
handler = proc.find_map_path(func_addr)
yield (
0,
[
int(proc.p_pid),
str(proc.p_comm),
str(th.start_time()),
int(th.sched_pri),
Address(func_addr),
str(handler),
],
)
def render_text(self, outfd, data):
common.set_plugin_members(self)
self.table_header(outfd, [
("PID", "8"),
("Name", "16"),
("Start Time", "32"),
("Priority", "6"),
("Start Function", "[addrpad]"),
("Function Map", ""),
])
kaddr_info = common.get_handler_name_addrs(self)
for proc in data:
for th in proc.threads():
func_addr = th.continuation
(module,
handler_sym) = common.get_handler_name(kaddr_info, func_addr)
if handler_sym:
handler = handler_sym
elif module:
handler = module
else:
handler = proc.find_map_path(func_addr)
self.table_row(outfd, proc.p_pid, proc.p_comm, th.start_time(),
th.priority, func_addr, handler)
def render_text(self, outfd, data):
common.set_plugin_members(self)
self.table_header(outfd, [("PID","8"),
("Name", "16"),
("Start Time", "32"),
("Priority", "6"),
("Start Function", "[addrpad]"),
("Function Map", ""),
])
kaddr_info = common.get_handler_name_addrs(self)
for proc in data:
for th in proc.threads():
func_addr = th.continuation
(module, handler_sym) = common.get_handler_name(kaddr_info, func_addr)
if handler_sym:
handler = handler_sym
elif module:
handler = module
else:
handler = proc.find_map_path(func_addr)
self.table_row(outfd, proc.p_pid, proc.p_comm,
th.start_time(),
th.sched_pri,
func_addr, handler)
def render_text(self, outfd, data):
common.set_plugin_members(self)
self.table_header(
outfd,
[
("Offset", "[addrpad]"),
("Scope", "24"),
("IData", "[addrpad]"),
("Callback Addr", "[addrpad]"),
("Callback Mod", "24"),
("Callback Sym", ""),
],
)
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
scope_name = scope.ks_identifier
for ls in scope.listeners():
cb = ls.kll_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
self.table_row(
outfd,
ls.v(),
scope_name,
ls.kll_idata,
cb,
module,
handler_sym,
)
def calculate(self):
common.set_plugin_members(self)
kaddr_info = common.get_handler_name_addrs(self)
dict_ptr_addr = common.get_cpp_sym("sAllClassesDict",
self.addr_space.profile)
dict_addr = obj.Object("unsigned long",
offset=dict_ptr_addr,
vm=self.addr_space)
fdict = obj.Object(self._struct_or_class("OSDictionary"),
offset=dict_addr.v(),
vm=self.addr_space)
ents = obj.Object('Array',
offset=fdict.dictionary,
vm=self.addr_space,
targetType=self._struct_or_class("dictEntry"),
count=fdict.count)
for ent in ents:
if ent == None or not ent.is_valid():
continue
class_name = str(
ent.key.dereference_as(self._struct_or_class("OSString")))
osmeta = obj.Object(self._struct_or_class("OSMetaClass"),
offset=ent.value.v(),
vm=self.addr_space)
cname = str(
osmeta.className.dereference_as(
self._struct_or_class("OSString")))
offset = 0
if hasattr(osmeta, "metaClass"):
arr_start = osmeta.metaClass.v()
else:
arr_start = obj.Object("Pointer",
offset=osmeta.obj_offset,
vm=self.addr_space)
vptr = obj.Object("unsigned long",
offset=arr_start,
vm=self.addr_space)
while vptr != 0:
(module,
handler_sym) = common.get_handler_name(kaddr_info, vptr)
yield (cname, vptr, module, handler_sym)
offset = offset + vptr.size()
vptr = obj.Object("unsigned long",
offset=arr_start + offset,
vm=self.addr_space)
def calculate(self):
common.set_plugin_members(self)
kaddr_info = common.get_handler_name_addrs(self)
funcs = [self._walk_opv_desc, self._walk_vfstbllist]
for func in funcs:
for (vfs_ptr, name, ptr, module, handler_sym) in func(kaddr_info):
yield (vfs_ptr, name, ptr, module, handler_sym)
def calculate(self):
common.set_plugin_members(self)
kaddr_info = common.get_handler_name_addrs(self)
funcs = [self._walk_opv_desc, self._walk_vfstbllist]
for func in funcs:
for (vfs_ptr, name, ptr, module, handler_sym) in func(kaddr_info):
yield (vfs_ptr, name, ptr, module, handler_sym)
def calculate(self):
common.set_plugin_members(self)
global kaddr_info
kaddr_info = common.get_handler_name_addrs(self)
regroot_addr = common.get_cpp_sym("gRegistryRoot", self.addr_space.profile)
p = obj.Object("Pointer", offset = regroot_addr, vm = self.addr_space)
for key, handler, module, handler_sym in self.walk_reg_entry(p):
yield key, handler, module, handler_sym
def calculate(self):
common.set_plugin_members(self)
global kaddr_info
kaddr_info = common.get_handler_name_addrs(self)
regroot_addr = common.get_cpp_sym("gRegistryRoot",
self.addr_space.profile)
p = obj.Object("Pointer", offset=regroot_addr, vm=self.addr_space)
for key, handler, module, handler_sym in self.walk_reg_entry(p):
yield key, handler, module, handler_sym
def calculate(self):
common.set_plugin_members(self)
nchrdev_addr = self.addr_space.profile.get_symbol("_nchrdev")
nchrdev = obj.Object("unsigned int",
offset=nchrdev_addr,
vm=self.addr_space)
cdevsw_addr = self.addr_space.profile.get_symbol("_cdevsw")
cdevsw = obj.Object(
theType="Array",
targetType="cdevsw",
offset=cdevsw_addr,
vm=self.addr_space,
count=nchrdev,
)
kaddr_info = common.get_handler_name_addrs(self)
op_members = list(
self.profile.types['cdevsw'].keywords["members"].keys())
op_members.remove('d_ttys')
op_members.remove('d_type')
files = mac_list_files.mac_list_files(self._config).calculate()
for vnode, path in files:
if vnode.v_type.v() not in [3, 4]:
continue
if path.startswith("/Macintosh HD"):
path = path[13:]
dn = vnode.v_data.dereference_as("devnode")
dev = dn.dn_typeinfo.dev
major = (dev >> 24) & 0xFF
if not (0 <= major <= nchrdev):
continue
cdev = cdevsw[major]
for member in op_members:
ptr = cdev.__getattr__(member).v()
if ptr != 0:
(module,
handler_sym) = common.get_handler_name(kaddr_info, ptr)
yield (cdev.v(), path, member, ptr, module, handler_sym)
def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
cb = scope.ks_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
yield(0, [
Address(scope.v()),
str(scope.ks_identifier),
Address(scope.ks_idata),
int(len([l for l in scope.listeners()])),
Address(cb),
str(module),
str(handler_sym),
])
def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
cb = scope.ks_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
yield (0, [
Address(scope.v()),
str(scope.ks_identifier),
Address(scope.ks_idata),
str(len([l for l in scope.listeners()])),
Address(cb),
str(module),
str(handler_sym),
])
def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
scope_name = scope.ks_identifier
for ls in scope.listeners():
cb = ls.kll_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
yield(0, [
Address(ls.v()),
str(scope_name),
Address(ls.kll_idata),
Address(cb),
str(module),
str(handler_sym),
])
def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
scope_name = scope.ks_identifier
for ls in scope.listeners():
cb = ls.kll_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
yield (0, [
Address(ls.v()),
str(scope_name),
Address(ls.kll_idata),
Address(cb),
str(module),
str(handler_sym),
])
def calculate(self):
common.set_plugin_members(self)
kaddr_info = common.get_handler_name_addrs(self)
real_ncpus = obj.Object("int", offset = self.addr_space.profile.get_symbol("_real_ncpus"), vm = self.addr_space)
ptr = self.addr_space.profile.get_symbol("_cpu_data_ptr")
cpu_data_ptrs = obj.Object(theType = 'Array', offset = ptr, vm = self.addr_space, targetType = "unsigned long long", count = real_ncpus)
for i in range(real_ncpus):
cpu_data = obj.Object('cpu_data', offset = cpu_data_ptrs[i], vm = self.addr_space)
c = cpu_data.rtclock_timer
q = c.queue
ent = q.head.next
first = ent
seen = {}
while ent.is_valid():
seen[ent.v()] = 1
timer = obj.Object("call_entry", offset = ent.v(), vm = self.addr_space)
func = timer.func.v()
if func < 0x1000 or func == 0xffffffff00000000:
break
(module, handler_sym) = common.get_handler_name(kaddr_info, func)
if hasattr(timer, "entry_time"):
entry_time = timer.entry_time.v()
else:
entry_time = -1
yield func, timer.param0, timer.param1, timer.deadline, entry_time, module, handler_sym
ent = timer.q_link.next
if ent == first or ent.v() in seen:
break
def render_text(self, outfd, data):
common.set_plugin_members(self)
self.table_header(outfd, [("Offset", "[addrpad]"),
("Scope", "24"),
("IData", "[addrpad]"),
("Callback Addr", "[addrpad]"),
("Callback Mod", "24"),
("Callback Sym", ""),])
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
scope_name = scope.ks_identifier
for ls in scope.listeners():
cb = ls.kll_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
self.table_row(outfd, ls.v(), scope_name, ls.kll_idata, cb, module, handler_sym)
def calculate(self):
common.set_plugin_members(self)
kaddr_info = common.get_handler_name_addrs(self)
dict_ptr_addr = common.get_cpp_sym("sAllClassesDict", self.addr_space.profile)
dict_addr = obj.Object("unsigned long", offset = dict_ptr_addr, vm = self.addr_space)
fdict = obj.Object(self._struct_or_class("OSDictionary"), offset = dict_addr.v(), vm = self.addr_space)
ents = obj.Object('Array', offset = fdict.dictionary,
vm = self.addr_space,
targetType = self._struct_or_class("dictEntry"),
count = fdict.count)
for ent in ents:
if ent == None or not ent.is_valid():
continue
class_name = str(ent.key.dereference_as(self._struct_or_class("OSString")))
osmeta = obj.Object(self._struct_or_class("OSMetaClass"), offset = ent.value.v(), vm = self.addr_space)
cname = str(osmeta.className.dereference_as(self._struct_or_class("OSString")))
offset = 0
if hasattr(osmeta, "metaClass"):
arr_start = osmeta.metaClass.v()
else:
arr_start = obj.Object("Pointer", offset = osmeta.obj_offset, vm = self.addr_space)
vptr = obj.Object("unsigned long", offset = arr_start, vm = self.addr_space)
while vptr != 0:
(module, handler_sym) = common.get_handler_name(kaddr_info, vptr)
yield (cname, vptr, module, handler_sym)
offset = offset + vptr.size()
vptr = obj.Object("unsigned long", offset = arr_start + offset, vm = self.addr_space)
def calculate(self):
common.set_plugin_members(self)
nchrdev_addr = self.addr_space.profile.get_symbol("_nchrdev")
nchrdev = obj.Object("unsigned int", offset = nchrdev_addr, vm = self.addr_space)
cdevsw_addr = self.addr_space.profile.get_symbol("_cdevsw")
cdevsw = obj.Object(theType = "Array", targetType = "cdevsw", offset = cdevsw_addr, vm = self.addr_space, count = nchrdev)
kaddr_info = common.get_handler_name_addrs(self)
op_members = self.profile.types['cdevsw'].keywords["members"].keys()
op_members.remove('d_ttys')
op_members.remove('d_type')
files = mac_list_files.mac_list_files(self._config).calculate()
for vnode, path in files:
if vnode.v_type.v() not in [3, 4]:
continue
if path.startswith("/Macintosh HD"):
path = path[13:]
dn = vnode.v_data.dereference_as("devnode")
dev = dn.dn_typeinfo.dev
major = (dev >> 24) & 0xff
if not (0 <= major <= nchrdev):
continue
cdev = cdevsw[major]
for member in op_members:
ptr = cdev.__getattr__(member).v()
if ptr != 0:
(module, handler_sym) = common.get_handler_name(kaddr_info, ptr)
yield (cdev.v(), path, member, ptr, module, handler_sym)
def render_text(self, outfd, data):
common.set_plugin_members(self)
self.table_header(outfd, [("Offset", "[addrpad]"),
("Name", "24"),
("IData", "[addrpad]"),
("Listeners", "5"),
("Callback Addr", "[addrpad]"),
("Callback Mod", "24"),
("Callback Sym", ""),])
kaddr_info = common.get_handler_name_addrs(self)
for scope in data:
cb = scope.ks_callback.v()
(module, handler_sym) = common.get_handler_name(kaddr_info, cb)
self.table_row(outfd, scope.v(),
scope.ks_identifier,
scope.ks_idata,
len([l for l in scope.listeners()]),
cb, module, handler_sym)
def generator(self, data):
kaddr_info = common.get_handler_name_addrs(self)
for proc in data:
for th in proc.threads():
func_addr = th.continuation
(module, handler_sym) = common.get_handler_name(kaddr_info, func_addr)
if handler_sym:
handler = handler_sym
elif module:
handler = module
else:
handler = proc.find_map_path(func_addr)
yield(0, [
int(proc.p_pid),
str(proc.p_comm),
str(th.start_time()),
str(th.priority),
Address(func_addr),
str(handler),
])
