def _handle_prctl(self, mu, option, arg2, arg3, arg4, arg5): """ int prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); See: - https://linux.die.net/man/2/prctl - https://github.com/torvalds/linux/blob/master/include/uapi/linux/prctl.h For PR_SET_VMA: - https://android.googlesource.com/platform/bionic/+/263325d/libc/include/sys/prctl.h - https://sourceforge.net/p/strace/mailman/message/34329772/ """ if option == PR_SET_VMA: # arg5 contains ptr to a name. return 0 elif option == PR_SET_DUMPABLE: return 0 elif option == PR_GET_NAME: memory_helpers.write_utf8(mu, arg2, self._process_name) return 0 elif option == PR_SET_NAME: self._process_name = memory_helpers.read_utf8(mu, arg2) return 0 else: raise NotImplementedError("Unsupported prctl option %d (0x%x)" % (option, option))
def __readlinkat(self, mu, dfd, path, buf, bufsz): path_utf8 = memory_helpers.read_utf8(mu, path) logging.info("%x %s %x %r"%(dfd, path_utf8, buf, bufsz)) print(self._virtual_files) pobj = pcb.get_pcb() pid = pobj.get_pid() path_std_utf = path_utf8.replace(str(pid), "self") fd_base = "/proc/self/fd/" if (path_std_utf.startswith(fd_base)): fd_str = os.path.basename(path_std_utf) fd = int(fd_str) if (fd in self._virtual_files): name = self._virtual_files[fd].name n = len(name) if (n <= bufsz): memory_helpers.write_utf8(mu, buf, name) return 0 # else: raise RuntimeError("buffer overflow!!!") # else: raise RuntimeError("fd %d not found in opened file..."%fd) # else: raise NotImplementedError() # return -1
def __readlinkat(self, mu, dfd, path, buf, bufsz): path_utf8 = memory_helpers.read_utf8(mu, path) logging.info("%x %s %x %r"%(dfd, path_utf8, buf, bufsz)) pobj = pcb.get_pcb() pid = pobj.get_pid() path_std_utf = path_utf8.replace(str(pid), "self") fd_base = "/proc/self/fd/" if (path_std_utf.startswith(fd_base)): fd_str = os.path.basename(path_std_utf) fd = int(fd_str) detail = self.__pcb.get_fd_detail(fd) name = detail.name n = len(name) if (n <= bufsz): memory_helpers.write_utf8(mu, buf, name) return 0 # else: raise RuntimeError("buffer overflow!!!") # else: raise NotImplementedError() # return -1
def _setup_thread_register(self): """ Set up thread register. This is currently not accurate and just filled with garbage to ensure the emulator does not crash. https://developer.arm.com/documentation/ddi0211/k/system-control-coprocessor/system-control-coprocessor-register-descriptions/c13--thread-and-process-id-registers """ thread_info_size = 64 thread_info = self.memory_manager.allocate(thread_info_size * 5) thread_info_1 = thread_info + (thread_info_size * 0) thread_info_2 = thread_info + (thread_info_size * 1) thread_info_3 = thread_info + (thread_info_size * 2) thread_info_4 = thread_info + (thread_info_size * 3) thread_info_5 = thread_info + (thread_info_size * 4) # Thread name write_utf8(self.mu, thread_info_5, "AndroidNativeEmu") # R4 self.mu.mem_write(thread_info_2 + 0x4, int(thread_info_5).to_bytes(4, byteorder='little')) self.mu.mem_write(thread_info_2 + 0xC, int(thread_info_3).to_bytes(4, byteorder='little')) # R1 self.mu.mem_write(thread_info_1 + 0x4, int(thread_info_4).to_bytes(4, byteorder='little')) self.mu.mem_write(thread_info_1 + 0xC, int(thread_info_2).to_bytes(4, byteorder='little')) self.mu.reg_write(UC_ARM_REG_C13_C0_3, thread_info_1)
def system_property_get(self, uc, name_ptr, buf_ptr): name = memory_helpers.read_utf8(uc, name_ptr) logger.debug("Called __system_property_get(%s, 0x%x)" % (name, buf_ptr)) if name in self._emu.system_properties: memory_helpers.write_utf8(uc, buf_ptr, self._emu.system_properties[name]) else: raise ValueError('%s was not found in system_properties dictionary.' % name) return None
def dladdr(self, uc, addr, info): infos = memory_helpers.read_uints(uc, info, 4) Dl_info = {} nm = self._emu.native_memory isfind = False for mod in self._module_mgr.modules: if mod.base <= addr < mod.base + mod.size: dli_fname = nm.allocate(len(mod.filename) + 1) memory_helpers.write_utf8(uc, dli_fname, mod.filename + '\x00') memory_helpers.write_uints(uc, addr, [dli_fname, mod.base, 0, 0]) return 1
def system_property_get(self, uc, name_ptr, buf_ptr): name = memory_helpers.read_utf8(uc, name_ptr) logger.debug("Called __system_property_get(%s, 0x%x)" % (name, buf_ptr)) if name in self._emu.system_properties: p = self._emu.system_properties[name] nread = len(p) memory_helpers.write_utf8(uc, buf_ptr, p) return nread else: print ('%s was not found in system_properties dictionary.' % name) # return 0
def dladdr(self, uc, addr, info): infos = memory_helpers.read_uints(uc, info, 4) nm = self._emu.native_memory if addr == 0: addr = uc.reg_read(arm_const.UC_ARM_REG_PC) # isfind = False for mod in self._module_mgr.modules: if mod.base <= addr < mod.base + mod.size: dli_fname = nm.allocate(len(mod.filename) + 1) memory_helpers.write_utf8(uc, dli_fname, mod.filename + '\x00') memory_helpers.write_uints(uc, info, [dli_fname, mod.base, 0, 0]) return 1
def __test_tls_common(self, emulator, libcm): env_key_ptr = emulator.call_symbol(libcm, "malloc", 100) memory_helpers.write_utf8(emulator.mu, env_key_ptr, "ANDROID_ROOT") env_ptr = emulator.call_symbol(libcm, "getenv", env_key_ptr) self.assertTrue(env_ptr!=0) env_str = memory_helpers.read_utf8(emulator.mu, env_ptr) emulator.call_symbol(libcm, "free", env_key_ptr) self.assertEqual(env_str, "/system") key_buf_ptr = emulator.call_symbol(libcm, "malloc", 100) emulator.call_symbol(libcm, "pthread_key_create", key_buf_ptr, 0) key = memory_helpers.read_ptr_sz(emulator.mu, key_buf_ptr, emulator.get_ptr_size()) target_int = 3000 emulator.call_symbol(libcm, "pthread_setspecific", key, target_int) r = emulator.call_symbol(libcm, "pthread_getspecific", key) emulator.call_symbol(libcm, "free", key_buf_ptr) self.assertEqual(r, target_int)
def dlerror(self, mu): logger.info("dlerror") data = 'dlerror handler...emu,...,' addr = self._memory.allocate(len(data)) memory_helpers.write_utf8(mu, addr, data) return addr