search

DynamoRIO / dynamorio

Dynamic Instrumentation Tool Platform
Other
2.67k stars 566 forks source link

add symbol export iterator for Mach-O #1360

Open derekbruening opened 10 years ago

derekbruening commented 10 years ago

From bruen...@google.com on February 09, 2014 19:35:05

I'm starting to split off pieces of the original issue #58 that are likely to be delayed beyond core support. The symbol export iterator is one, and it deserves its own issue now as it's holding up drltrace, which is disabled on Mac until this is implemented.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1360

derekbruening commented 9 years ago

This issue also covers handling corner cases of the export trie: forwarders and resolvers.

I hit a resolver running a GL app on Mac: it crashed when we replaced _platform_memmove, b/c we were really replacing the resolver:

(lldb) di -n _platform_memmove
libsystem_platform.dylib`_platform_memmove:
   0x9784f7b1:  calll  0x9784f7b6                ; _platform_memmove + 5
   0x9784f7b6:  popl   %ecx
   0x9784f7b7:  movl   0xffff0020, %eax
   0x9784f7bc:  testb  $0x8, %ah
   0x9784f7bf:  je     0x9784f7c8                ; _platform_memmove + 23
   0x9784f7c1:  movl   0x91219c6(%ecx), %eax
   0x9784f7c7:  retl   
   0x9784f7c8:  testw  $0x124, %ax
   0x9784f7cc:  je     0x9784f7d5                ; _platform_memmove + 36
   0x9784f7ce:  movl   0x91219c2(%ecx), %eax
   0x9784f7d4:  retl   
   0x9784f7d5:  testb  $0x24, %al
   0x9784f7d7:  movl   0x91219be(%ecx), %eax
   0x9784f7dd:  cmovel 0x91219ba(%ecx), %eax
   0x9784f7e4:  retl   
> nm -arch i386 /usr/lib/system/libsystem_platform.dylib | grep __platform
00006de0 S ___platformVersionNumber
00006db0 S ___platformVersionString
00001594 T __platform_bzero
00005e60 t __platform_bzero$VARIANT$scalar
000062c0 t __platform_bzero$VARIANT$sse2
00005100 t __platform_bzero$VARIANT$sse42
00005054 T __platform_memccpy
00001420 T __platform_memchr
000014d0 T __platform_memcmp
000017b1 T __platform_memmove
00006096 t __platform_memmove$VARIANT$scalar
00005960 t __platform_memmove$VARIANT$sse2
000051b0 t __platform_memmove$VARIANT$sse3x
000060f0 t __platform_memmove$VARIANT$sse42
00003a60 T __platform_memset
00005d60 t __platform_memset_pattern
00003af8 T __platform_memset_pattern16
00003b24 T __platform_memset_pattern4
00003b0c T __platform_memset_pattern8
00001740 T __platform_strchr
00002a50 T __platform_strcmp
00001640 T __platform_strncmp
00003f8b t __platform_task_deallocate
00004645 t __platform_thread_deallocate

We already have the code, we just need to hook it up to the is_indirect_code param, just like an ELF ifunc.

After fixing:

export _platform_memmove indirected from 0x9784f7b1 to 0x978531b0
replacing _platform_memmove @0x978531b0 in libsystem_platform.dylib (base 0x9784e000)