Open enovella opened 4 years ago
trufae
commented
4 years ago are those watchpoints based on hooking getters/setters for the class fields or its like a real hw? any PoC implementation instead of this one that is very tied to the dwarf internals? i think both kind of watchpoints would be interesting to have in r2frida. any hints here @oleavr @mrmacete ?
trufae
commented
4 years ago cc @iGio90
iGio90
commented
4 years ago Well the logic is pretty simple. I think @PinkiePieStyle reworked them to use MemoryAccessMonitor (at least on windows). For what concerne unix, it's a matter of altering the permissions:
if needed we are also adding an interceptor to the address which attempt to r/w the given watchpoint address and break it to give runtime instrumentation
oleavr
commented
4 years ago @iGio90 Cool! MemoryAccessMonitor is now also supported on the other platforms in recent versions of Frida.
trufae
commented
4 years ago Thanks @iGio90 for the explanation :) having such primitive stable in Frida will make implementing that much easily. Hope to get that ready before 4.5. i'll start using milestones in r2frida
trufae
commented
1 week ago Ole added sw and hw bps support in frida natively. so we can finally expose this functionality in r2frida without hacks like dwarf did at the time.
trufae
commented
1 week ago waiting here https://github.com/nowsecure/r2frida/pull/630
https://github.com/iGio90/Dwarf/blob/master/dwarf_debugger/lib/core.js#L4839