Skip to content

Commit

Permalink
feat: resolve PIDs for connections
Browse files Browse the repository at this point in the history
  • Loading branch information
NSEcho committed Aug 1, 2023
1 parent 84b4ae7 commit fec2555
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 15 deletions.
4 changes: 4 additions & 0 deletions object.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ func PrintData(value any, decode, printHex bool, whitelist, blacklist []*regexp.

logger.Scriptf("Name: %s", data["name"])
logger.Scriptf("Connection Name: %s", data["connName"])
pid, ok := data["pid"].(float64)
if ok {
logger.Scriptf("PID: %d", int(pid))
}
logger.Scriptf("Data:")
logger.Scriptf("%s", message)
fmt.Println(strings.Repeat("=", 80))
Expand Down
18 changes: 3 additions & 15 deletions script.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ var _xpc_connection_call_event_handler = DebugSymbol.fromName("_xpc_connection_c
var CFBinaryPlistCreate15 = new NativeFunction(__CFBinaryPlistCreate15, "pointer", ["pointer", "int", "pointer"]);
var xpc_connection_call_event_handler = new NativeFunction(_xpc_connection_call_event_handler, "void", ["pointer", "pointer"]);

var xpc_dictionary_set_string = Module.findExportByName(null, "xpc_dictionary_set_string");

// Use these functions to make sense out of xpc_object_t and xpc_connection_t
var xpc_connection_get_name = getFunc("xpc_connection_get_name", "pointer", ["pointer"]);
var xpc_get_type = getFunc("xpc_get_type", "pointer", ["pointer"]);
Expand All @@ -33,6 +31,8 @@ var xpc_array_get_value = getFunc("xpc_array_get_value", "pointer", ["pointer",
var xpc_data_get_length = getFunc("xpc_data_get_length", "int", ["pointer"]);
var xpc_data_get_bytes = getFunc("xpc_data_get_bytes", "int", ["pointer", "pointer", "int", "int"]);

var xpc_connection_get_pid = getFunc("xpc_connection_get_pid", "int", ["pointer"]);

// helper function that will create new NativeFunction
function getFunc(name, ret_type, args) {
return new NativeFunction(Module.findExportByName(null, name), ret_type, args);
Expand Down Expand Up @@ -165,6 +165,7 @@ function parseAndSendDictData(fnName, conn, dict) {
var ret = {};
ret["name"] = fnName;
ret["connName"] = "UNKNOWN";
ret["pid"] = xpc_connection_get_pid(conn);
if (conn != null) {
var connName = xpc_connection_get_name(conn);
if (connName != 0x0) {
Expand Down Expand Up @@ -229,16 +230,3 @@ Interceptor.attach(xpc_connection_create_mach_service, {
send(JSON.stringify(ret));
},
})

Interceptor.attach(xpc_dictionary_set_string, {
onEnter(args) {
var ret = {};
ret["connName"] = "DICT CREATION";
ret["name"] = "xpc_dictionary_set_string";
ret["dictionary"] = {
"key": rcstr(args[1]),
"value": rcstr(args[2])
};
send(JSON.stringify(ret));
}
});

0 comments on commit fec2555

Please sign in to comment.