remove obsoleted comment

Author: comex

inject.c

@@ -70,7 +70,6 @@ struct ppc_thread_state64 {
     uint32_t vrsave;
 };
 
-// covers multiple flavors - some contain the state but not all
 #pragma pack(4)
 struct exception_message {
     mach_msg_header_t Head;
@@ -133,14 +132,12 @@ static kern_return_t find_symtab_addrs(uint32_t ncmds, mach_vm_size_t sizeofcmds
     struct load_command *lc;
     uint32_t symoff = 0, stroff = 0;
     uint32_t cmdsleft;
-    mach_vm_size_t accumulated_sizeofcmds = 0;
 
     memset(symtab, 0, sizeof(*symtab));
 
     lc = cmds;
-    cmdsleft = ncmds;
-    while(cmdsleft--) {
-        if((accumulated_sizeofcmds += SWAP(lc->cmdsize)) > sizeofcmds) {
+    for(cmdsleft = ncmds; cmdsleft--;) {
+        if((sizeofcmds -= SWAP(lc->cmdsize)) < 0) {
             // the mach file is invalid
             return KERN_INVALID_ARGUMENT;
         }
@@ -161,25 +158,18 @@ static kern_return_t find_symtab_addrs(uint32_t ncmds, mach_vm_size_t sizeofcmds
         return KERN_INVALID_ARGUMENT;
     }
 
+#define CATCH(SWAP, off, size, addr) if(SWAP(sc->fileoff) <= (off) && (SWAP(sc->fileoff) + SWAP(sc->filesize)) >= ((off) + (size))) (addr) = SWAP(sc->vmaddr) + (off) - SWAP(sc->fileoff);
+
     lc = cmds;
-    cmdsleft = ncmds;
-    while(cmdsleft--) {
+    for(cmdsleft = ncmds; cmdsleft--;) {
         if(SWAP(lc->cmd) == LC_SEGMENT) {
             struct segment_command *sc = (void *) lc;
-            if(SWAP(sc->fileoff) < symoff && (SWAP(sc->fileoff) + SWAP(sc->filesize)) >= (symoff + symtab->nsyms * nlist_size)) {
-                symtab->symaddr = sc->vmaddr + symoff - sc->fileoff; 
-            }
-            if(SWAP(sc->fileoff) < stroff && (SWAP(sc->fileoff) + SWAP(sc->filesize)) >= (stroff + symtab->strsize)) {
-                symtab->straddr = sc->vmaddr + stroff - sc->fileoff; 
-            }
+            CATCH(SWAP, symoff, symtab->nsyms * nlist_size, symtab->symaddr);
+            CATCH(SWAP, stroff, symtab->strsize, symtab->straddr);
         } else if(SWAP(lc->cmd) == LC_SEGMENT_64) {
             struct segment_command_64 *sc = (void *) lc;
-            if(SWAP64(sc->fileoff) < symoff && (SWAP64(sc->fileoff) + SWAP64(sc->filesize)) >= (symoff + symtab->nsyms * nlist_size)) {
-                symtab->symaddr = sc->vmaddr + symoff - sc->fileoff; 
-            }
-            if(SWAP64(sc->fileoff) < stroff && (SWAP64(sc->fileoff) + SWAP64(sc->filesize)) >= (stroff + symtab->strsize)) {
-                symtab->straddr = sc->vmaddr + stroff - sc->fileoff; 
-            }
+            CATCH(SWAP64, symoff, symtab->nsyms * nlist_size, symtab->symaddr);
+            CATCH(SWAP64, stroff, symtab->strsize, symtab->straddr);
         }
         lc = (void *) ((char *) lc + SWAP(lc->cmdsize));
     }
@@ -358,6 +348,7 @@ kern_return_t inject(pid_t pid, const char *path) {
         break;
     case CPU_TYPE_POWERPC:
     case CPU_TYPE_POWERPC64:
+        fprintf(stderr, "yep it's ppc\n");
         state.ppc.r[1] = stack_end;
         memcpy(&state.ppc.r[3], args_64 + 1, 6*8);
         state.ppc.srr0 = addrs.syscall;
@@ -395,7 +386,7 @@ kern_return_t inject(pid_t pid, const char *path) {
     while(1) {
         struct exception_message msg;
         TRY(mach_msg_overwrite(NULL, MACH_RCV_MSG, 0, sizeof(msg), exc, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL, (void *) &msg, sizeof(msg)));
-        printf("got a message\n");
+        //fprintf(stderr, "got a message\n");
         if(!(msg.Head.msgh_bits & MACH_MSGH_BITS_COMPLEX) ||
            (msg.msgh_body.msgh_descriptor_count == 0) ||
            (msg.Head.msgh_size < offsetof(struct exception_message, old_state)) ||
@@ -421,6 +412,8 @@ kern_return_t inject(pid_t pid, const char *path) {
             }
 
             if(!cond) {
+                // let the normal crash mechanism handle it
+                task_set_exception_ports(task, em[0], eh[0], eb[0], ef[0]);
                 FAIL(KERN_FAILURE);
             } else if(started_dlopen) {
                 TRY(thread_terminate(msg.thread.name));

inject.h

@@ -1,7 +1,6 @@
 #include <unistd.h>
 #include <mach/kern_return.h>
 
-
 kern_return_t inject(pid_t pid, const char *path);
 
 // The behavior is synchronous: when it returns, constructors have

interpose.c

@@ -0,0 +1,98 @@
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <mach-o/loader.h>
+#include <mach-o/nlist.h>
+#include <string.h>
+
+#ifdef __LP64__
+#define nlist_native nlist_64
+#define LC_SEGMENT_NATIVE LC_SEGMENT_64
+#define segment_command_native segment_command_64
+#define mach_header_native mach_header_64
+#define section_native section_64
+#define PAGEZERO_SIZE 0x100000000;
+#else
+#define nlist_native nlist
+#define LC_SEGMENT_NATIVE LC_SEGMENT
+#define segment_command_native segment_command
+#define mach_header_native mach_header
+#define section_native section
+#define PAGEZERO_SIZE 0x1000
+#endif
+
+void *find_lazy(uint32_t ncmds, struct load_command *cmds, const char *desired) {
+    uint32_t symoff = 0, stroff = 0, isymoff = 0, lazy_index = 0, lazy_size = 0;
+    void **lazy = 0;
+    struct load_command *lc;
+    uint32_t cmdsleft;
+
+    lc = cmds;
+    for(cmdsleft = ncmds; cmdsleft--;) {
+        printf("%p %x\n", &lc->cmd, lc->cmd);
+        if(lc->cmd == LC_SYMTAB) {
+            struct symtab_command *sc = (void *) lc;
+            stroff = sc->stroff;
+            symoff = sc->symoff;
+        } else if(lc->cmd == LC_DYSYMTAB) {
+            struct dysymtab_command *dc = (void *) lc;
+            isymoff = dc->indirectsymoff;
+        } else if(lc->cmd == LC_SEGMENT_NATIVE) {
+            struct segment_command_native *sc = (void *) lc;
+            struct section_native *sect = (void *) (sc + 1);
+            uint32_t i;
+            for(i = 0; i < sc->nsects; i++) {
+                if((sect->flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS) {
+                    lazy_index = sect->reserved1; 
+                    lazy_size = sect->size / sizeof(*lazy);
+                    lazy = (void *) sect->addr;
+                }
+                sect++;    
+            }
+        }
+        lc = (void *) ((char *) lc + lc->cmdsize);
+    }
+
+    if(!stroff || !symoff || !isymoff || !lazy_index) return 0;
+
+#define CATCH(off, addr) if(sc->fileoff <= (off) && (sc->fileoff + sc->filesize) >= (off)) (addr) = (void *) (sc->vmaddr + (off) - sc->fileoff);
+    struct nlist_native *syms = 0;
+    char *strs = 0;
+    uint32_t *isyms = 0;
+
+    lc = cmds;
+    for(cmdsleft = ncmds; cmdsleft--;) {
+        if(lc->cmd == LC_SEGMENT_NATIVE) {
+            struct segment_command_native *sc = (void *) lc;
+            CATCH(symoff, syms);
+            CATCH(stroff, strs);
+            CATCH(isymoff, isyms);
+        }
+        lc = (void *) ((char *) lc + lc->cmdsize);
+    }
+
+    if(!syms || !strs || !isyms) return 0;
+
+    uint32_t i;
+    for(i = lazy_index; i < lazy_index + lazy_size; i++) {
+        struct nlist_native *sym = syms + isyms[i];
+        if(!strcmp(strs + sym->n_un.n_strx, desired)) {
+            return lazy;
+        }
+        lazy++;
+    }
+
+    return 0;
+}
+
+bool interpose(const char *name, void *impl) {
+    struct mach_header_native *mach_hdr = (void *)PAGEZERO_SIZE;
+
+    void **lazy = find_lazy(mach_hdr->ncmds, (void *) (mach_hdr + 1), name);
+    if(!lazy) return false;
+    
+    *lazy = impl;
+
+    return true;
+}

interpose.h

@@ -0,0 +1,3 @@
+#include <stdbool.h>
+
+bool interpose(const char *name, void *impl);

tester/Makefile

@@ -6,9 +6,9 @@ endif
 
 all: testlib tester
 
-testlib: testlib.c Makefile
-	$(GCC) $(ARCH) -dynamiclib -o testlib.dylib testlib.c
-tester: tester.c ../*.c ../*.h Makefile
-	$(GCC) -O3 -g3 -o tester -I.. tester.c ../*.c ../*.h -Wall -Wno-parentheses
+testlib: testlib.c ../interpose.c ../interpose.h Makefile
+	$(GCC) $(ARCH) -dynamiclib -I.. -o testlib.dylib testlib.c ../interpose.c -Wall -Wno-parentheses
+tester: tester.c ../inject.c ../inject.h Makefile
+	$(GCC) -O3 -g3 -o tester -I.. tester.c ../inject.c -Wall -Wno-parentheses
 clean:
 	rm -f tester testlib.dylib

tester/testlib.c

@@ -1,6 +1,23 @@
 #include <stdio.h>
+#include <stdint.h>
+#include <interpose.h>
+
+int fake_puts(const char *s) {
+    printf("whee %s\n", s);
+    return 0;
+}
 
 __attribute__((constructor))
 static void hello() {
     fprintf(stderr, "Someone loaded me\n");
+    union {
+        char bytes[4];
+        uint32_t num;
+    } u;
+    u.bytes[0] = 0x12;
+    u.bytes[1] = 0x34;
+    u.bytes[2] = 0x56;
+    u.bytes[3] = 0x78;
+    fprintf(stderr, "le->78563412 be->12345678 actual=%x\n", u.num);
+    fprintf(stderr, "%d\n", interpose("_puts", fake_puts)); 
 }