diff --git a/src/engines/mach-engine.cc b/src/engines/mach-engine.cc index 78485dff..d3daba62 100644 --- a/src/engines/mach-engine.cc +++ b/src/engines/mach-engine.cc @@ -51,7 +51,6 @@ arch_setupBreakpoint(unsigned long addr, unsigned long old_data) unsigned long offs = addr - aligned_addr; unsigned long shift = 8 * offs; - printf("S: 0x%llx 0x%08lx -> ", addr, old_data); val = (old_data & ~(0xffUL << shift)) | (0xccUL << shift); #elif defined(__powerpc__) val = 0x7fe00008; /* tw */ @@ -69,7 +68,6 @@ arch_setupBreakpoint(unsigned long addr, unsigned long old_data) #else #error Unsupported architecture #endif - printf("0x%08lx\n", val); return val; } @@ -84,12 +82,10 @@ arch_clearBreakpoint(unsigned long addr, unsigned long old_data, unsigned long c unsigned long shift = 8 * offs; unsigned long old_byte = (old_data >> shift) & 0xffUL; - printf("0x%08lx -> ", cur_data); val = (cur_data & ~(0xffUL << shift)) | (old_byte << shift); #else val = old_data; #endif - printf("0x%08lx\n", val); return val; } @@ -121,11 +117,6 @@ class MachEngine : public IEngine mach_exception_data_t codes, mach_msg_type_number_t num_codes) { - printf("Exc raise: %d, codes(%d) 0x%llx:0x%llx\n", - exception_type, - num_codes, - codes[0], - codes[1]); /* exception_type is defined in exception_types.h */ /* an exception may include a code and a sub-code. num_codes specifies */ @@ -152,7 +143,6 @@ class MachEngine : public IEngine error("thread_get_state with error: %s\n", mach_error_string(kret)); return KERN_SUCCESS; } - printf("EXC at 0x%llx\n", state.__rip); ptrace(PT_THUPDATE, m_pid, (caddr_t)(uintptr_t)thread_port, codes[1]); } @@ -173,19 +163,6 @@ class MachEngine : public IEngine state.__rip--; #endif - printf("Breakpoint got at 0x%llx (0x%llx). rax 0x%llx, rbx 0x%llx, rcx 0x%llx, rdx " - "0x%llx, rdi 0x%llx, rsi 0x%llx, rbp 0x%llx, rsp 0x%llx, rflags 0x%llx\n", - state.__rip, - getAligned(state.__rip), - state.__rax, - state.__rbx, - state.__rcx, - state.__rdx, - state.__rdi, - state.__rsi, - state.__rbp, - state.__rsp, - state.__rflags); if (state.__rip == 0x100002021) { state.__rsi = 0x40; @@ -218,53 +195,6 @@ class MachEngine : public IEngine // From IEngine virtual int registerBreakpoint(unsigned long addr) override { - if (addr >= 0x100002614 && addr <= 0x100002614) - { - // return 0; - } - -#if 0 - auto patch_addr = m_imageBase + (addr & 0xffffffff); - // VM_PROT_COPY forces COW, probably, see vm_map_protect in vm_map.c - kern_return_t kr; - kr = vm_protect(m_task, - trunc_page(patch_addr), - vm_page_size, - false, - VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY); - if (kr != KERN_SUCCESS) - { - printf("vm_protect failed\n"); - return -1; - } - - uint8_t b; - size_t size = 0; - kr = vm_read_overwrite(m_task, patch_addr, 1, (vm_offset_t)&b, &size); - if (kr != KERN_SUCCESS) - { - printf("vm_read_overwrite failed\n"); - return -1; - } - - uint8_t code = 0xcc; - kr = vm_write(m_task, patch_addr, (vm_offset_t)&code, 1); - if (kr != KERN_SUCCESS) - { - printf("vm_write failed\n"); - return -1; - } - kr = vm_protect( - m_task, trunc_page(patch_addr), vm_page_size, false, VM_PROT_READ | VM_PROT_EXECUTE); - if (kr != KERN_SUCCESS) - { - printf("vm_protect failed\n"); - return -1; - } - - printf("BP 0x%lx -> 0x%x\n", patch_addr, b); - m_instructionMap[patch_addr] = b; -#else uint32_t data; // There already? @@ -274,7 +204,6 @@ class MachEngine : public IEngine data = peekWord(getAligned(addr)); m_instructionMap[addr] = data; m_pendingBreakpoints.insert(addr); -#endif return m_instructionMap.size(); } @@ -346,7 +275,7 @@ class MachEngine : public IEngine MACH_MSG_TYPE_MAKE_SEND); if (rv != 0) { - printf("mach_port_insert_right: %d\n", rv); + error("mach_port_insert_right: %d\n", rv); } /* register the exception port with the target process */ @@ -381,19 +310,11 @@ class MachEngine : public IEngine int rv; - // task_resume(m_task); rv = ptrace(PT_ATTACHEXC, m_pid, 0, 0); - // rv = ptrace(PT_CONTINUE, m_pid, 0, 0); - //printf("CE pt rv %d\n", rv); - // ::kill(m_pid, SIGCONT); - - // printf("waitpid: %d, 0x%x %d (pid is %d)\n", rv, status, WIFEXITED(status), m_pid); - /* wait indefinitely to receive an exception message */ char req[128], rpl[128]; /* request and reply buffers */ - printf("Wait for mrddshr\n"); auto krt = mach_msg((mach_msg_header_t*)req, /* receive buffer */ MACH_RCV_MSG, /* receive message */ 0, /* size of send buffer */ @@ -414,7 +335,7 @@ class MachEngine : public IEngine if (!message_parsed_correctly) { - printf("Parse error\n"); + error("mach_ex_server parse error\n"); //kret_from_catch_mach_exception_raise = ((mig_reply_error_t*)rpl)->RetCode; } } @@ -422,7 +343,6 @@ class MachEngine : public IEngine { m_listener->onEvent(IEngine::Event(ev_exit, 0)); return false; - printf("Some error %d?\n", krt); } /* resume all threads in the process before replying to the exception */ @@ -439,13 +359,11 @@ class MachEngine : public IEngine MACH_MSG_TIMEOUT_NONE, /* wait indefinitely */ MACH_PORT_NULL); /* notify port, unused */ - printf("Reply sent\n"); return true; } void kill(int signal) final { - printf("kill %d\n", signal); ::kill(m_pid, signal); } @@ -496,10 +414,9 @@ class MachEngine : public IEngine } if (image_addr == 0) { - printf("[-] Failed to find image\n"); exit(-1); } - printf("[*] Image mapped at 0x%lx\n", image_addr); + return image_addr; } @@ -669,7 +586,6 @@ catch_mach_exception_raise_state(mach_port_t exception_port, /* not used because EXCEPTION_STATE is not specified in the call */ /* to task_set_exception_ports, but referenced by mach_exc_server */ - printf("Raise s tate\n"); return MACH_RCV_INVALID_TYPE; } @@ -690,7 +606,6 @@ catch_mach_exception_raise_state_identity(mach_port_t exception_port, { /* not used because EXCEPTION_STATE_IDENTITY is not specified in the */ /* call to task_set_exception_ports, but referenced by mach_exc_server */ - printf("Raise s tate identity\n"); return MACH_RCV_INVALID_TYPE; }