Skip to content

Commit

Permalink
[WIP] Wire up some more
Browse files Browse the repository at this point in the history
Co-authored-by: Håvard Sørbø <[email protected]>
  • Loading branch information
oleavr and hsorbo committed Sep 19, 2023
1 parent 9945413 commit 4c68b9b
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 3 deletions.
90 changes: 90 additions & 0 deletions gum/gumswiftapiresolver.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
#include "gummodulemap.h"
#include "gumprocess.h"

#include <capstone.h>
#include <string.h>

#define GUM_DESCRIPTOR_FLAGS_KIND(flags) \
Expand Down Expand Up @@ -736,6 +737,95 @@ gum_module_metadata_collect_export (const GumExportDetails * details,
func.address = details->address;
g_array_append_val (module->functions, func);

if (g_str_has_prefix (func.name, "dispatch thunk of "))
{
csh capstone;
const uint8_t * code;
size_t size;
uint64_t address;
cs_insn * insn;
gint vtable_index;
gboolean end_of_block;

gum_cs_arch_register_native ();
cs_open (GUM_DEFAULT_CS_ARCH, GUM_DEFAULT_CS_MODE, &capstone);
cs_option (capstone, CS_OPT_DETAIL, CS_OPT_ON);

code = GSIZE_TO_POINTER (details->address);
size = 256;
address = details->address;

insn = cs_malloc (capstone);

g_printerr ("\n=== %s\n", func.name + strlen ("dispatch thunk of "));

vtable_index = -1;
end_of_block = FALSE;
while (vtable_index == -1 && !end_of_block &&
cs_disasm_iter (capstone, &code, &size, &address, insn))
{
/* g_printerr ("%s %s\n", insn->mnemonic, insn->op_str); */

switch (insn->id)
{
case ARM64_INS_LDR:
{
arm64_op_mem * src = &insn->detail->arm64.operands[1].mem;

/*
* ldr x3, [x16, #0xd0]!
* ...
* braa x3, x16
*/
if (src->base == ARM64_REG_X16)
vtable_index = src->disp / sizeof (gpointer);

break;
}
case ARM64_INS_MOV:
{
cs_arm64_op * dst = &insn->detail->arm64.operands[0];
cs_arm64_op * src = &insn->detail->arm64.operands[1];

/*
* mov x17, #0x3b0
* add x16, x16, x17
* ldr x7, [x16]
* ...
* braa x7, x16
*/
if (dst->reg == ARM64_REG_X17 && src->type == ARM64_OP_IMM)
{
vtable_index = src->imm / sizeof (gpointer);
}

break;
}
case ARM64_INS_BR:
case ARM64_INS_BRAA:
case ARM64_INS_BRAAZ:
case ARM64_INS_RET:
case ARM64_INS_RETAA:
case ARM64_INS_RETAB:
end_of_block = TRUE;
break;
}
}

cs_free (insn, 1);

cs_close (&capstone);

if (vtable_index != -1)
{
g_printerr (" => SUCCESS, vtable_index=%d\n", vtable_index);
}
else
{
g_printerr (" => FAILURE, vtable_index not determined\n");
}
}

return TRUE;
}

Expand Down
9 changes: 6 additions & 3 deletions tests/core/apiresolver.c
Original file line number Diff line number Diff line change
Expand Up @@ -261,13 +261,15 @@ TESTCASE (swift_method_can_be_resolved)

g_printerr (">>>\n");
gum_api_resolver_enumerate_matches (fixture->resolver,
"*CoreDevice!*RemoteDevice*", resolve_method_impl, &address, &error);
//"*!*", resolve_method_impl, &address, &error);
"*CoreDevice!*RemoteDevice.*", resolve_method_impl, &address, &error);
//"*CoreDevice!*RemoteDevice*createRSDDevice*", resolve_method_impl, &address, &error);
//"*CoreDevice!*RSDDeviceInfo*", resolve_method_impl, &address, &error);
//"*hello*!*", resolve_method_impl, &address, &error);
g_printerr ("<<<\n");
g_assert_no_error (error);

#if 0
#if 1
g_printerr ("Waiting for debugger in PID %u...\n", getpid ());
while (!gum_process_is_debugger_attached ())
{
Expand All @@ -282,7 +284,8 @@ resolve_method_impl (const GumApiDetails * details,
{
GumAddress * address = user_data;

g_printerr ("Found: %s\n", details->name);
g_printerr ("Found: %s at %p\n", details->name,
GSIZE_TO_POINTER (details->address));
*address = details->address;

//return FALSE;
Expand Down

0 comments on commit 4c68b9b

Please sign in to comment.