Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to run a function on a given thread #762

Merged
merged 2 commits into from
Feb 23, 2024
Merged

Add ability to run a function on a given thread #762

merged 2 commits into from
Feb 23, 2024

Conversation

WorksButNotTested
Copy link
Contributor

Architecture specific code is based on gum_stalker_infect, so backend support is quite small. Support for x86, x64, arm and arm64 as well as QuickJS and V8. Includes supporting unit tests.

oleavr
oleavr requested changes Dec 18, 2023
View reviewed changes
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
oleavr
oleavr requested changes Dec 29, 2023
View reviewed changes
Copy link
Member

@oleavr oleavr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry it took me a while to review this! Things got quite busy just before Christmas.

bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
bindings/gumjs/gumquickprocess.c Outdated Show resolved Hide resolved
@WorksButNotTested
Copy link
Contributor Author 

(gdb) bt
#0  0x570de920 in test_memory_access_monitor_notify_on_read_access (fixture=0xeff61b78, data=<optimized out>) at ../tests/core/memoryaccessmonitor.c:28
#1  0x571fa8b0 in test_case_run (tc=<optimized out>) at ../../../deps/glib/glib/gtestutils.c:2933
#2  g_test_run_suite_internal (suite=<optimized out>, path=<optimized out>) at ../../../deps/glib/glib/gtestutils.c:3021
#3  0x571faae3 in g_test_run_suite_internal (suite=<optimized out>, path=<optimized out>) at ../../../deps/glib/glib/gtestutils.c:3037
#4  0x571faae3 in g_test_run_suite_internal (suite=<optimized out>, path=<optimized out>) at ../../../deps/glib/glib/gtestutils.c:3037
#5  0x571f9e4a in g_test_run_suite (suite=0xf7e5da40) at ../../../deps/glib/glib/gtestutils.c:3115
#6  0x571f9d14 in g_test_run () at ../../../deps/glib/glib/gtestutils.c:2234
#7  0x570cd345 in main (argc=<optimized out>, argv=<optimized out>) at ../tests/gumtest.c:305
(gdb) x/80i test_memory_access_monitor_notify_on_read_access
   0x570de829 <test_memory_access_monitor_notify_on_read_access>:       push   %ebp
   0x570de82a <test_memory_access_monitor_notify_on_read_access+1>:     mov    %esp,%ebp
   0x570de82c <test_memory_access_monitor_notify_on_read_access+3>:     push   %ebx
   0x570de82d <test_memory_access_monitor_notify_on_read_access+4>:     push   %edi
   0x570de82e <test_memory_access_monitor_notify_on_read_access+5>:     push   %esi
   0x570de82f <test_memory_access_monitor_notify_on_read_access+6>:     and    $0xfffffff0,%esp
   0x570de832 <test_memory_access_monitor_notify_on_read_access+9>:     sub    $0x10,%esp
   0x570de835 <test_memory_access_monitor_notify_on_read_access+12>:    mov    0x8(%ebp),%esi
   0x570de838 <test_memory_access_monitor_notify_on_read_access+15>:    call   0x570de83d <test_memory_access_monitor_notify_on_read_access+20>
   0x570de83d <test_memory_access_monitor_notify_on_read_access+20>:    pop    %ebx
   0x570de83e <test_memory_access_monitor_notify_on_read_access+21>:    add    $0x10b2ccb,%ebx
   0x570de844 <test_memory_access_monitor_notify_on_read_access+27>:    mov    0x4(%esi),%ecx
   0x570de847 <test_memory_access_monitor_notify_on_read_access+30>:    mov    0x10(%esi),%eax
   0x570de84a <test_memory_access_monitor_notify_on_read_access+33>:    lea    0x4(%esi),%edi
   0x570de84d <test_memory_access_monitor_notify_on_read_access+36>:    movb   $0x13,(%ecx,%eax,1)
   0x570de851 <test_memory_access_monitor_notify_on_read_access+40>:    mov    %ecx,0x4(%esp)
   0x570de855 <test_memory_access_monitor_notify_on_read_access+44>:    mov    0x14(%esi),%eax
   0x570de858 <test_memory_access_monitor_notify_on_read_access+47>:    movb   $0x37,(%ecx,%eax,1)
   0x570de85c <test_memory_access_monitor_notify_on_read_access+51>:    cmpl   $0x0,(%esi)
   0x570de85f <test_memory_access_monitor_notify_on_read_access+54>:    jne    0x570dee7b <test_memory_access_monitor_notify_on_read_access+1618>
   0x570de865 <test_memory_access_monitor_notify_on_read_access+60>:    sub    $0x4,%esp
   0x570de868 <test_memory_access_monitor_notify_on_read_access+63>:    xor    %ecx,%ecx
   0x570de86a <test_memory_access_monitor_notify_on_read_access+65>:    lea    -0x10b14f7(%ebx),%eax
   0x570de870 <test_memory_access_monitor_notify_on_read_access+71>:    inc    %ecx
   0x570de871 <test_memory_access_monitor_notify_on_read_access+72>:    push   $0x0
   0x570de873 <test_memory_access_monitor_notify_on_read_access+74>:    push   %esi
   0x570de874 <test_memory_access_monitor_notify_on_read_access+75>:    push   %eax
   0x570de875 <test_memory_access_monitor_notify_on_read_access+76>:    push   %ecx
   0x570de876 <test_memory_access_monitor_notify_on_read_access+77>:    push   $0x7
   0x570de878 <test_memory_access_monitor_notify_on_read_access+79>:    push   %ecx
   0x570de879 <test_memory_access_monitor_notify_on_read_access+80>:    push   %edi
   0x570de87a <test_memory_access_monitor_notify_on_read_access+81>:    call   0x5711d341 <gum_memory_access_monitor_new>
   0x570de87f <test_memory_access_monitor_notify_on_read_access+86>:    add    $0x20,%esp
   0x570de882 <test_memory_access_monitor_notify_on_read_access+89>:    test   %eax,%eax
   0x570de884 <test_memory_access_monitor_notify_on_read_access+91>:    mov    %eax,(%esi)
   0x570de886 <test_memory_access_monitor_notify_on_read_access+93>:    je     0x570deeb7 <test_memory_access_monitor_notify_on_read_access+1678>
   0x570de88c <test_memory_access_monitor_notify_on_read_access+99>:    sub    $0x8,%esp
   0x570de88f <test_memory_access_monitor_notify_on_read_access+102>:   push   $0x0
   0x570de891 <test_memory_access_monitor_notify_on_read_access+104>:   push   %eax
   0x570de892 <test_memory_access_monitor_notify_on_read_access+105>:   call   0x5711d410 <gum_memory_access_monitor_enable>
   0x570de897 <test_memory_access_monitor_notify_on_read_access+110>:   add    $0x10,%esp
   0x570de89a <test_memory_access_monitor_notify_on_read_access+113>:   test   %eax,%eax
   0x570de89c <test_memory_access_monitor_notify_on_read_access+115>:   je     0x570deee7 <test_memory_access_monitor_notify_on_read_access+1726>
   0x570de8a2 <test_memory_access_monitor_notify_on_read_access+121>:   mov    0x1c(%esi),%eax
   0x570de8a5 <test_memory_access_monitor_notify_on_read_access+124>:   test   %eax,%eax
   0x570de8a7 <test_memory_access_monitor_notify_on_read_access+126>:   je     0x570de919 <test_memory_access_monitor_notify_on_read_access+240>
   0x570de8a9 <test_memory_access_monitor_notify_on_read_access+128>:   movq   -0x1a9ccc0(%ebx),%xmm1
   0x570de8b1 <test_memory_access_monitor_notify_on_read_access+136>:   movd   %eax,%xmm0
   0x570de8b5 <test_memory_access_monitor_notify_on_read_access+140>:   por    %xmm1,%xmm0
   0x570de8b9 <test_memory_access_monitor_notify_on_read_access+144>:   subsd  %xmm1,%xmm0
   0x570de8bd <test_memory_access_monitor_notify_on_read_access+148>:   sub    $0x30,%esp
   0x570de8c0 <test_memory_access_monitor_notify_on_read_access+151>:   andl   $0x0,0x24(%esp)
   0x570de8c5 <test_memory_access_monitor_notify_on_read_access+156>:   andl   $0x0,0x20(%esp)
   0x570de8ca <test_memory_access_monitor_notify_on_read_access+161>:   lea    -0x1aee512(%ebx),%edx
   0x570de8d0 <test_memory_access_monitor_notify_on_read_access+167>:   lea    -0x1afe02c(%ebx),%ecx
   0x570de8d6 <test_memory_access_monitor_notify_on_read_access+173>:   lea    -0x1b307f1(%ebx),%eax
   0x570de8dc <test_memory_access_monitor_notify_on_read_access+179>:   movsd  %xmm0,0x14(%esp)
   0x570de8e2 <test_memory_access_monitor_notify_on_read_access+185>:   movl   $0x69,0x28(%esp)
   0x570de8ea <test_memory_access_monitor_notify_on_read_access+193>:   movl   $0x1a,0x8(%esp)
   0x570de8f2 <test_memory_access_monitor_notify_on_read_access+201>:   mov    %edx,0x10(%esp)
   0x570de8f6 <test_memory_access_monitor_notify_on_read_access+205>:   mov    %ecx,0xc(%esp)
   0x570de8fa <test_memory_access_monitor_notify_on_read_access+209>:   lea    -0x1b73727(%ebx),%edx
   0x570de900 <test_memory_access_monitor_notify_on_read_access+215>:   lea    -0x1b065d1(%ebx),%ecx
   0x570de906 <test_memory_access_monitor_notify_on_read_access+221>:   mov    %eax,0x1c(%esp)
   0x570de90a <test_memory_access_monitor_notify_on_read_access+225>:   mov    %edx,0x4(%esp)
   0x570de90e <test_memory_access_monitor_notify_on_read_access+229>:   mov    %ecx,(%esp)
   0x570de911 <test_memory_access_monitor_notify_on_read_access+232>:   call   0x571fad4c <g_assertion_message_cmpnum>
   0x570de916 <test_memory_access_monitor_notify_on_read_access+237>:   add    $0x30,%esp
   0x570de919 <test_memory_access_monitor_notify_on_read_access+240>:   mov    0x10(%esi),%eax
   0x570de91c <test_memory_access_monitor_notify_on_read_access+243>:   mov    0x4(%esp),%edi
=> 0x570de920 <test_memory_access_monitor_notify_on_read_access+247>:   mov    (%edi,%eax,1),%al

(gdb) info reg
eax            0x800               2048
ecx            0xffffb4ec          -19220
edx            0x2000              8192
ebx            0x58191508          1478038792
esp            0xffffd610          0xffffd610
ebp            0xffffd638          0xffffd638
esi            0xeff61b78          -269083784
edi            0xef8da000          -275931136
eip            0x570de920          0x570de920 <test_memory_access_monitor_notify_on_read_access+247>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x23                35
ss             0x2b                43
ds             0x2b                43
es             0x2b                43
fs             0x6b                107
gs             0x63                99

@WorksButNotTested WorksButNotTested force-pushed the run_on_thread2 branch 6 times, most recently from 8d324e3 to a485997 Compare January 29, 2024 16:35
@WorksButNotTested WorksButNotTested deleted the run_on_thread2 branch January 31, 2024 09:47
@WorksButNotTested WorksButNotTested restored the run_on_thread2 branch January 31, 2024 14:08
@WorksButNotTested WorksButNotTested mentioned this pull request Jan 31, 2024
Closed
@WorksButNotTested WorksButNotTested force-pushed the run_on_thread2 branch 4 times, most recently from 85854ed to 73a5574 Compare February 21, 2024 09:53
WorksButNotTested and others added 2 commits February 24, 2024 00:01
@WorksButNotTested @oleavr
stalker: Add run_on_thread() and run_on_thread_sync()
283a391 
Co-authored-by: Ole André Vadla Ravnås <[email protected]>
@WorksButNotTested @oleavr
gumjs: Add Process.runOnThread()
668827c 
Co-authored-by: Ole André Vadla Ravnås <[email protected]>
@oleavr oleavr merged commit 8f54140 into frida:main Feb 23, 2024
29 of 31 checks passed
@WorksButNotTested WorksButNotTested deleted the run_on_thread2 branch February 26, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleavr oleavr oleavr requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WorksButNotTested @oleavr