From faf3885185911460c861040a215bbc1bbd1aeb88 Mon Sep 17 00:00:00 2001 From: Marco Concetto Rudilosso Date: Thu, 31 Oct 2024 17:58:33 +0100 Subject: [PATCH 1/4] Use `mach_vm_read_overwrite` to read image infos for dyld_images --- samply/src/mac/proc_maps.rs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/samply/src/mac/proc_maps.rs b/samply/src/mac/proc_maps.rs index 9794e8c6..5d1cb4b9 100644 --- a/samply/src/mac/proc_maps.rs +++ b/samply/src/mac/proc_maps.rs @@ -1,5 +1,6 @@ use std::cmp::Ordering; use std::collections::HashMap; +use std::mem::MaybeUninit; use std::ops::{Deref, Range}; use std::{mem, ptr}; @@ -21,7 +22,7 @@ use mach::thread_act::{thread_get_state, thread_resume, thread_suspend}; use mach::thread_status::thread_state_flavor_t; use mach::thread_status::thread_state_t; use mach::traps::mach_task_self; -use mach::vm::{mach_vm_deallocate, mach_vm_read, mach_vm_remap}; +use mach::vm::{mach_vm_deallocate, mach_vm_read, mach_vm_read_overwrite, mach_vm_remap}; use mach::vm_inherit::VM_INHERIT_SHARE; use mach::vm_page_size::{mach_vm_trunc_page, vm_page_size}; use mach::vm_prot::{vm_prot_t, VM_PROT_NONE, VM_PROT_READ}; @@ -158,6 +159,7 @@ impl DyldInfoManager { let new_image_info = enumerate_dyld_images( &mut self.memory, + self.task, info_array_addr, info_array_count, dyld_image_load_addr, @@ -211,6 +213,7 @@ fn with_suspended_task( fn enumerate_dyld_images( memory: &mut ForeignMemory, + task: mach_port_t, info_array_addr: u64, info_array_count: u32, dyld_image_load_addr: u64, @@ -227,8 +230,17 @@ fn enumerate_dyld_images( let (base_avma, image_file_path) = { let info_array_elem_addr = info_array_addr + image_index as u64 * mem::size_of::() as u64; - let image_info: &dyld_image_info = - unsafe { memory.get_type_ref_at_address(info_array_elem_addr) }?; + let mut image_info: MaybeUninit = MaybeUninit::uninit(); + let mut size = mem::size_of::() as u64; + unsafe { + mach_vm_read_overwrite(task, info_array_elem_addr, size, &mut image_info as *mut MaybeUninit as u64, &mut size).into_result()?; + } + + if size != mem::size_of::() as u64 { + return Err(kernel_error::KernelError::InvalidValue); + } + + let image_info = unsafe { image_info.assume_init() }; ( image_info.imageLoadAddress as usize as u64, image_info.imageFilePath as usize as u64, From cc11bce83db6b468646e6ca7331254b8128f99d3 Mon Sep 17 00:00:00 2001 From: Marco Concetto Rudilosso Date: Mon, 4 Nov 2024 10:47:40 +0100 Subject: [PATCH 2/4] format --- samply/src/mac/proc_maps.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/samply/src/mac/proc_maps.rs b/samply/src/mac/proc_maps.rs index 5d1cb4b9..28ac6876 100644 --- a/samply/src/mac/proc_maps.rs +++ b/samply/src/mac/proc_maps.rs @@ -233,9 +233,16 @@ fn enumerate_dyld_images( let mut image_info: MaybeUninit = MaybeUninit::uninit(); let mut size = mem::size_of::() as u64; unsafe { - mach_vm_read_overwrite(task, info_array_elem_addr, size, &mut image_info as *mut MaybeUninit as u64, &mut size).into_result()?; + mach_vm_read_overwrite( + task, + info_array_elem_addr, + size, + &mut image_info as *mut MaybeUninit as u64, + &mut size, + ) + .into_result()?; } - + if size != mem::size_of::() as u64 { return Err(kernel_error::KernelError::InvalidValue); } From d5bdd4e87198ba9c235d45335c6519c98b4cde8c Mon Sep 17 00:00:00 2001 From: Marco Concetto Rudilosso Date: Mon, 4 Nov 2024 11:05:21 +0100 Subject: [PATCH 3/4] use mach_vm_read_overwrite more --- samply/src/mac/proc_maps.rs | 47 +++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/samply/src/mac/proc_maps.rs b/samply/src/mac/proc_maps.rs index 28ac6876..b68c2306 100644 --- a/samply/src/mac/proc_maps.rs +++ b/samply/src/mac/proc_maps.rs @@ -159,7 +159,6 @@ impl DyldInfoManager { let new_image_info = enumerate_dyld_images( &mut self.memory, - self.task, info_array_addr, info_array_count, dyld_image_load_addr, @@ -213,7 +212,6 @@ fn with_suspended_task( fn enumerate_dyld_images( memory: &mut ForeignMemory, - task: mach_port_t, info_array_addr: u64, info_array_count: u32, dyld_image_load_addr: u64, @@ -229,21 +227,21 @@ fn enumerate_dyld_images( for image_index in 0..info_array_count { let (base_avma, image_file_path) = { let info_array_elem_addr = - info_array_addr + image_index as u64 * mem::size_of::() as u64; + info_array_addr + image_index as u64 * mem::size_of::() as mach_vm_address_t; let mut image_info: MaybeUninit = MaybeUninit::uninit(); - let mut size = mem::size_of::() as u64; + let mut size = mem::size_of::() as mach_vm_size_t; unsafe { mach_vm_read_overwrite( - task, + memory.task, info_array_elem_addr, size, - &mut image_info as *mut MaybeUninit as u64, + &mut image_info as *mut MaybeUninit as mach_vm_address_t, &mut size, ) .into_result()?; } - if size != mem::size_of::() as u64 { + if size != mem::size_of::() as mach_vm_size_t { return Err(kernel_error::KernelError::InvalidValue); } @@ -276,17 +274,42 @@ fn get_dyld_image_info( image_file_path: u64, ) -> kernel_error::Result { let filename = { - let filename_bytes: &[i8; 512] = - unsafe { memory.get_type_ref_at_address(image_file_path) }?; + let mut filename_bytes: MaybeUninit<[i8; 512]> = MaybeUninit::uninit(); + let mut size = 512; + + unsafe { + mach_vm_read_overwrite( + memory.task, + image_file_path, + size as mach_vm_size_t, + &mut filename_bytes as *mut MaybeUninit<[i8; 512]> as mach_vm_address_t, + &mut size, + ) + .into_result()?; + } + let filename_bytes = unsafe { filename_bytes.assume_init() }; + unsafe { std::ffi::CStr::from_ptr(filename_bytes.as_ptr()) } .to_string_lossy() .to_string() }; let header = { - let header: &MachHeader64 = - unsafe { memory.get_type_ref_at_address(base_avma) }?; - *header + let mut header: MaybeUninit> = MaybeUninit::uninit(); + let mut size = mem::size_of::>() as mach_vm_size_t; + + unsafe { + mach_vm_read_overwrite( + memory.task, + base_avma, + size, + &mut header as *mut MaybeUninit> as mach_vm_address_t, + &mut size, + ) + .into_result()?; + } + + unsafe { header.assume_init() } }; let endian = LittleEndian; From 419a1653f009636bb3fb38d897262767878d05fd Mon Sep 17 00:00:00 2001 From: Marco Concetto Rudilosso Date: Mon, 4 Nov 2024 13:52:12 +0100 Subject: [PATCH 4/4] more format --- samply/src/mac/proc_maps.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/samply/src/mac/proc_maps.rs b/samply/src/mac/proc_maps.rs index b68c2306..82993422 100644 --- a/samply/src/mac/proc_maps.rs +++ b/samply/src/mac/proc_maps.rs @@ -226,8 +226,8 @@ fn enumerate_dyld_images( for image_index in 0..info_array_count { let (base_avma, image_file_path) = { - let info_array_elem_addr = - info_array_addr + image_index as u64 * mem::size_of::() as mach_vm_address_t; + let info_array_elem_addr = info_array_addr + + image_index as u64 * mem::size_of::() as mach_vm_address_t; let mut image_info: MaybeUninit = MaybeUninit::uninit(); let mut size = mem::size_of::() as mach_vm_size_t; unsafe {