fixes; update data; get rid of placeholder functionality; add lambda.…

…h; make make_kernel_patchfile use b_relocate instead, whee
comex · Mar 17, 2011 · d1bbb99 · d1bbb99
1 parent 8136335
commit d1bbb99
Show file tree

Hide file tree

Showing 14 changed files with 162 additions and 335 deletions.
diff --git a/config/generate_config.py b/config/generate_config.py
diff --git a/config/generate_placeholder_test.bin.py b/config/generate_placeholder_test.bin.py
diff --git a/config/placeholder.h b/config/placeholder.h
diff --git a/data b/data
diff --git a/datautils/dmini.c b/datautils/dmini.c
diff --git a/datautils/lambda.h b/datautils/lambda.h
@@ -0,0 +1,44 @@
+#pragma once
+
+/*  Example:
+    
+    int multiplier = 5;
+    DECL_LAMBDA(l, int, (int a), {
+        return a * multiplier;
+    })
+    assert(l.func(l.arg, 4) == 20);
+
+    The point of this is to work on both iOS, where GCC inline
+    functions don't work, and Linux, where Apple blocks generally
+    aren't available.
+*/
+
+#ifdef __BLOCKS__
+struct _blk {
+    void *isa;
+    int flags;
+    int reserved;
+    void *invoke;
+};
+#define LAMBDA_BODY(typ, ret, args, body) \
+    ({ union { \
+           ret (^blk) args; \
+           struct _blk *_blk; \
+           void *vp; \
+        } u = { ^ret args body }; \
+       (typ) {u._blk->invoke, u.vp}; \
+       })
+#else
+#define LAMBDA_BODY_(typ, ret, args, body) \
+    ({ ret func args body; \
+       (typ) {&func, 0}; \
+       })
+#define LAMBDA_BODY(typ, ret, args, body) \
+    LAMBDA_BODY_(typ, ret, LAMBDA_UNPAREN args, body)
+#endif
+#define LAMBDA_UNPAREN(args...) (void *_lambda_ignored, ##args)
+#define DECL_LAMBDA(name, ret, args, body) \
+    struct { \
+        ret (*func) LAMBDA_UNPAREN args; \
+        void *arg; \
+    } name = LAMBDA_BODY(typeof(name), ret, args, body);
diff --git a/datautils/make_kernel_patchfile.c b/datautils/make_kernel_patchfile.c
@@ -1,8 +1,8 @@
 #include <data/common.h>
 #include <data/find.h>
 #include <data/binary.h>
-#include <data/cc.h>
-#include <config/placeholder.h>
+#include <data/link.h>
+#include "lambda.h"
 
 int patchfd;
 
@@ -52,21 +52,21 @@ addr_t find_sysctl(struct binary *binary, const char *name) {
     return b_read32(binary, csref - 8);
 }
 
-void do_kernel(prange_t output, prange_t sandbox, struct binary *binary) {
+void do_kernel(struct binary *binary, struct binary *sandbox) {
     bool is_armv7 = binary->actual_cpusubtype == 9;
 
-    bool four_dot_three = true;
+    bool four_dot_three = false;
     addr_t _kernel_pmap, _PE_i_can_has_debugger, _vn_getpath, _memcmp;
     if(0) {
         _kernel_pmap = 0x8027e2dc;
         _PE_i_can_has_debugger = 0x80203f74;
         _vn_getpath = 0x8008d7bd;
         _memcmp = 0x8006558d;
     } else {
-        _kernel_pmap = b_sym(binary, "_kernel_pmap", false);
-        _PE_i_can_has_debugger = b_sym(binary, "_PE_i_can_has_debugger", false);
-        _vn_getpath = b_sym(binary, "_vn_getpath", true);
-        _memcmp = b_sym(binary, "_memcmp", true);
+        _kernel_pmap = b_sym(binary, "_kernel_pmap", false, true);
+        _PE_i_can_has_debugger = b_sym(binary, "_PE_i_can_has_debugger", false, true);
+        _vn_getpath = b_sym(binary, "_vn_getpath", true, true);
+        _memcmp = b_sym(binary, "_memcmp", true, true);
     }
 
 
@@ -129,24 +129,27 @@ void do_kernel(prange_t output, prange_t sandbox, struct binary *binary) {
     range_t range = b_macho_segrange(binary, "__PRELINK_TEXT");
     addr_t sb_evaluate = find_bof(range, find_int32(range, find_string(range, "bad opcode", false, true), true), is_armv7);
 
-    preplace32(sandbox, CONFIG_IS_ARMV7, (uint32_t) is_armv7);
-    preplace32(sandbox, CONFIG_VN_GETPATH, _vn_getpath);
-    preplace32(sandbox, CONFIG_MEMCMP, _memcmp);
-    preplace32(sandbox, CONFIG_SB_EVALUATE_ORIG1, b_read32(binary, sb_evaluate));
-    preplace32(sandbox, CONFIG_SB_EVALUATE_ORIG2, b_read32(binary, sb_evaluate + 4));
-    preplace32(sandbox, CONFIG_SB_EVALUATE_JUMPTO, sb_evaluate + (is_armv7 ? 9 : 8));
-    preplace32(sandbox, CONFIG_DVP_STRUCT_OFFSET, find_dvp_struct_offset(binary));
-
-    check_no_placeholders(sandbox);
+
+    DECL_LAMBDA(l, uint32_t, (const char *name), {
+        if(!strcmp(name, "c_sb_evaluate_orig1")) return b_read32(binary, sb_evaluate);
+        if(!strcmp(name, "c_sb_evaluate_orig2")) return b_read32(binary, sb_evaluate + 4);
+        if(!strcmp(name, "c_sb_evaluate_jumpto")) return sb_evaluate + (is_armv7 ? 9 : 8);
+        if(!strcmp(name, "c_memcmp")) return _memcmp;
+        if(!strcmp(name, "c_vn_getpath")) return _vn_getpath;
+        if(!strcmp(name, "c_dvp_struct_offset")) return find_dvp_struct_offset(binary);
+        if(!strcmp(name, "c_is_armv7")) return is_armv7;
+        die("? %s", name);
+    })
+    b_relocate(sandbox, (void *) l.arg, (void *) l.func, 0);
+    prange_t sandbox_pr = rangeconv(b_nth_segment(sandbox, 0));
     patch_with_range("sb_evaluate hook",
                      scratch,
-                     sandbox);
+                     sandbox_pr);
 
     patch("sb_evaluate",
           sb_evaluate,
           uint32_t, {(is_armv7 ? 0xf000f8df : 0xe51ff004), scratch | 1});
 
-
     patch("proc_enforce",
           find_sysctl(binary, "proc_enforce"),
           uint32_t, {0});
@@ -157,24 +160,24 @@ void do_kernel(prange_t output, prange_t sandbox, struct binary *binary) {
     addr_t sysent_patch_orig = b_read32(binary, sysent + 4);
     patch("sysent patch", 0, uint32_t, {sysent + 4});
     patch("sysent patch orig", 0, uint32_t, {sysent_patch_orig});
-    patch("scratch", 0, uint32_t, {(scratch + sandbox.size + 0xfff) & ~0xfff});
-    //patch("IOLog", 0, uint32_t, {b_sym(binary, "_IOLog", true)});
+    patch("scratch", 0, uint32_t, {(scratch + sandbox_pr.size + 0xfff) & ~0xfff});
+    //patch("IOLog", 0, uint32_t, {b_sym(binary, "_IOLog", true, true)});*/
 }
 
 
 int main(int argc, char **argv) {
-    struct binary binary;
-    b_init(&binary);
-    prange_t kernel = load_file(argv[1], false, NULL);
-    b_prange_load_macho(&binary, kernel, argv[1]);
-    prange_t sandbox = load_file(argv[2], true, NULL);
+    struct binary kernel, sandbox;
+    b_init(&kernel);
+    b_init(&sandbox);
+    b_load_macho(&kernel, argv[1], false);
+    b_load_macho(&sandbox, argv[2], true);
 
     patchfd = open(argv[3], O_WRONLY | O_CREAT | O_TRUNC, 0644);
     if(patchfd == -1) {
         edie("could not open patchfd");
     }
 
-    do_kernel(kernel, sandbox, &binary);
+    do_kernel(&kernel, &sandbox);
 
     close(patchfd);
     return 0;

diff --git a/goo/catalog/catalog.py b/goo/catalog/catalog.py
@@ -26,7 +26,7 @@ def dbg_result():
         back = sys._getframe().f_back
         funcall('_printf', ptr('Result for %s:%d was %%08x\n' % (back.f_code.co_filename, back.f_lineno), True), result)
 
-dmini.init(['-k', kernfile])
+dmini.init(kernfile, False)
 
 # R4 R7 PC
 
@@ -38,7 +38,7 @@ def dbg_result():
 
 proc_ucred = dmini.cur.sym('_proc_ucred')
 
-dmini.init(['-c', cachefile])
+dmini.init(cachefile, True)
 
 def wrap(num):
     if (num & 0xf0000000) == 0x30000000:
@@ -47,16 +47,7 @@ def wrap(num):
         return num
 dmini.cur.wrap = wrap
 
-ldm, stub, num_before_r0, num_after_r0 = dmini.cur.find_ldms(0x14414114)
-#print hex(ldm), hex(stub), num_before_r0, num_after_r0
-
-kernstuff = ([0] * num_before_r0) + [0xffffffff] + ([0] * num_after_r0) + [popdude, mcrdude]
-kernstuff = struct.pack('I'*len(kernstuff), *kernstuff)
-
-kernstuff += '\0' * ((-len(kernstuff) & 0xfff) + (stub & 0xfff))
-
-plist = '<array><data>%s</data></array>' % base64.b64encode(kernstuff)
-
+plist = ''
 if mode == 'dejavu':
     init('R4', 'R5', 'PC')
     make_r7_avail()

diff --git a/goo/catalog/kcode.S b/goo/catalog/kcode.S
@@ -23,7 +23,7 @@ pf_loop:
     ldr r1, [r0], #4 ;# datalen
     cmp r1, #4
     bne copy_loop
-    # if it's 4, it must be done atomically
+    ;# if it's 4, it must be done atomically
     ldr lr, [r0]
     str lr, [r3]
     b inval_loop
+20 −3		Makefile
+59 −77		binary.c
+4 −8		binary.h
+1 −1		common.h
+35 −61		link.c
+3 −3		link.h
+2 −1		running_kernel.c