darwin: Add more temporary debug

frida · May 7, 2024 · ed7cee0 · ed7cee0
1 parent 2bd02cb
commit ed7cee0
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 56 deletions.
diff --git a/src/darwin/frida-helper-backend-glue.m b/src/darwin/frida-helper-backend-glue.m
@@ -404,6 +404,8 @@
 static void frida_spawn_instance_disable_nth_breakpoint (FridaSpawnInstance * self, guint n);
 static guint32 frida_spawn_instance_put_software_breakpoint (FridaSpawnInstance * self, GumAddress where, guint index);
 static guint32 frida_spawn_instance_overwrite_arm64_instruction (FridaSpawnInstance * self, GumAddress address, guint32 new_instruction);
+static void frida_spawn_instance_log_breakpoint_phase (FridaSpawnInstance * self, const gchar * label);
+static void frida_spawn_instance_log_address (FridaSpawnInstance * self, const gchar * prefix, GumAddress address);
 
 static void frida_make_pty (int fds[2]);
 static void frida_configure_terminal_attributes (gint fd);
@@ -2198,16 +2200,74 @@ static void frida_darwin_helper_backend_launch_using_lsaw (NSString * identifier
 }
 
 void
-_frida_darwin_helper_backend_schedule_heartbeat_on_dispatch_queue (FridaDarwinHelperBackend * self, guint identifier)
+_frida_darwin_helper_backend_schedule_heartbeat_on_dispatch_queue (FridaDarwinHelperBackend * self, void * spawn_instance, guint identifier)
 {
   FridaHelperContext * ctx = self->context;
 
   dispatch_async (ctx->dispatch_queue, ^
   {
-    _frida_darwin_helper_backend_on_heartbeat (self, identifier);
+    _frida_darwin_helper_backend_on_heartbeat (self, spawn_instance, identifier);
   });
 }
 
+void
+_frida_darwin_helper_backend_log_thread_state (FridaDarwinHelperBackend * self, void * opaque_spawn_instance)
+{
+  FridaSpawnInstance * instance = opaque_spawn_instance;
+  kern_return_t kr;
+  thread_basic_info_data_t info;
+  mach_msg_type_number_t info_count = THREAD_BASIC_INFO_COUNT;
+  GumDarwinUnifiedThreadState state;
+  mach_msg_type_number_t state_count = GUM_DARWIN_THREAD_STATE_COUNT;
+  thread_state_flavor_t state_flavor = GUM_DARWIN_THREAD_STATE_FLAVOR;
+
+  kr = thread_info (instance->thread, THREAD_BASIC_INFO, (thread_info_t) &info, &info_count);
+  if (kr == KERN_SUCCESS)
+  {
+    const gchar * state;
+
+    switch (info.run_state)
+    {
+      case TH_STATE_RUNNING: state = "running"; break;
+      case TH_STATE_STOPPED: state = "stopped"; break;
+      case TH_STATE_WAITING: state = "waiting"; break;
+      case TH_STATE_UNINTERRUPTIBLE: state = "uninterruptible"; break;
+      case TH_STATE_HALTED: state = "halted"; break;
+      default: state = "other"; break;
+    }
+
+    _frida_darwin_helper_backend_log_event (instance->backend, "\trun_state=%s", state);
+  }
+  else
+  {
+    _frida_darwin_helper_backend_log_event (instance->backend, "\tthread_info() failed: %d", kr);
+  }
+
+  kr = thread_get_state (instance->thread, state_flavor, (thread_state_t) &state, &state_count);
+  if (kr == KERN_SUCCESS)
+  {
+    GumAddress pc;
+
+#ifdef HAVE_I386
+    if (instance->cpu_type == GUM_CPU_AMD64)
+      pc = state.uts.ts64.__rip;
+    else
+      pc = state.uts.ts32.__eip;
+#else
+    if (instance->cpu_type == GUM_CPU_ARM64)
+      pc = __darwin_arm_thread_state64_get_pc (state.ts_64);
+    else
+      pc = state.ts_32.__pc;
+#endif
+
+    frida_spawn_instance_log_address (instance, "pc", pc);
+  }
+  else
+  {
+    _frida_darwin_helper_backend_log_event (instance->backend, "\tthread_get_state() failed: %d", kr);
+  }
+}
+
 guint
 _frida_darwin_helper_backend_inject_into_task (FridaDarwinHelperBackend * self, guint pid, guint task, const gchar * path_or_name, FridaMappedLibraryBlob * blob,
     const gchar * entrypoint, const gchar * data, GError ** error)
@@ -2857,56 +2917,6 @@ static void frida_darwin_helper_backend_launch_using_lsaw (NSString * identifier
   g_object_unref (backend);
 }
 
-static void
-frida_spawn_instance_log_breakpoint_phase (FridaSpawnInstance * self, const gchar * label)
-{
-  const gchar * name;
-
-  switch (self->breakpoint_phase)
-  {
-    case FRIDA_BREAKPOINT_DETECT_FLAVOR: name = "detect-flavor"; break;
-
-    case FRIDA_BREAKPOINT_SET_LIBDYLD_INITIALIZE_CALLER_BREAKPOINT: name = "set-libdyld-initialize-caller-breakpoint"; break;
-    case FRIDA_BREAKPOINT_LIBSYSTEM_INITIALIZED: name = "libsystem-initialized"; break;
-
-    case FRIDA_BREAKPOINT_SET_HELPERS: name = "set-helpers"; break;
-    case FRIDA_BREAKPOINT_DLOPEN_LIBC: name = "dlopen-libc"; break;
-    case FRIDA_BREAKPOINT_SKIP_CLEAR: name = "skip-clear"; break;
-    case FRIDA_BREAKPOINT_DLOPEN_BOOTSTRAPPER: name = "dlopen-bootstrapper"; break;
-
-    case FRIDA_BREAKPOINT_CF_INITIALIZE: name = "cf-initialize"; break;
-    case FRIDA_BREAKPOINT_CLEANUP: name = "cleanup"; break;
-    case FRIDA_BREAKPOINT_DONE: name = "done"; break;
-
-    default: g_assert_not_reached ();
-  }
-
-  _frida_darwin_helper_backend_log_event (self->backend, "\t%3s breakpoint_phase=\"%s\"", label, name);
-}
-
-static void
-frida_spawn_instance_log_address (FridaSpawnInstance * self, const gchar * prefix, GumAddress address)
-{
-  if (address >= self->dyld->base_address && address < self->dyld->base_address + self->dyld_size)
-  {
-    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=dyld!0x%" G_GINT64_MODIFIER "x",
-        prefix,
-        address - self->dyld->base_address);
-  }
-  else if (self->old_dyld != NULL && address >= self->old_dyld->base_address && address < self->old_dyld->base_address + self->dyld_size)
-  {
-    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=old_dyld!0x%" G_GINT64_MODIFIER "x",
-        prefix,
-        address - self->old_dyld->base_address);
-  }
-  else
-  {
-    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=0x%" G_GINT64_MODIFIER "x",
-        prefix,
-        address);
-  }
-}
-
 static void
 frida_spawn_instance_on_server_recv (void * context)
 {
@@ -4114,6 +4124,56 @@ static void frida_darwin_helper_backend_launch_using_lsaw (NSString * identifier
   return original_instruction;
 }
 
+static void
+frida_spawn_instance_log_breakpoint_phase (FridaSpawnInstance * self, const gchar * label)
+{
+  const gchar * name;
+
+  switch (self->breakpoint_phase)
+  {
+    case FRIDA_BREAKPOINT_DETECT_FLAVOR: name = "detect-flavor"; break;
+
+    case FRIDA_BREAKPOINT_SET_LIBDYLD_INITIALIZE_CALLER_BREAKPOINT: name = "set-libdyld-initialize-caller-breakpoint"; break;
+    case FRIDA_BREAKPOINT_LIBSYSTEM_INITIALIZED: name = "libsystem-initialized"; break;
+
+    case FRIDA_BREAKPOINT_SET_HELPERS: name = "set-helpers"; break;
+    case FRIDA_BREAKPOINT_DLOPEN_LIBC: name = "dlopen-libc"; break;
+    case FRIDA_BREAKPOINT_SKIP_CLEAR: name = "skip-clear"; break;
+    case FRIDA_BREAKPOINT_DLOPEN_BOOTSTRAPPER: name = "dlopen-bootstrapper"; break;
+
+    case FRIDA_BREAKPOINT_CF_INITIALIZE: name = "cf-initialize"; break;
+    case FRIDA_BREAKPOINT_CLEANUP: name = "cleanup"; break;
+    case FRIDA_BREAKPOINT_DONE: name = "done"; break;
+
+    default: g_assert_not_reached ();
+  }
+
+  _frida_darwin_helper_backend_log_event (self->backend, "\t%3s breakpoint_phase=\"%s\"", label, name);
+}
+
+static void
+frida_spawn_instance_log_address (FridaSpawnInstance * self, const gchar * prefix, GumAddress address)
+{
+  if (address >= self->dyld->base_address && address < self->dyld->base_address + self->dyld_size)
+  {
+    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=dyld!0x%" G_GINT64_MODIFIER "x",
+        prefix,
+        address - self->dyld->base_address);
+  }
+  else if (self->old_dyld != NULL && address >= self->old_dyld->base_address && address < self->old_dyld->base_address + self->dyld_size)
+  {
+    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=old_dyld!0x%" G_GINT64_MODIFIER "x",
+        prefix,
+        address - self->old_dyld->base_address);
+  }
+  else
+  {
+    _frida_darwin_helper_backend_log_event (self->backend, "\t%s=0x%" G_GINT64_MODIFIER "x",
+        prefix,
+        address);
+  }
+}
+
 static void
 frida_make_pty (int fds[2])
 {

diff --git a/src/darwin/frida-helper-backend.vala b/src/darwin/frida-helper-backend.vala
@@ -455,8 +455,8 @@ namespace Frida {
 						uint next_heartbeat_id = 1;
 						heartbeat_source.set_callback (() => {
 							uint id = next_heartbeat_id++;
-							_on_heartbeat (id);
-							_schedule_heartbeat_on_dispatch_queue (id);
+							_on_heartbeat (spawn_instance, id);
+							_schedule_heartbeat_on_dispatch_queue (spawn_instance, id);
 							return true;
 						});
 						heartbeat_source.attach (MainContext.get_thread_default ());
@@ -511,8 +511,9 @@ namespace Frida {
 			_log_event ("breakpoint-response kr=%d", kr);
 		}
 
-		public void _on_heartbeat (uint id) {
+		public void _on_heartbeat (void * spawn_instance, uint id) {
 			_log_event ("heartbeat id=%u", id);
+			_log_thread_state (spawn_instance);
 		}
 
 		private bool is_booting (uint task) throws Error {
@@ -735,7 +736,8 @@ namespace Frida {
 		protected extern void _prepare_spawn_instance_for_injection (void * instance, uint task) throws Error;
 		protected extern void _resume_spawn_instance (void * instance);
 		protected extern void _free_spawn_instance (void * instance);
-		protected extern void _schedule_heartbeat_on_dispatch_queue (uint id);
+		protected extern void _schedule_heartbeat_on_dispatch_queue (void * spawn_instance, uint id);
+		protected extern void _log_thread_state (void * spawn_instance);
 
 		protected extern uint _inject_into_task (uint pid, uint task, string path_or_name, MappedLibraryBlob? blob, string entrypoint, string data) throws Error;
 		protected extern void _demonitor (void * instance);