-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implements Frida Hardware breakpoints #647
Conversation
src/agent/lib/debug/breakpoints.ts
Outdated
if (breakpoints.size === 0) { | ||
return "No breakpoints set"; | ||
} | ||
bps.push(`type\t address \tenabled\t cmd `); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use the text-table dependency https://www.npmjs.com/package/text-table . its already in the pkg.json
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did it using markdown-table
which is the unique module with ESM support I've found.
src/agent/lib/debug/breakpoints.ts
Outdated
return "No breakpoints set"; | ||
} | ||
bps.push(`type\t address \tenabled\t cmd `); | ||
bps.push(`----\t-----------\t-------\t-------`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tabs are bad for your health\Wterminal output
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resolved!
* - For other architectures, it returns a 1-byte buffer with the instruction `0xcc`. | ||
*/ | ||
export function breakpointInstruction(): ArrayBufferLike { | ||
if (Process.arch === 'arm64') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
taken from r2. maybe we can also add armv7 bps here:
6 static RBreakpointArch r_bp_plugin_arm_bps[] = {
7 { 64, 4, 0, (const ut8*)"\x00\x00\x20\xd4" }, // le - arm64 brk0
8 { 64, 4, 1, (const ut8*)"\xd4\x20\x00\x00" }, // be - arm64
9 //{ 64, 1, 0, (const ut8*)"\xfe\xde\xff\xe7" }, // le - arm64 // hacky fix
10
11 {32, 4, 0, (const ut8*)"\xf0\x01\xf0\xe7" }, // eabi-le - undefined instruction - for all kernels
12 {32, 4, 1, (const ut8*)"\xe7\xf0\x01\xf0" }, // eabi-be
13
14 // { 32, 1, 0, (const ut8*)"\xff\xff\xff\xff" }, // le - linux only? (undefined instruction)
15 // { 32, 1, 1, (const ut8*)"\xff\xff\xff\xff" }, // be - linux only? (undefined instruction)
16 // { 32, 4, 0, (const ut8*)"\x01\x00\x9f\xef" }, // le - linux only? (undefined instruction)
17 // { 32, 4, 1, (const ut8*)"\xef\x9f\x00\x01" }, // be
18 #if 0
19 { 4, 0, (const ut8*)"\xfe\xde\xff\xe7" }, // arm-le - from a gdb patch
20 { 4, 1, (const ut8*)"\xe7\xff\xde\xfe" }, // arm-be
21 { 4, 0, (const ut8*)"\xf0\x01\xf0\xe7" }, // eabi-le - undefined instruction - for all kernels
22 { 4, 1, (const ut8*)"\xe7\xf0\x01\xf0" }, // eabi-be
23 #endif
24 { 16, 2, 0, (const ut8*)"\x01\xbe" }, // thumb-le
25 { 16, 2, 1, (const ut8*)"\xbe\x01" }, // thumb-be
26 { 16, 2, 0, (const ut8*)"\xfe\xdf" }, // arm-thumb-le
27 { 16, 2, 1, (const ut8*)"\xdf\xfe" }, // arm-thumb-be
28 { 16, 4, 0, (const ut8*)"\xff\xff\xff\xff" }, // arm-thumb-le
29 { 16, 4, 1, (const ut8*)"\xff\xff\xff\xff" }, // arm-thumb-be
30 { 0, 0, 0, NULL }
31 };
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would consider this in another PR
":db (<addr>|<sym>) Add a new breakpoint\n" | ||
":db[j*] List breakpoints\n" | ||
":dbc (<addr>|<sym>) Associate an r2 command when the breakpoint is hit\n" | ||
":dbs (<addr>|<sym>) Enable/Disable a breakpoint\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe have dbd and dbe to make it implicit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think :dbs is more intuitive
…ints code. fix :dbc to allow running a r2cmd when a breakpoint is hit
01e7a76
to
1d652b8
Compare
dbg.hwbp
configuration flag.:dbc
command to run a r2 command when a breakpoint hits.:dbs
to enable/disable a breakpoint.