asmrepl 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7045e3fe0facfdc15e21bb3dfebcaf5232eb68c144ac07e6bf61588979ca3c7f
-  data.tar.gz: 158f3aea1088ae25397dccfc6bf593449df3482f031c025c6dbf33ce372f6a53
+  metadata.gz: 4b7a42ce7b9651305349e0f3aa6eafe88755a7f5bce4224ea0fab31c7169a0cd
+  data.tar.gz: 95ef6c4ebe42d82341782e5014b21237f6ba436ce3b296041aec59c4fdc8ba38
 SHA512:
-  metadata.gz: d039b567f9cb938f56f86c1ea02a9c16a3c266748fb16d37b5c710c66618010dba32b13755d778c9dded6a56bb521fb61198281297543aad9f3f6c39028510b4
-  data.tar.gz: 7f37562a9568489d61d9eb3144310d3c372fd5fe7ab07b3b0786c268bc8a2b20077a52736723d0f684930924614083cc4df2a817e6f91f8f6b7afae438aeb0fc
+  metadata.gz: affb18c181d063ddf30f48006d980753573ca797f51d49e51e231cb6fbc9a4ffc4ec0204e806b02c5df895426cdae04185cbe12f605ee755d4ec35529879954e
+  data.tar.gz: bdfa0987327ef236a1e4a9fd991e00d864bac78e7408185f1c94ec93cb04b20fe82bc7336a214422b1067bbc02a12c8ac69ac132cf4cf842653f9e7e1d45ed8c

data/lib/asmrepl/assembler.rb

@@ -11,7 +11,11 @@ module ASMREPL
         l = if possibles.any? { |form| form.operands[1].type == n.to_s }
           fisk.lit(n)
         else
-          fisk.imm(n)
+          if r.size == 64
+            fisk.imm32(n)
+          else
+            fisk.imm(n)
+          end
         end
         fisk.gen_with_insn insn, [r, l]
       in [:command, [:instruction, insn], [:register, r], [:register, r2]]

data/lib/asmrepl/disasm.rb

@@ -0,0 +1,24 @@
+require "crabstone"
+
+class Crabstone::Binding::Instruction
+  class << self
+    alias :old_release :release
+  end
+
+  # Squelch error in crabstone
+  def self.release obj
+    nil
+  end
+end
+
+module ASMREPL
+  module Disasm
+    def self.disasm buffer
+      binary = buffer.memory[0, buffer.pos]
+      cs = Crabstone::Disassembler.new(Crabstone::ARCH_X86, Crabstone::MODE_64)
+      cs.disasm(binary, buffer.memory.to_i).each {|i|
+        puts "%s %s" % [i.mnemonic, i.op_str]
+      }
+    end
+  end
+end

data/lib/asmrepl/linux.rb

@@ -1,4 +1,5 @@
 require "fisk/helpers"
+require "asmrepl/thread_state"
 
 module ASMREPL
   module Linux
@@ -44,13 +45,13 @@ module ASMREPL
 
     # x86_64-linux-gnu/sys/ptrace.h
     PTRACE_GETREGS = 12
+    PTRACE_SETREGS = 13
 
     def self.traceme
       raise unless ptrace(PTRACE_TRACEME, 0, 0, 0).zero?
     end
 
-    class ThreadState
-      fields = (<<-eostruct).scan(/int ([^;]*);/).flatten
+    fields = (<<-eostruct).scan(/int ([^;]*);/).flatten
 struct user_regs_struct
 {
   __extension__ unsigned long long int r15;
@@ -81,82 +82,15 @@ struct user_regs_struct
   __extension__ unsigned long long int fs;
   __extension__ unsigned long long int gs;
 };
-      eostruct
-      fields.each_with_index do |field, i|
-        define_method(field) do
-          to_ptr[Fiddle::SIZEOF_INT64_T * i, Fiddle::SIZEOF_INT64_T].unpack1("l!")
-        end
-      end
-
-      define_singleton_method(:sizeof) do
-        fields.length * Fiddle::SIZEOF_INT64_T
-      end
-
-      def [] name
-        idx = fields.index(name)
-        return unless idx
-        to_ptr[Fiddle::SIZEOF_INT64_T * idx, Fiddle::SIZEOF_INT64_T].unpack1("l!")
-      end
-
-      def self.malloc
-        new Fiddle::Pointer.malloc sizeof
-      end
-
-      attr_reader :to_ptr
-
-      def initialize buffer
-        @to_ptr = buffer
-      end
+    eostruct
 
-      define_method(:fields) do
-        fields
-      end
-
-      def to_s
-        buf = ""
-        fields.first(8).zip(fields.drop(8).first(8)).each do |l, r|
-          buf << "#{l.ljust(3)}  #{sprintf("%#018x", send(l))}"
-          buf << "  "
-          buf << "#{r.ljust(3)}  #{sprintf("%#018x", send(r))}\n"
-        end
+    class ThreadState < ASMREPL::ThreadState.build(fields)
+      private
 
-        buf << "\n"
+      def read_flags; eflags; end
 
-        fields.drop(16).each do |reg|
-          buf << "#{reg.ljust(8)}  #{sprintf("%#018x", send(reg))}\n"
-        end
-        buf
-      end
-
-      FLAGS = [
-        ['CF', 'Carry Flag'],
-        [nil, 'Reserved'],
-        ['PF', 'Parity Flag'],
-        [nil, 'Reserved'],
-        ['AF', 'Adjust Flag'],
-        [nil, 'Reserved'],
-        ['ZF', 'Zero Flag'],
-        ['SF', 'Sign Flag'],
-        ['TF', 'Trap Flag'],
-        ['IF', 'Interrupt Enable Flag'],
-        ['DF', 'Direction Flag'],
-        ['OF', 'Overflow Flag'],
-        ['IOPL_H', 'I/O privilege level High bit'],
-        ['IOPL_L', 'I/O privilege level Low bit'],
-        ['NT', 'Nested Task Flag'],
-        [nil, 'Reserved'],
-      ]
-
-      def flags
-        flags = eflags
-        f = []
-        FLAGS.each do |abbrv, _|
-          if abbrv && flags & 1 == 1
-            f << abbrv
-          end
-          flags >>= 1
-        end
-        f
+      def other_registers
+        super - ["orig_rax"]
       end
     end
 
@@ -176,6 +110,12 @@ struct user_regs_struct
         state
       end
 
+      def state= state
+        raise unless Linux.ptrace(PTRACE_SETREGS, @pid, 0, state).zero?
+
+        state
+      end
+
       def continue
         unless Linux.ptrace(Linux::PTRACE_CONT, @pid, 1, 0).zero?
           raise

data/lib/asmrepl/macos.rb

@@ -1,4 +1,5 @@
 require "fisk/helpers"
+require "asmrepl/thread_state"
 
 module ASMREPL
   module MacOS
@@ -26,6 +27,7 @@ module ASMREPL
     make_function "task_for_pid", [TYPE_VOIDP, TYPE_INT, TYPE_VOIDP], TYPE_INT
     make_function "task_threads", [TYPE_VOIDP, TYPE_VOIDP, TYPE_VOIDP], TYPE_INT
     make_function "thread_get_state", [TYPE_VOIDP, TYPE_INT, TYPE_VOIDP, TYPE_VOIDP], TYPE_INT
+    make_function "thread_set_state", [TYPE_VOIDP, TYPE_INT, TYPE_VOIDP, TYPE_INT], TYPE_INT
     make_function "mmap", [TYPE_VOIDP,
                            TYPE_SIZE_T,
                            TYPE_INT,
@@ -47,8 +49,7 @@ module ASMREPL
       raise unless ptrace(PT_TRACE_ME, 0, 0, 0).zero?
     end
 
-    class ThreadState
-      fields = (<<-eostruct).scan(/uint64_t ([^;]*);/).flatten
+    fields = (<<-eostruct).scan(/uint64_t ([^;]*);/).flatten
 struct x86_thread_state64_t {
   uint64_t rax;
   uint64_t rbx;
@@ -72,83 +73,12 @@ struct x86_thread_state64_t {
   uint64_t fs;
   uint64_t gs;
 }
-      eostruct
-      fields.each_with_index do |field, i|
-        define_method(field) do
-          to_ptr[Fiddle::SIZEOF_INT64_T * i, Fiddle::SIZEOF_INT64_T].unpack1("l!")
-        end
-      end
-
-      define_singleton_method(:sizeof) do
-        fields.length * Fiddle::SIZEOF_INT64_T
-      end
-
-      def [] name
-        idx = fields.index(name)
-        return unless idx
-        to_ptr[Fiddle::SIZEOF_INT64_T * idx, Fiddle::SIZEOF_INT64_T].unpack1("l!")
-      end
-
-      def self.malloc
-        new Fiddle::Pointer.malloc sizeof
-      end
+    eostruct
 
-      attr_reader :to_ptr
+    class ThreadState < ASMREPL::ThreadState.build(fields)
+      private
 
-      def initialize buffer
-        @to_ptr = buffer
-      end
-
-      define_method(:fields) do
-        fields
-      end
-
-      def to_s
-        buf = ""
-        fields.first(8).zip(fields.drop(8).first(8)).each do |l, r|
-          buf << "#{l.ljust(3)}  #{sprintf("%#018x", send(l))}"
-          buf << "  "
-          buf << "#{r.ljust(3)}  #{sprintf("%#018x", send(r))}\n"
-        end
-
-        buf << "\n"
-
-        fields.drop(16).each do |reg|
-          buf << "#{reg.ljust(6)}  #{sprintf("%#018x", send(reg))}\n"
-        end
-        buf
-      end
-
-      FLAGS = [
-        ['CF', 'Carry Flag'],
-        [nil, 'Reserved'],
-        ['PF', 'Parity Flag'],
-        [nil, 'Reserved'],
-        ['AF', 'Adjust Flag'],
-        [nil, 'Reserved'],
-        ['ZF', 'Zero Flag'],
-        ['SF', 'Sign Flag'],
-        ['TF', 'Trap Flag'],
-        ['IF', 'Interrupt Enable Flag'],
-        ['DF', 'Direction Flag'],
-        ['OF', 'Overflow Flag'],
-        ['IOPL_H', 'I/O privilege level High bit'],
-        ['IOPL_L', 'I/O privilege level Low bit'],
-        ['NT', 'Nested Task Flag'],
-        [nil, 'Reserved'],
-      ]
-
-      def flags
-        flags = rflags
-        f = []
-        FLAGS.each do |abbrv, _|
-          if abbrv && flags & 1 == 1
-            f << abbrv
-          end
-          flags >>= 1
-        end
-        f
-      end
+      def read_flags; rflags; end
     end
 
     PT_TRACE_ME    = 0
@@ -176,9 +106,30 @@ struct x86_thread_state64_t {
       end
 
       def state
-        # Probably should use this for something
-        # count = thread_count[0]
+        3.times do
+          # Probably should use this for something
+          # count = thread_count[0]
+
+          # I can't remember what header I found this in, but it's from a macOS header
+          # :sweat-smile:
+          x86_THREAD_STATE64_COUNT = ThreadState.sizeof / Fiddle::SIZEOF_INT
+
+          # Same here
+          x86_THREAD_STATE64 = 4
+
+          state_count = Fiddle::Pointer.malloc(Fiddle::SIZEOF_INT64_T)
+          state_count[0, Fiddle::SIZEOF_INT64_T] = [x86_THREAD_STATE64_COUNT].pack("l!")
 
+          state = ThreadState.malloc
+          if MacOS.thread_get_state(@thread, x86_THREAD_STATE64, state, state_count).zero?
+            return state
+          end
+        end
+
+        raise "Couldn't get CPU state"
+      end
+
+      def state= new_state
         # I can't remember what header I found this in, but it's from a macOS header
         # :sweat-smile:
         x86_THREAD_STATE64_COUNT = ThreadState.sizeof / Fiddle::SIZEOF_INT
@@ -186,13 +137,7 @@ struct x86_thread_state64_t {
         # Same here
         x86_THREAD_STATE64 = 4
 
-        state_count = Fiddle::Pointer.malloc(Fiddle::SIZEOF_INT64_T)
-        state_count[0, Fiddle::SIZEOF_INT64_T] = [x86_THREAD_STATE64_COUNT].pack("l!")
-
-        state = ThreadState.malloc
-        raise unless MacOS.thread_get_state(@thread, x86_THREAD_STATE64, state, state_count).zero?
-
-        state
+        raise unless MacOS.thread_set_state(@thread, x86_THREAD_STATE64, new_state, x86_THREAD_STATE64_COUNT).zero?
       end
 
       def continue

data/lib/asmrepl/repl.rb

@@ -9,6 +9,8 @@ else
 end
 
 module ASMREPL
+  MAXINT = 0xFFFFFFFFFFFFFFFF
+
   class REPL
     include Fiddle
 
@@ -43,9 +45,9 @@ module ASMREPL
 
         if last_state[field] != state[field]
           print "#{field.ljust(6)}  "
-          print sprintf("%#018x", last_state[field])
+          print sprintf("%#018x", last_state[field] & MAXINT)
           print " => "
-          puts bold(sprintf("%#018x", state[field]))
+          puts bold(sprintf("%#018x", state[field] & MAXINT))
         end
       end
 
@@ -83,18 +85,21 @@ module ASMREPL
           last_state = state
         end
 
-        # Move the JIT buffer to the current instruction pointer
-        pos = (state.rip - @buffer.memory.to_i)
-        @buffer.seek pos
         use_history = true
         begin
           loop do
             cmd = nil
             prompt = sprintf("(rip %#018x)> ", state.rip)
             text = Reline.readmultiline(prompt, use_history) do |multiline_input|
-              if multiline_input =~ /\A\s*(\w+)\s*\Z/
+              case multiline_input
+              when /\Adisasm\Z/
+                cmd = :disasm
+              when /\A\s*(\w+)\s*\Z/
                 register = $1
                 cmd = [:read, register]
+              when /\A\s*(\w+)\s*=\s*(\d+)\Z/
+                register = $1
+                cmd = [:write, register, $2.to_i]
               else
                 cmd = :run
               end
@@ -102,6 +107,15 @@ module ASMREPL
             end
 
             case cmd
+            in :disasm
+              # disassembles the JIT buffer.  This is just for development,
+              # I don't want to make a hard dependency on crabstone right now.
+              # If you want to use this, install crabstone
+              begin
+                require "asmrepl/disasm"
+                ASMREPL::Disasm.disasm @buffer
+              rescue
+              end
             in :run
               break if text.chomp.empty?
               begin
@@ -113,13 +127,23 @@ module ASMREPL
 
               begin
                 binary = @assembler.assemble parser_result
+
+                # Move the JIT buffer to the current instruction pointer, but
+                # rewind RIP so that we write over the int3
+                pos = (state.rip - @buffer.memory.to_i - 1)
+                @buffer.seek pos
                 binary.bytes.each { |byte| @buffer.putc byte }
+                state.rip -= 1
+                tracer.state = state
               rescue Fisk::Errors::InvalidInstructionError => e
                 # Print an error message when the instruction is invalid
                 puts e.message
                 next
               end
               break
+            in [:write, reg, val]
+              state[reg] = val
+              tracer.state = state
             in [:read, "cpu"]
               display_state state
             in [:read, reg]

data/lib/asmrepl/thread_state.rb

@@ -0,0 +1,108 @@
+require "fiddle"
+
+module ASMREPL
+  class ThreadState
+    def self.sizeof
+      fields.length * Fiddle::SIZEOF_INT64_T
+    end
+
+    def self.malloc
+      new Fiddle::Pointer.malloc sizeof
+    end
+
+    FLAGS = [
+      ['CF', 'Carry Flag'],
+      [nil, 'Reserved'],
+      ['PF', 'Parity Flag'],
+      [nil, 'Reserved'],
+      ['AF', 'Adjust Flag'],
+      [nil, 'Reserved'],
+      ['ZF', 'Zero Flag'],
+      ['SF', 'Sign Flag'],
+      ['TF', 'Trap Flag'],
+      ['IF', 'Interrupt Enable Flag'],
+      ['DF', 'Direction Flag'],
+      ['OF', 'Overflow Flag'],
+      ['IOPL_H', 'I/O privilege level High bit'],
+      ['IOPL_L', 'I/O privilege level Low bit'],
+      ['NT', 'Nested Task Flag'],
+      [nil, 'Reserved'],
+    ]
+
+    attr_reader :to_ptr
+
+    def initialize buffer
+      @to_ptr = buffer
+    end
+
+    def [] name
+      idx = fields.index(name)
+      return unless idx
+      to_ptr[Fiddle::SIZEOF_INT64_T * idx, Fiddle::SIZEOF_INT64_T].unpack1("l!")
+    end
+
+    def []= name, val
+      idx = fields.index(name)
+      return unless idx
+      to_ptr[Fiddle::SIZEOF_INT64_T * idx, Fiddle::SIZEOF_INT64_T] = [val].pack("l!")
+    end
+
+    def flags
+      flags = read_flags
+      f = []
+      FLAGS.each do |abbrv, _|
+        if abbrv && flags & 1 == 1
+          f << abbrv
+        end
+        flags >>= 1
+      end
+      f
+    end
+
+    def to_s
+      buf = ""
+      display_registers.first(8).zip(display_registers.drop(8)).each do |l, r|
+        buf << "#{l.ljust(3)}  #{sprintf("%#018x", self[l] & MAXINT)}"
+        buf << "  "
+        buf << "#{r.ljust(3)}  #{sprintf("%#018x", self[r] & MAXINT)}\n"
+      end
+
+      buf << "\n"
+
+      other_registers.each do |reg|
+        buf << "#{reg.ljust(7)}  #{sprintf("%#018x", self[reg] & MAXINT)}\n"
+      end
+      buf
+    end
+
+    def display_registers
+      %w{ rax rbx rcx rdx rdi rsi rbp rsp r8 r9 r10 r11 r12 r13 r14 r15 }
+    end
+
+    def other_registers
+      fields - display_registers
+    end
+
+    def self.build fields
+      Class.new(ThreadState) do
+        define_method(:fields) do
+          fields
+        end
+
+        define_singleton_method(:fields) do
+          fields
+        end
+
+        fields.each_with_index do |field, i|
+          define_method(field) do
+            to_ptr[Fiddle::SIZEOF_INT64_T * i, Fiddle::SIZEOF_INT64_T].unpack1("l!")
+          end
+
+          define_method("#{field}=") do |v|
+            to_ptr[Fiddle::SIZEOF_INT64_T * i, Fiddle::SIZEOF_INT64_T] = [v].pack("l!")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/asmrepl/version.rb

@@ -1,3 +1,3 @@
 module ASMREPL
-  VERSION = '1.1.0'
+  VERSION = '1.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asmrepl
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Aaron Patterson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-02 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -83,12 +83,14 @@ files:
 - bin/asmrepl
 - lib/asmrepl.rb
 - lib/asmrepl/assembler.rb
+- lib/asmrepl/disasm.rb
 - lib/asmrepl/linux.rb
 - lib/asmrepl/macos.rb
 - lib/asmrepl/parser.rb
 - lib/asmrepl/parser.tab.rb
 - lib/asmrepl/parser.y
 - lib/asmrepl/repl.rb
+- lib/asmrepl/thread_state.rb
 - lib/asmrepl/version.rb
 - test/asmrepl_test.rb
 - test/helper.rb