iZsh-ragweed 0.1.8

data/lib/ragweed/wraposx/thread_context.rb

@@ -0,0 +1,203 @@
+module Ragweed; end
+module Ragweed::Wraposx
+  module EFlags
+    CARRY =         0x1
+    X0 =            0x2
+    PARITY =        0x4
+    X1 =            0x8
+    ADJUST =        0x10
+    X2 =            0x20
+    ZERO =          0x40
+    SIGN =          0x80
+    TRAP =          0x100
+    INTERRUPT =     0x200
+    DIRECTION =     0x400
+    OVERFLOW =      0x800
+    IOPL1 =         0x1000
+    IOPL2 =         0x2000
+    NESTEDTASK =    0x4000
+    X3 =            0x8000
+    RESUME =        0x10000
+    V86MODE =       0x20000
+    ALIGNCHECK =    0x40000
+    VINT =          0x80000
+    VINTPENDING =   0x100000
+    CPUID =         0x200000
+  end
+end
+
+class Ragweed::Wraposx::ThreadContext
+  include Ragweed
+  (FIELDS = [ [:eax, "I"],
+              [:ebx, "I"],
+              [:ecx, "I"],
+              [:edx, "I"],
+              [:edi, "I"],
+              [:esi, "I"],
+              [:ebp, "I"],
+              [:esp, "I"],
+              [:ss, "I"],
+              [:eflags, "I"],
+              [:eip, "I"],
+              [:cs, "I"],
+              [:ds, "I"],
+              [:es, "I"],
+              [:fs, "I"],
+              [:gs, "I"]]).each {|x| attr_accessor x[0]}
+  FIELDTYPES = FIELDS.map {|x| x[1]}.join("")
+
+  def initialize(str=nil)
+    refresh(str) if str
+  end
+
+  #(re)loads the data fields from str
+  def refresh(str)
+    if str
+      str.unpack(FIELDTYPES).each_with_index do |val, i|
+        instance_variable_set "@#{ FIELDS[i][0] }".intern, val
+      end            
+    end
+  end
+
+  def to_s
+    FIELDS.map {|f| send(f[0])}.pack(FIELDTYPES)
+  end
+
+  def self.get(h)
+    Wraposx::thread_suspend(h)
+    r = self.new(Wraposx::thread_get_state_raw(h))
+    Wraposx::thread_resume(h)
+    return r
+  end
+
+  def get(h)
+    Wraposx::thread_suspend(h)
+    r = refresh(Wraposx::thread_get_state_raw(h))
+    Wraposx::thread_resume(h)
+    return r
+  end
+
+  def set(h)
+    Wraposx::thread_suspend(h)
+    r = Wraposx::thread_set_state_raw(h, self.to_s)
+    Wraposx::thread_resume(h)
+    return 
+  end
+
+  def inspect
+    body = lambda do
+      FIELDS.map do |f|
+        "#{f[0]}=#{send(f[0]).to_s(16)}"
+      end.join(", ")
+    end
+    "#<ThreadContext #{body.call}>"
+  end
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }      
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    CONTEXT:
+    EIP: #{self.eip.to_s(16).rjust(8, "0")} #{maybe_dis.call(self.eip)}
+
+    EAX: #{self.eax.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.eax)}
+    EBX: #{self.ebx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ebx)}
+    ECX: #{self.ecx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ecx)}
+    EDX: #{self.edx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.edx)}
+    EDI: #{self.edi.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.edi)}
+    ESI: #{self.esi.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esi)}
+    EBP: #{self.ebp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ebp)}
+    ESP: #{self.esp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esp)}
+    EFL: #{self.eflags.to_s(2).rjust(32, "0")} #{Wraposx::EFlags.flag_dump(self.eflags)}
+EOM
+  end
+
+  # sets/clears the TRAP flag
+  def single_step(v=true)
+    if v
+      @eflags |= Wraposx::EFlags::TRAP
+    else
+      @eflags &= ~(Wraposx::EFlags::TRAP)
+    end
+  end
+end
+
+module Ragweed::Wraposx
+
+  # FIXME - constants need to be in separate sub modules
+  # XXX - move to class based implementation a la region_info
+  # define i386_THREAD_STATE_COUNT   ((mach_msg_type_number_t)( sizeof (i386_thread_state_t) / sizeof (int) ))
+  # i386_thread_state_t is a struct w/ 16 uint
+  I386_THREAD_STATE_COUNT = 16
+  I386_THREAD_STATE = 1
+  REGISTER_SYMS = [:eax,:ebx,:ecx,:edx,:edi,:esi,:ebp,:esp,:ss,:eflags,:eip,:cs,:ds,:es,:fs,:gs]
+
+  class << self
+
+    # Returns a Hash of the thread's registers given a thread id.
+    #
+    # kern_return_t   thread_get_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       old_state,
+    #                 mach_msg_type_number_t         old_state_count);
+    def thread_get_state(thread)
+      state_arr = ("\x00"*SIZEOFINT*I386_THREAD_STATE_COUNT).to_ptr
+      count = ([I386_THREAD_STATE_COUNT].pack("I_")).to_ptr
+      r = CALLS["libc!thread_get_state:IIPP=I"].call(thread, I386_THREAD_STATE, state_arr, count).first
+      raise KernelCallError.new(:thread_get_state, r) if r != 0
+      r = state_arr.to_s(I386_THREAD_STATE_COUNT*SIZEOFINT).unpack("I_"*I386_THREAD_STATE_COUNT)
+      regs = Hash.new
+      I386_THREAD_STATE_COUNT.times do |i|
+        regs[REGISTER_SYMS[i]] = r[i]
+      end
+      return regs
+    end
+
+    # Returns string representation of a thread's registers for unpacking given a thread id
+    #
+    # kern_return_t   thread_get_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       old_state,
+    #                 mach_msg_type_number_t         old_state_count);
+    def thread_get_state_raw(thread)
+      state_arr = ("\x00"*SIZEOFINT*I386_THREAD_STATE_COUNT).to_ptr
+      count = ([I386_THREAD_STATE_COUNT].pack("I_")).to_ptr
+      r = CALLS["libc!thread_get_state:IIPP=I"].call(thread, I386_THREAD_STATE, state_arr, count).first
+      raise KernelCallError.new(:thread_get_state, r) if r != 0
+      return state_arr.to_s(I386_THREAD_STATE_COUNT*SIZEOFINT)
+    end
+
+    # Sets the register state of thread from a Hash containing it's values.
+    #
+    # kern_return_t   thread_set_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       new_state,
+    #                 target_thread                  new_state_count);
+    def thread_set_state(thread, state)
+      s = Array.new
+      I386_THREAD_STATE_COUNT.times do |i|
+        s << state[REGISTER_SYMS[i]]
+      end
+      s = s.pack("I_"*I386_THREAD_STATE_COUNT).to_ptr
+      r = CALLS["libc!thread_set_state:IIPI=I"].call(thread, I386_THREAD_STATE, s, I386_THREAD_STATE_COUNT).first
+      raise KernelCallError.new(:thread_set_state, r) if r!= 0
+    end
+
+    # Sets the register state of thread from a packed string containing it's values.
+    #
+    # kern_return_t   thread_set_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       new_state,
+    #                 target_thread                  new_state_count);
+    def thread_set_state_raw(thread, state)
+      r = CALLS["libc!thread_set_state:IIPI=I"].call(thread, I386_THREAD_STATE, state.to_ptr, I386_THREAD_STATE_COUNT).first
+      raise KernelCallError.new(:thread_set_state, r) if r!= 0
+    end
+  end
+end

data/lib/ragweed/wraposx/thread_info.rb

@@ -0,0 +1,225 @@
+module Ragweed; end
+module Ragweed::Wraposx::ThreadInfo
+  class << self
+    #factory method to get a ThreadInfo variant
+    def self.get(flavor,tid)
+      found = false
+      klass = self.constants.detect{|c| con = self.const_get(c); con.kind_of?(Class) && (flavor == con.const_get(:FLAVOR))}
+      if klass.nil?
+        raise Ragwed::Wraposx::KErrno::INVALID_ARGUMENT
+      else
+        klass.get(tid)
+      end
+    end
+  end
+
+  # info interfaces
+  BASIC_INFO = 3  #basic information
+
+  # following are obsolete interfaces
+  # according to the source @ fxr they still work except FIFO
+  SCHED_TIMESHARE_INFO = 10
+  SCHED_RR_INFO = 11
+  # SCHED_FIFO_INFO = 12
+
+  FLAVORS = {
+      # define THREAD_BASIC_INFO_COUNT   ((mach_msg_type_number_t)(sizeof(thread_basic_info_data_t) / sizeof(natural_t)))
+      BASIC_INFO => {:size => 30, :count => 10},
+      # define POLICY_TIMESHARE_INFO_COUNT     ((mach_msg_type_number_t)(sizeof(struct policy_timeshare_info)/sizeof(integer_t)))
+      SCHED_TIMESHARE_INFO => {:size => 20, :count => 5},
+      # define POLICY_RR_INFO_COUNT    ((mach_msg_type_number_t)(sizeof(struct policy_rr_info)/sizeof(integer_t)))
+      SCHED_RR_INFO => {:size => 20,:count => 5},
+      # define POLICY_FIFO_INFO_COUNT  ((mach_msg_type_number_t)(sizeof(struct policy_fifo_info)/sizeof(integer_t)))
+      # SCHED_FIFO_INFO => {:size => 16,:count => 4} # immediately returns KERNEL_INVALID_POLICY on osx
+  }
+
+  module State
+    #Thread run states
+    RUNNING = 1 #/* thread is running normally */
+    STOPPED = 2 #/* thread is stopped */
+    WAITING = 3 #/* thread is waiting normally */
+    UNINTERRUPTIBLE = 4 #/* thread is in an uninterruptible wait */
+    HALTED = 5 #/* thread is halted at a clean point */
+  end
+
+  module ThreadInfoMixins
+    def initialize(str=nil)
+      refresh(str) if (str && !str.empty?)
+    end
+
+    # (re)loads the data from str
+    def refresh(str)
+      fields = self.class.const_get :FIELDS
+      pp self.class
+      if str and not str.empty?
+        str.unpack(fields.map {|x| x[1]}.join("")).each_with_index do |val, i|
+          raise "i is nil" if i.nil?
+          instance_variable_set "@#{ fields[i][0] }".intern, val
+        end            
+      end
+    end
+
+    def to_s
+      fields = self.class.const_get :FIELDS
+      fields.map {|f| send(f[0])}.pack(fields.map {|x| x[1]}.join(""))
+    end
+
+    def inspect
+      body = lambda do
+        self.class.const_get(:FIELDS).map do |f|
+          "#{f[0]}=#{send(f[0]).to_s}"
+        end.join(", ")
+      end
+      "#<#{self.class.name.split('::').last(2).join('::')} #{body.call}>"
+    end
+
+    def self.get(t)
+      self.new(Ragweed::Wraposx::thread_info_raw(t, self.class.const_get(:FLAVOR)))
+    end
+
+    def get(t)
+      refresh(Ragweed::Wraposx::vm_region_raw(t, self.class.const_get(:FLAVOR)))
+    end
+  end
+
+  # struct thread_basic_info
+  # {
+  #        time_value_t     user_time;
+  #        time_value_t   system_time;
+  #        integer_t        cpu_usage;
+  #        policy_t            policy;
+  #        integer_t        run_state;
+  #        integer_t            flags;
+  #        integer_t    suspend_count;
+  #        integer_t       sleep_time;
+  # };
+  class Basic
+    include Ragweed::Wraposx::ThreadInfo::ThreadInfoMixins
+    module Flags
+      #Thread flags (flags field).
+      SWAPPED = 0x1 #/* thread is swapped out */
+      IDLE = 0x2 #/* thread is an idle thread */
+    end
+    
+    attr_accessor :user_time
+    attr_accessor :system_time
+    alias_method :__refresh, :refresh
+    (FIELDS = [ [:user_time_s, "I"],
+                [:user_time_us, "I"],
+                [:system_time_s, "I"],
+                [:system_time_us, "I"],
+                [:cpu_usage, "I"],
+                [:policy, "I"],
+                [:run_state, "I"],
+                [:flags, "I"],
+                [:suspend_count, "I"],
+                [:sleep_time, "I"]]).each {|x| attr_accessor x[0]}
+
+    FLAVOR = Ragweed::Wraposx::ThreadInfo::BASIC_INFO
+    #(re)loads the data from str
+    def refresh(str)
+      __refresh str
+      @user_time = @user_time_s + (@user_time_us/1000000.0)
+      @system_time = @system_time_s + (@system_time_us/1000000.0)
+    end
+
+    def dump(&block)
+      maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
+      maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+      string =<<EOM
+      -----------------------------------------------------------------------
+      INFO:
+      user_time:     #{self.user_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.user_time)}
+      system_time:   #{self.system_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.system_time)}
+      cpu_usage:     #{self.cpu_usage.to_s.rjust(8, "0")} #{maybe_hex.call(self.cpu_usage)}
+      policy:        #{self.policy.to_s.rjust(8, "0")} #{maybe_hex.call(self.policy)}
+      run_state:     #{self.run_state.to_s.rjust(8, "0")} #{maybe_hex.call(self.run_state)}
+      suspend_count: #{self.suspend_count.to_s.rjust(8, "0")} #{maybe_hex.call(self.suspend_count)}
+      sleep_time:    #{self.sleep_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.sleep_time)}
+      flags:         #{self.flags.to_s(2).rjust(32, "0")} #{Flags.flag_dump(self.flags)}
+EOM
+    end
+  end
+
+  # struct policy_timeshare_info
+  # {
+  #        int            max_priority;
+  #        int           base_priority;
+  #        int            cur_priority;
+  #        boolean_t         depressed;
+  #        int        depress_priority;
+  # };
+  class SchedTimeshare
+    include Ragweed::Wraposx::ThreadInfo::ThreadInfoMixins
+    (FIELDS = [ [:max_priority, "I"],
+                [:base_priority, "I"],
+                [:cur_priority, "I"],
+                [:depressed, "I"],
+                [:depress_priority, "I"]]).each {|x| attr_accessor x[0]}
+
+    def dump(&block)
+      maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
+
+      string =<<EOM
+      -----------------------------------------------------------------------
+      Timeshare Info:
+      max_priority:     #{self.max_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.max_priority)}
+      base_priority:    #{self.base_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.base_priority)}
+      cur_priority:     #{self.cpu_usage.to_s.rjust(8, "0")} #{maybe_hex.call(self.cur_priority)}
+      depressed:        #{(!self.depressed.zero?).to_s.rjust(8, " ")} #{maybe_hex.call(self.depressed)}
+      depress_priority: #{self.depress_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.depressed_priority)}
+EOM
+    end
+  end
+
+  # struct policy_rr_info
+  # {
+  #        int          max_priority;
+  #        int         base_priority;
+  #        int               quantum;
+  #        boolean_t       depressed;
+  #        int      depress_priority;
+  # };
+  class SchedRr
+    include Ragweed::Wraposx::ThreadInfo::ThreadInfoMixins
+    (FIELDS = [ [:max_priority, "I"],
+                [:base_priority, "I"],
+                [:quantum, "I"],
+                [:depressed, "I"],
+                [:depress_priority, "I"]]).each {|x| attr_accessor x[0]}
+
+    def dump(&block)
+      maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
+
+      string =<<EOM
+      -----------------------------------------------------------------------
+      Round Robin Info:
+      max_priority:     #{self.max_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.max_priority)}
+      base_priority:    #{self.base_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.base_priority)}
+      quantum:          #{self.quantum.to_s.rjust(8, "0")} #{maybe_hex.call(self.quantum)}
+      depressed:        #{(!self.depressed.zero?).to_s.rjust(8, " ")} #{maybe_hex.call(self.depressed)}
+      depress_priority: #{self.depress_priority.to_s.rjust(8, "0")} #{maybe_hex.call(self.depressed_priority)}
+EOM
+  end
+  end
+end
+
+module Ragweed::Wraposx
+  class << self
+
+    # Returns the packed string representation of the thread_info_t struct for later parsing.
+    # kern_return_t   thread_info
+    #                (thread_act_t                     target_thread,
+    #                 thread_flavor_t                         flavor,
+    #                 thread_info_t                      thread_info,
+    #                 mach_msg_type_number_t       thread_info_count);
+    def thread_info_raw(thread, flavor)
+      info = ("\x00"*1024).to_ptr
+      count = ([Ragweed::Wraposx::ThreadInfo::FLAVORS[flavor][:count]].pack("I_")).to_ptr
+      r = CALLS["libc!thread_info:IIPP=I"].call(thread,flavor,info,Ragweed::Wraposx::ThreadInfo::FLAVORS[flavor][:count]).first
+      raise KernelCallError.new(r) if r != 0
+      return info.to_s(Ragweed::Wraposx::ThreadInfo::FLAVORS[flavor][:size])
+    end
+  end
+end

data/lib/ragweed/wraposx/wraposx.rb

@@ -0,0 +1,376 @@
+require 'dl'
+
+module Ragweed; end
+module Ragweed::Wraposx
+  
+  # These hashes are the magic glue of the ragweed system calls.
+  # This one holds the library references from Ruby/DL.
+  LIBS = Hash.new do |h, str|
+    if not str =~ /^[\.\/].*/
+      str = "/usr/lib/" + str
+    end
+    if not str =~ /.*\.dylib$/
+      str = str + ".dylib"
+    end
+    h[str] = DL.dlopen(str)
+  end
+
+  # This hash holds the function references from Ruby/DL.
+  # It also auto populates LIBS.
+  # CALLS["<library>!<function>:<argument types>=<return type>"]
+  # Hash.new is a beautiful thing.
+  CALLS = Hash.new do |h, str|
+    lib = proc = args = ret = nil
+    lib, rest = str.split "!"
+    proc, rest = rest.split ":"
+    args, ret = rest.split("=") if rest
+    ret ||= "0"
+    raise "need proc" if not proc
+    h[str] = LIBS[lib][proc, ret + args]
+  end
+
+  NULL = DL::PtrData.new(0)
+
+  SIZEOFINT = DL.sizeof('I')
+  SIZEOFLONG = DL.sizeof('L')
+
+  class << self
+
+    # time_t
+    # time(time_t *tloc);
+    #
+    # see also time(3)
+    def time
+      CALLS["libc!time:=I"].call.first
+    end
+
+    # pid_t
+    # getpid(void);
+    #
+    # see also getpid(2)
+    def getpid
+      CALLS["libc!getpid:=I"].call.first
+    end
+
+    # Apple's ptrace is fairly gimped. The memory read and write functionality has been
+    # removed. We will be using mach kernel calls for that. see vm_read and vm_write.
+    # for details on ptrace and the process for the Wraposx/debuggerosx port see:
+    # http://www.matasano.com/log/1100/what-ive-been-doing-on-my-summer-vacation-or-it-has-to-work-otherwise-gdb-wouldnt/
+    #
+    #int
+    #ptrace(int request, pid_t pid, caddr_t addr, int data);
+    #
+    # see also ptrace(2)
+    def ptrace(request, pid, addr, data)
+      DL.last_error = 0
+      r = CALLS["libc!ptrace:IIII=I"].call(request, pid, addr, data).first
+      raise SystemCallError.new("ptrace", DL.last_error) if r == -1 and DL.last_error != 0
+      return r
+    end
+
+    # Oringially coded for use in debuggerosx but I've switched to waitpid for 
+    # usability and debugging purposes.
+    #
+    # Returns status of child when child recieves a signal.
+    #
+    # pid_t
+    # wait(int *stat_loc);
+    #
+    # see also wait(2)
+    def wait
+      status = ("\x00"*SIZEOFINT).to_ptr
+      r = CALLS["libc!wait:=I"].call(status).first
+      raise SystemCallError.new("wait", DL.last_error) if r== -1
+      return status.to_s(SIZEOFINT).unpack('i_').first
+    end
+
+    # The wait used in debuggerosx.
+    # opt is an OR of the options to be used.
+    #
+    # Returns an array. The first element is the pid of the child process
+    # as returned by the waitpid system call. The second, the status as
+    # an integer of that pid.
+    #
+    # pid_t
+    # waitpid(pid_t pid, int *stat_loc, int options);
+    #
+    # see also wait(2)
+    def waitpid(pid, opt=1)
+      pstatus = ("\x00"*SIZEOFINT).to_ptr
+      r = CALLS["libc!waitpid:IPI=I"].call(pid, pstatus, opt).first
+      raise SystemCallError.new("waitpid", DL.last_error) if r== -1
+      
+      # maybe I should return a Hash?
+      return [r, pstatus.to_s(SIZEOFINT).unpack('i_').first]
+    end
+
+    # From docs at http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/mach_task_self.html
+    # Returns send rights to the task's kernel port.
+    #
+    # mach_port_t
+    # mach_task_self(void)
+    #
+    # There is no man page for this call.
+    def mach_task_self
+      CALLS["libc!mach_task_self:=I"].call().first
+    end
+
+    # Requires sudo to use as of 10.5 or 10.4.11(ish)
+    # Returns the task id for a process.
+    #
+    # kern_return_t task_for_pid(
+    #                           mach_port_name_t target_tport,
+    #                           int pid,
+    #                           mach_port_name_t *t);
+    #
+    # There is no man page for this call.
+    def task_for_pid(pid, target=nil)
+      target ||= mach_task_self 
+      port = ("\x00"*SIZEOFINT).to_ptr
+      r = CALLS["libc!task_for_pid:IIP=I"].call(target, pid, port).first
+      raise KernelCallError.new(:task_for_pid, r) if r != 0
+      return port.to_s(SIZEOFINT).unpack('i_').first
+    end
+
+    # Returns an Array of thread IDs for the given task
+    #
+    # kern_return_t   task_threads
+    #                (task_t                                    task,
+    #                 thread_act_port_array_t            thread_list,
+    #                 mach_msg_type_number_t*           thread_count);
+    #
+    #There is no man page for this funtion.
+    def task_threads(port)
+      threads = ("\x00"*SIZEOFINT).to_ptr
+      #threads = 0
+      count = ("\x00"*SIZEOFINT).to_ptr
+      r = CALLS["libc!task_threads:IPP=I"].call(port, threads, count).first
+      t = DL::PtrData.new(threads.to_s(SIZEOFINT).unpack('i_').first)
+      raise KernelCallError.new(:task_threads, r) if r != 0
+      return t.to_a("I", count.to_s(SIZEOFINT).unpack('I_').first)
+    end
+
+    # Sends a signal to a process
+    #
+    # int
+    # kill(pid_t pid, int sig);
+    #
+    # See kill(2)
+    def kill(pid, sig)
+      DL.last_error = 0
+      r = CALLS["libc!kill:II=I"].call(pid,sig).first
+      raise SystemCallError.new("kill",DL.last_error) if r != 0            
+    end
+
+    # function to marshal 32bit integers into DL::PtrData objects
+    # necessary due to Ruby/DL not properly dealing with 31 and 32 bit integers
+    def dl_bignum_to_ulong(x)
+      if x.class == Fixnum
+        return DL::PtrData.new(x)
+      else
+        # shut up
+        c = x / 4
+        e = x - (c * 4)
+        v = DL::PtrData.new 0
+        v += c
+        v += c
+        v += c
+        v += c
+        v += e
+        return v
+      end
+    end
+
+    # Reads sz bytes from task's address space starting at addr.
+    #
+    # kern_return_t   vm_read_overwrite
+    #                (vm_task_t                           target_task,
+    #                 vm_address_t                        address,
+    #                 vm_size_t                           size,
+    #                 vm_address_t                        *data_out,
+    #                 mach_msg_type_number_t              *data_size);
+    #
+    # There is no man page for this function.
+    def vm_read(task, addr, sz=256)
+      addr = dl_bignum_to_ulong(addr)
+      buf = ("\x00" * sz).to_ptr
+      len = (sz.to_l32).to_ptr
+      r = CALLS["libc!vm_read_overwrite:IPIPP=I"].call(task, addr, sz, buf, len).first
+      raise KernelCallError.new(:vm_read, r) if r != 0
+      return buf.to_str(len.to_str(4).to_l32)
+    end
+
+    # Writes val to task's memory space at address addr.
+    # It is necessary for val.size to report the size of val in bytes
+    #
+    # kern_return_t   vm_write
+    #                (vm_task_t                          target_task,
+    #                 vm_address_t                           address,
+    #                 pointer_t                                 data,
+    #                 mach_msg_type_number_t              data_count);
+    #
+    # There is no man page for this function.
+    def vm_write(task, addr, val)
+      addr = dl_bignum_to_ulong(addr)
+      val = val.to_ptr
+      r = CALLS["libc!vm_write:IPPI=I"].call(task, addr, val, val.size).first
+      raise KernelCallError.new(:vm_write, r) if r != 0
+      return nil
+    end
+
+    # Changes the protection state beginning at addr for size bytes to the mask prot.
+    # If setmax is true this will set the maximum permissions, otherwise it will set FIXME
+    #
+    # kern_return_t   vm_protect
+    #                 (vm_task_t           target_task,
+    #                  vm_address_t            address,
+    #                  vm_size_t                  size,
+    #                  boolean_t           set_maximum,
+    #                  vm_prot_t        new_protection);
+    #
+    # There is no man page for this function.
+    def vm_protect(task, addr, size, setmax, prot)
+      addr = dl_bignum_to_ulong(addr)
+      setmax = setmax ? 1 : 0
+      r = CALLS["libc!vm_protect:IPIII=I"].call(task,addr,size,setmax,prot).first
+      raise KernelCallError.new(:vm_protect, r) if r != 0
+      return nil
+    end
+
+    # Resumes a suspended thread by id.
+    #
+    # kern_return_t   thread_resume
+    #                (thread_act_t                     target_thread);
+    #
+    # There is no man page for this function.
+    def thread_resume(thread)
+      r = CALLS["libc!thread_resume:I=I"].call(thread).first
+      raise KernelCallError.new(:thread_resume, r) if r != 0
+    end
+
+    # Suspends a thread by id.
+    #
+    # kern_return_t   thread_suspend
+    #                (thread_act_t                     target_thread);
+    #
+    # There is no man page for this function.
+    def thread_suspend(thread)
+      r = CALLS["libc!thread_suspend:I=I"].call(thread).first
+      raise KernelCallError.new(:thread_suspend, r) if r != 0
+    end
+
+    # Suspends a task by id.
+    #
+    # kern_return_t   task_suspend
+    #                (task_t          task);
+    #
+    # There is no man page for this function.
+    def task_suspend(task)
+      r = CALLS["libc!task_suspend:I=I"].call(task).first
+      raise KernelCallError.new(:task_suspend, r) if r != 0
+    end
+
+    # Resumes a suspended task by id.
+    #
+    # kern_return_t   task_resume
+    #                (task_t         task);
+    #
+    # There is no man page for this function.
+    def task_resume(task)
+      r = CALLS["libc!task_resume:I=I"].call(task).first
+      raise KernelCallError.new(:task_resume, r) if r != 0            
+    end
+
+    # Used to query kernel state.
+    # Returns output buffer on successful call or required buffer size on ENOMEM.
+    #
+    # mib: and array of integers decribing the MIB
+    # newb: the buffer to replace the old information (only used on some commands so it defaults to empty)
+    # oldlenp: output buffer size
+    #
+    # int
+    #     sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
+    #
+    # this function doesn't really match the Ruby Way(tm)
+    #
+    # see sysctl(8)
+    def sysctl(mib,oldlen=0,newb="")
+      DL.last_error = 0
+      mibp = mib.pack("I_"*mib.size).to_ptr
+      oldlenp = [oldlen].pack("I_").to_ptr
+      namelen = mib.size
+      oldp = (oldlen > 0 ? "\x00"*oldlen : NULL)
+      newp = (newb.empty? ? NULL : newb.to_ptr)
+      newlen = newb.size
+      r = CALLS["libc!sysctl:PIPPPI=I"].call(mibp, namelen, oldp, oldlenp, newp, newlen).first
+      return oldlenp.to_str(SIZEOFINT).unpack("I_").first if (r == -1 and DL.last_error == Errno::ENOMEM::Errno)
+      raise SystemCallError.new("sysctl", DL.last_error) if r != 0
+      return oldp.to_str(oldlenp.to_str(SIZEOFINT).unpack("I_").first)
+    end
+
+    # Used to query kernel state.
+    # Returns output buffer on successful call and required buffer size as an Array.
+    #
+    # mib: and array of integers decribing the MIB
+    # newb: the buffer to replace the old information (only used on some commands so it defaults to empty)
+    # oldlenp: output buffer size
+    #
+    # int
+    #     sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
+    #
+    # this function doesn't really match the Ruby Way(tm)
+    #
+    # see sysctl(8)
+    def sysctl_raw(mib,oldlen=0,newb="")
+      DL.last_error = 0
+      mibp = mib.pack('I_'*mib.size).to_ptr
+      oldlenp = [oldlen].pack("I_").to_ptr
+      namelen = mib.size
+      oldp = (oldlen > 0 ? ("\x00"*oldlen).to_ptr : NULL)
+      newp = (newb.empty? ? NULL : newb.to_ptr)
+      newlen = newb.size
+      r = CALLS["libc!sysctl:PIPPPI=I"].call(mibp, namelen, oldp, oldlenp, newp, newlen).first
+      ret = (DL.last_error == Errno::ENOMEM::Errno ? NULL : oldp)
+      raise SystemCallError.new("sysctl", DL.last_error) if (r != 0 and DL.last_error != Errno::ENOMEM::Errno)
+      return [ret,oldlenp.to_str(SIZEOFINT).unpack("I_").first]
+    end
+
+    # Changes execution to file in path with *args as though called from command line.
+    #
+    # int
+    # execv(const char *path, char *const argv[]);
+    def execv(path,*args)
+      DL.last_error = 0
+      argv = ""
+      args.flatten.each { |arg| argv = "#{ argv }#{arg.to_ptr.ref.to_s(SIZEOFINT)}" }
+      argv += ("\x00"*SIZEOFINT)
+      r = CALLS["libc!execv:SP"].call(path,argv.to_ptr).first
+      raise SystemCallError.new("execv", DL.last_error) if r == -1
+      return r
+    end
+  end
+end
+
+# if __FILE__ == $0
+#     include Ragweed
+#     require 'pp'
+#     require 'constants'
+#     addr = data = 0
+#     pid = 1319
+#     int = "\x00" * 4
+#     port = 0
+#     Wraposx::ptrace(Wraposx::Ptrace::ATTACH,pid,0,0)
+#     #  status = Wraposx::waitpid(pid,0)
+#     #  Wraposx::ptrace(Wraposx::Ptrace::CONTINUE,pid,1,0)
+#     mts = Wraposx::mach_task_self
+#     port = Wraposx::task_for_pid(mts,pid)
+#     port2 = Wraposx::task_for_pid(mts,pid)
+#     threads = Wraposx::task_threads(port)
+#     state = Wraposx::thread_get_state(threads.first)
+#     pp port
+#     pp port2
+#     pp threads
+#     pp state
+#     #  Wraposx::thread_set_state(threads.first,state)
+#     Wraposx::ptrace(Wraposx::Ptrace::DETACH,pid,0,0)
+# end