RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} RENAMED

@@ -5,6 +5,7 @@
 require 'metasm/os/main'
+require 'metasm/debug'
 require 'socket'
 module Metasm
@@ -23,9 +24,11 @@ class GdbClient
 	def gdb_send(cmd, buf='')
 		buf = cmd + buf
 		buf = '$' << buf << '#' << gdb_csum(buf)
+		log "gdb_send #{buf.inspect}" if $DEBUG
 		5.times {
 			@io.write buf
+			out = ''
 			loop do
 				break if not IO.select([@io], nil, nil, 0.2)
 				raise Errno::EPIPE if not ack = @io.read(1)
@@ -33,12 +36,15 @@ class GdbClient
 				when '+'
 					return true
 				when '-'
-					puts "gdb_send: ack neg" if $DEBUG
+					log "gdb_send: ack neg" if $DEBUG
 					break
 				when nil
 					return
+				else
+					out << ack
 				end
 			end
+			log "no ack, got #{out.inspect}" if out != ''
 		}
 		log "send error #{cmd.inspect} (no ack)"
@@ -62,8 +68,18 @@ class GdbClient
 		buf = nil
 		while @recv_ctx
-			return unless IO.select([@io], nil, nil, timeout)
-			raise Errno::EPIPE if not c = @io.read(1)
+			if !@recv_ctx[:rbuf]
+				return unless IO.select([@io], nil, nil, timeout)
+				if @io.kind_of?(UDPSocket)
+					raise Errno::EPIPE if not @recv_ctx[:rbuf] = @io.recvfrom(65536)[0]
+				else
+					raise Errno::EPIPE if not c = @io.read(1)
+				end
+			end
+			if @recv_ctx[:rbuf]
+				c = @recv_ctx[:rbuf].slice!(0, 1)
+				@recv_ctx.delete :rbuf if @recv_ctx[:rbuf] == ''
+			end
 			case @recv_ctx[:state]
 			when :nosync
@@ -107,11 +123,11 @@ class GdbClient
 			end
 			outstr << unhex($1)
 			ret = gdb_readresp(timeout, outstr)
-			outstr.split("\n").each { |e| log 'gdb: ' + e } if first
+			outstr.split("\n").each { |o| log 'gdb: ' + o } if first
 			return ret
 		end
-		puts "gdb_readresp: got #{buf[0, 64].inspect}#{'...' if buf.length > 64}" if $DEBUG
+		log "gdb_readresp: got #{buf[0, 64].inspect}#{'...' if buf.length > 64}" if $DEBUG
 		buf
 	end
@@ -169,7 +185,7 @@ class GdbClient
 				buf = gdb_msg('g')
 				regs = unhex(unrle(buf)) if buf
 				if not buf or regs.length < @regmsgsize
-					raise "regs buffer recv is too short !"
+					raise "regs buffer recv is too short ! (#{regs.length} < #{@regmsgsize})"
 				end
 			end
 			Hash[*@gdbregs.zip(@unpack_int[regs]).flatten]
@@ -232,9 +248,9 @@ class GdbClient
 		case io
 		when IO; @io = io
-		when /^udp:(.*):(.*?)$/i; @io = UDPSocket.new ; @io.connect($1, $2)
-		when /^(?:tcp:)?(.*):(.*?)$/i; @io = TCPSocket.open($1, $2)	# XXX matches C:\fail
-		# TODO pipe, serial port, etc ; also check ipv6
+		when /^ser:(.*)/i; @io = File.open($1, 'rb+')
+		when /^udp:\[?(.*)\]?:(.*?)$/i; @io = UDPSocket.new ; @io.connect($1, $2)
+		when /^(?:tcp:)?\[?(..+)\]?:(.*?)$/i; @io = TCPSocket.open($1, $2)
 		else raise "unknown target #{io.inspect}"
 		end
@@ -242,6 +258,10 @@ class GdbClient
 	end
 	def gdb_setup
+		pnd = ''
+		pnd << @io.read(1) while IO.select([@io], nil, nil, 0.2)
+		log "startpending: #{pnd.inspect}" if pnd != ''
 		gdb_msg('q', 'Supported')
 		#gdb_msg('Hc', '-1')
 		#gdb_msg('qC')
@@ -295,17 +315,22 @@ class GdbClient
 	attr_accessor :logger, :quiet
 	def log(s)
+		puts s if $DEBUG and logger
 		return if quiet
-		@logger ||= $stdout
-		@logger.puts s
+		logger ? logger.log(s) : puts(s)
 	end
+	attr_accessor :ptrsz
 	# setup the various function used to pack ints & the reg list
 	# according to a target CPU
 	def setup_arch(cpu)
+		@ptrsz = cpu.size
 		case cpu.shortname
-		when 'ia32'
+		when /^ia32/
+			@ptrsz = 32
 			@gdbregs = GDBREGS_IA32
 			@regmsgsize = 4 * @gdbregs.length
 		when 'x64'
@@ -314,6 +339,12 @@ class GdbClient
 		when 'arm'
 			@gdbregs = cpu.dbg_register_list
 			@regmsgsize = 4 * @gdbregs.length
+		when 'arm64'
+			@gdbregs = cpu.dbg_register_list
+			@regmsgsize = 8 * @gdbregs.length
+		when 'mips'
+			@gdbregs = cpu.dbg_register_list
+			@regmsgsize = cpu.size/8 * @gdbregs.length
 		else
 			# we can still use readmem/kill and other generic commands
 			# XXX serverside setregs may fail if we give an incorrect regbuf size
@@ -324,7 +355,7 @@ class GdbClient
 		# yay life !
 		# do as if cpu is littleendian, fixup at the end
-		case cpu.size
+		case @ptrsz
 		when 16
 			@pack_netint   = lambda { |i| i.pack('n*') }
 			@unpack_netint = lambda { |s| s.unpack('n*') }
@@ -345,7 +376,7 @@ class GdbClient
 				@pack_netint, @pack_int = @pack_int, @pack_netint
 				@unpack_netint, @unpack_int = @unpack_int, @unpack_netint
 			end
-		else raise "GdbServer: unsupported cpu size #{cpu.size}"
+		else raise "GdbServer: unsupported cpu size #{@ptrsz}"
 		end
 		# if target cpu is bigendian, use netint everywhere
@@ -362,7 +393,7 @@ class GdbRemoteString < VirtualString
 	def initialize(gdb, addr_start=0, length=nil)
 		@gdb = gdb
-		length ||= 1 << (@gdb.cpu.size rescue 32)
+		length ||= 1 << (@gdb.ptrsz || 32)
 		@pagelength = 512
 		super(addr_start, length)
 	end
@@ -389,17 +420,55 @@ end
 # this class implements a high-level API using the gdb-server network debugging protocol
 class GdbRemoteDebugger < Debugger
-	attr_accessor :gdb, :check_target_timeout
+	attr_accessor :gdb, :check_target_timeout, :reg_val_cache
 	def initialize(url, cpu='Ia32')
+		super()
+		@tid_stuff_list << :reg_val_cache << :regs_dirty
 		@gdb = GdbClient.new(url, cpu)
 		@gdb.logger = self
-		@cpu = @gdb.cpu
-		@memory = GdbRemoteString.new(@gdb)
-		@reg_val_cache = {}
-		@regs_dirty = false
 		# when checking target, if no message seen since this much seconds, send a 'status' query
 		@check_target_timeout = 1
+		set_context(28, 28)
+	end
+	def check_pid(pid)
+		# return nil if pid == nil
+		pid
+	end
+	def check_tid(tid)
+		tid
+	end
+	def list_processes
+		[@pid].compact
+	end
+	def list_threads
+		[@tid].compact
+	end
+	def mappings
+		[]
+	end
+	def modules
+		[]
+	end
+	def initialize_newtid
 		super()
+		@reg_val_cache = {}
+		@regs_dirty = false
+	end
+	attr_accessor :realmode
+	def initialize_cpu
+		@cpu = @gdb.cpu
+		@realmode = true if @cpu and @cpu.shortname =~ /^ia32_16/
+	end
+	def initialize_memory
+		@memory = GdbRemoteString.new(@gdb)
 	end
 	def invalidate
@@ -409,12 +478,24 @@ class GdbRemoteDebugger < Debugger
 	end
 	def get_reg_value(r)
+		r = r.to_sym
 		return @reg_val_cache[r] || 0 if @state != :stopped
 		sync_regs
 		@reg_val_cache = @gdb.read_regs || {} if @reg_val_cache.empty?
+		if realmode
+			case r
+			when :eip; seg = :cs
+			when :esp; seg = :ss
+			else seg = :ds
+			end
+			# XXX seg override
+			return @reg_val_cache[seg].to_i*16 + @reg_val_cache[r].to_i
+		end
 		@reg_val_cache[r] || 0
 	end
 	def set_reg_value(r, v)
+		r = r.to_sym
+		# XXX realmode
 		@reg_val_cache[r] = v
 		@regs_dirty = true
 	end
@@ -426,37 +507,49 @@ class GdbRemoteDebugger < Debugger
 	def do_check_target
 		return if @state == :dead
+		# keep-alive on the connexion
 		t = Time.now
 		@last_check_target ||= t
 		if @state == :running and t - @last_check_target > @check_target_timeout
 			@gdb.io.write '$?#' << @gdb.gdb_csum('?')
 			@last_check_target = t
 		end
 		return unless i = @gdb.check_target(0.01)
-		invalidate if i[:state] == :stopped and @state != :stopped
-		@state, @info = i[:state], i[:info]
-		@info = nil if @info =~ /TRAP/
+		update_state(i)
+		true
 	end
 	def do_wait_target
 		return unless i = @gdb.check_target(nil)
-		invalidate if i[:state] == :stopped and @state != :stopped
-		@state, @info = i[:state], i[:info]
-		@info = nil if @info =~ /TRAP/
+		update_state(i)
+	end
+	def update_state(i)
+		@info = (i[:info] if i[:info] !~ /TRAP/)
+		if i[:state] == :stopped and @state != :stopped
+			invalidate
+			@state = i[:state]
+			case @run_method
+			when :singlestep
+				evt_singlestep
+			else
+				evt_bpx	# XXX evt_hwbp?
+			end
+		else
+			@state = i[:state]
+		end
 	end
 	def do_continue(*a)
-		return if @state != :stopped
 		@state = :running
-		@info = 'continue'
 		@gdb.continue
 		@last_check_target = Time.now
 	end
 	def do_singlestep(*a)
-		return if @state != :stopped
 		@state = :running
-		@info = 'singlestep'
 		@gdb.singlestep
 		@last_check_target = Time.now
 	end
@@ -467,53 +560,52 @@ class GdbRemoteDebugger < Debugger
 	def kill(sig=nil)
 		# TODO signal nr
-		@gdb.kill
 		@state = :dead
-		@info = 'killed'
+		@gdb.kill
 	end
 	def detach
-		super()	# remove breakpoints & stuff
-		@gdb.detach
-		@state = :dead
-		@info = 'detached'
+		del_all_breakpoints
+		del_pid
 	end
-	# set to true to use the gdb msg to handle bpx, false to set 0xcc ourself
+	# set to true to use the gdb msg to handle bpx, false to set 0xcc manually ourself
 	attr_accessor :gdb_bpx
-	def enable_bp(addr)
-		return if not b = @breakpoint[addr]
-		b.state = :active
+	def do_enable_bp(b)
 		case b.type
+		when :bpm
+			do_enable_bpm(b)
 		when :bpx
 			if gdb_bpx
-				@gdb.set_hwbp('s', addr, 1)
+				@gdb.set_hwbp('s', b.address, 1)
 			else
-				@cpu.dbg_enable_bp(self, addr, b)
+				@cpu.dbg_enable_bp(self, b)
 			end
-		when :hw
-			@gdb.set_hwbp(b.mtype, addr, b.mlen)
+		when :hwbp
+			@gdb.set_hwbp(b.internal[:type], b.address, b.internal[:len])
 		end
 	end
-	def disable_bp(addr)
-		return if not b = @breakpoint[addr]
-		b.state = :inactive
+	def do_disable_bp(b)
 		case b.type
+		when :bpm
+			do_disable_bpm(b)
 		when :bpx
 			if gdb_bpx
-				@gdb.unset_hwbp('s', addr, 1)
+				@gdb.unset_hwbp('s', b.address, 1)
 			else
-				@cpu.dbg_disable_bp(self, addr, b)
+				@cpu.dbg_disable_bp(self, b)
 			end
-		when :hw
-			@gdb.unset_hwbp(b.mtype, addr, b.mlen)
+		when :hwbp
+			@gdb.unset_hwbp(b.internal[:type], b.address, b.internal[:len])
 		end
 	end
 	def check_pre_run(*a)
-		sync_regs
-		super(*a)
+		if ret = super(*a)
+			sync_regs
+			ret
+		end
 	end
 	def loadallsyms

data/{lib/metasm → metasm}/os/gnu_exports.rb RENAMED

@@ -258,7 +258,7 @@ libruby1.8.so.1.8
  ruby_current_node ruby_debug ruby_description ruby_digitmap ruby_dln_librefs ruby_dyna_vars ruby_errinfo ruby_eval_tree ruby_eval_tree_begin ruby_frame
  ruby_gc_stress ruby_ignorecase ruby_in_compile ruby_in_eval ruby_inplace_mode ruby_nerrs ruby_patchlevel ruby_platform ruby_release_date ruby_safe_level
  ruby_sandbox_restore ruby_sandbox_save ruby_scope ruby_sourcefile ruby_sourceline ruby_top_cref ruby_top_self ruby_verbose ruby_version ruby_yychar
- ruby_yydebug ruby_yylval
+ ruby_yydebug ruby_yylval rb_float_new_in_heap
 EOL
 	curlibname = nil
 	data.each_line { |l|

data/{lib/metasm → metasm}/os/linux.rb RENAMED

@@ -5,6 +5,7 @@
 require 'metasm/os/main'
+require 'metasm/debug'
 module Metasm
 class PTrace
@@ -13,9 +14,11 @@ class PTrace
 	def self.open(target)
 		ptrace = new(target)
 		return ptrace if not block_given?
-		ret = yield ptrace
-		ptrace.detach
-		ret
+		begin
+			yield ptrace
+		ensure
+			ptrace.detach
+		end
 	end
 	# calls PTRACE_TRACEME on the current (ruby) process
@@ -28,41 +31,65 @@ class PTrace
 	# values for do_attach:
 	#  :create => always fork+traceme+exec+wait
 	#  :attach => always attach
-	#  false/nil => same as attach, without actually calling PT_ATTACH (usefull if we're already tracing pid)
-	#  anything else: try to attach if pid is numeric (using Integer()), else create
-	def initialize(target, do_attach=true)
-		begin
-			raise ArgumentError if do_attach == :create
+	#  false/nil => same as attach, without actually calling PT_ATTACH (useful when the ruby process is already tracing pid)
+	#  default/anything else: try to attach if pid is numeric, else create
+	def initialize(target, do_attach=true, &b)
+		case do_attach
+		when :create
+			init_create(target, &b)
+		when :attach
+			init_attach(target)
+		when :dup
+			raise ArgumentError unless target.kind_of?(PTrace)
+			@pid = target.pid
+			tweak_for_pid(@pid, target.tgcpu)		# avoid re-parsing /proc/self/exe
+		when nil, false
 			@pid = Integer(target)
 			tweak_for_pid(@pid)
-			return if not do_attach
-			attach
-		rescue ArgumentError, TypeError
-			raise if do_attach == :attach or not do_attach
-			did_exec = true
-			if not @pid = fork
-				tweak_for_pid(::Process.pid)
-				traceme
-				::Process.exec(*target)
-				exit!(0)
-			end
+		else
+			t = begin; Integer(target)
+			    rescue ArgumentError, TypeError
+			    end
+			t ? init_attach(t) : init_create(target, &b)
 		end
+	end
+	def init_attach(target)
+		@pid = Integer(target)
+		tweak_for_pid(@pid)
+		attach
 		wait
-		raise "could not exec #{target}" if $?.exited?
-		tweak_for_pid(@pid) if did_exec
 		puts "Ptrace: attached to #@pid" if $DEBUG
 	end
+	def init_create(target, &b)
+		if not @pid = ::Process.fork
+			tweak_for_pid(::Process.pid)
+			traceme
+			b.call if b
+			::Process.exec(*target)
+			exit!(0)
+		end
+		wait
+		raise "could not exec #{target}" if $?.exited?
+		tweak_for_pid(@pid)
+		puts "Ptrace: attached to new #@pid" if $DEBUG
+	end
 	def wait
 		::Process.wait(@pid, ::Process::WALL)
 	end
 	attr_accessor :reg_off, :intsize, :syscallnr, :syscallreg
 	attr_accessor :packint, :packuint, :host_intsize, :host_syscallnr
-	# setup the variables according to the target
-	def tweak_for_pid(pid=@pid)
+	attr_accessor :tgcpu
+	@@sys_ptrace = {}
+	# setup variables according to the target (ptrace interface, syscall nrs, ...)
+	def tweak_for_pid(pid=@pid, tgcpu=nil)
 		# use these for our syscalls PTRACE
-		case LinOS.open_process(::Process.pid).cpu.shortname
+		@@host_csn ||= LinOS.open_process(::Process.pid).cpu.shortname
+		case @@host_csn
 		when 'ia32'
 			@packint = 'l'
 			@packuint = 'L'
@@ -78,9 +105,9 @@ class PTrace
 		else raise 'unsupported architecture'
 		end
+		@tgcpu = tgcpu || LinOS.open_process(pid).cpu
 		# use these to interpret the child state
-		tgcpu = LinOS.open_process(pid).cpu
-		case tgcpu.shortname
+		case @tgcpu.shortname
 		when 'ia32'
 			@syscallreg = 'ORIG_EAX'
 			@syscallnr = SYSCALLNR_I386
@@ -92,13 +119,53 @@ class PTrace
 		else raise 'unsupported target architecture'
 		end
-		cp = tgcpu.new_cparser
-		cp.parse SIGINFO_C
-		@siginfo = cp.alloc_c_struct('siginfo')
 		# buffer used in ptrace syscalls
 		@buf = [0].pack(@packint)
-		@bufptr = str_ptr(@buf)
+		@sys_ptrace = @@sys_ptrace[@host_syscallnr['ptrace']] ||= setup_sys_ptrace(@host_syscallnr['ptrace'])
+	end
+	def setup_sys_ptrace(sysnr)
+		moo = Class.new(DynLdr)
+		case @@host_csn
+		when 'ia32'
+			# XXX compat lin2.4 ?
+			asm = <<EOS
+#define off 3*4
+push ebx
+push esi
+mov eax, #{sysnr}
+mov ebx, [esp+off]
+mov ecx, [esp+off+4]
+mov edx, [esp+off+8]
+mov esi, [esp+off+12]
+call gs:[10h]
+pop esi
+pop ebx
+ret
+EOS
+		when 'x64'
+			asm = <<EOS
+#define off 3*8
+mov rax, #{sysnr}
+//mov rdi, rdi
+//mov rsi, rdi
+//mov rdx, rdx
+mov r10, rcx
+syscall
+ret
+EOS
+		else raise 'unsupported target architecture'
+		end
+		moo.new_func_asm 'long ptrace(unsigned long, unsigned long, unsigned long, unsigned long)', asm
+		moo
+	end
+	def host_csn; @@host_csn end
+	def dup
+		self.class.new(self, :dup)
 	end
 	def str_ptr(str)
@@ -130,6 +197,7 @@ class PTrace
 	end
 	def writemem(off, str)
+		str.force_encoding('binary') if str.respond_to?(:force_encoding)
 		decal = off % @host_intsize
 		if decal > 0
 			off -= decal
@@ -146,29 +214,30 @@ class PTrace
 			pokedata(off+i, str[i, @host_intsize])
 			i += @host_intsize
 		end
+		true
 	end
 	# linux/ptrace.h
 	COMMAND = {
-		'TRACEME'         =>   0, 'PEEKTEXT'        =>   1,
-		'PEEKDATA'        =>   2, 'PEEKUSR'         =>   3,
-		'POKETEXT'        =>   4, 'POKEDATA'        =>   5,
-		'POKEUSR'         =>   6, 'CONT'            =>   7,
-		'KILL'            =>   8, 'SINGLESTEP'      =>   9,
-		'ATTACH'          =>  16, 'DETACH'          =>  17,
-		'SYSCALL'         =>  24,
+		:TRACEME         =>   0, :PEEKTEXT        =>   1,
+		:PEEKDATA        =>   2, :PEEKUSR         =>   3,
+		:POKETEXT        =>   4, :POKEDATA        =>   5,
+		:POKEUSR         =>   6, :CONT            =>   7,
+		:KILL            =>   8, :SINGLESTEP      =>   9,
+		:ATTACH          =>  16, :DETACH          =>  17,
+		:SYSCALL         =>  24,
 		# arch/x86/include/ptrace-abi.h
-		'GETREGS'         =>  12, 'SETREGS'         =>  13,
-		'GETFPREGS'       =>  14, 'SETFPREGS'       =>  15,
-		'GETFPXREGS'      =>  18, 'SETFPXREGS'      =>  19,
-		'OLDSETOPTIONS'   =>  21, 'GET_THREAD_AREA' =>  25,
-		'SET_THREAD_AREA' =>  26, 'ARCH_PRCTL'      =>  30,
-		'SYSEMU'          =>  31, 'SYSEMU_SINGLESTEP'=> 32,
-		'SINGLEBLOCK'     =>  33,
+		:GETREGS         =>  12, :SETREGS         =>  13,
+		:GETFPREGS       =>  14, :SETFPREGS       =>  15,
+		:GETFPXREGS      =>  18, :SETFPXREGS      =>  19,
+		:OLDSETOPTIONS   =>  21, :GET_THREAD_AREA =>  25,
+		:SET_THREAD_AREA =>  26, :ARCH_PRCTL      =>  30,
+		:SYSEMU          =>  31, :SYSEMU_SINGLESTEP=> 32,
+		:SINGLEBLOCK     =>  33,
 		# 0x4200-0x4300 are reserved for architecture-independent additions.
-		'SETOPTIONS'      => 0x4200, 'GETEVENTMSG'   => 0x4201,
-		'GETSIGINFO'      => 0x4202, 'SETSIGINFO'    => 0x4203
+		:SETOPTIONS      => 0x4200, :GETEVENTMSG   => 0x4201,
+		:GETSIGINFO      => 0x4202, :SETSIGINFO    => 0x4203
 	}
 	OPTIONS = {
@@ -176,14 +245,15 @@ class PTrace
 		'TRACESYSGOOD'  => 0x01, 'TRACEFORK'     => 0x02,
 		'TRACEVFORK'    => 0x04, 'TRACECLONE'    => 0x08,
 		'TRACEEXEC'     => 0x10, 'TRACEVFORKDONE'=> 0x20,
-		'TRACEEXIT'     => 0x40
+		'TRACEEXIT'     => 0x40, 'TRACESECCOMP'  => 0x80,
 	}
 	WAIT_EXTENDEDRESULT = {
 		# Wait extended result codes for the above trace options.
 		'EVENT_FORK'       => 1, 'EVENT_VFORK'      => 2,
 		'EVENT_CLONE'      => 3, 'EVENT_EXEC'       => 4,
-		'EVENT_VFORK_DONE' => 5, 'EVENT_EXIT'       => 6
+		'EVENT_VFORK_DONE' => 5, 'EVENT_EXIT'       => 6,
+		'EVENT_SECCOMP'    => 7,
 	}
 	WAIT_EXTENDEDRESULT.update WAIT_EXTENDEDRESULT.invert
@@ -261,10 +331,10 @@ class PTrace
 		mknodat  fchownat  futimesat  fstatat64  unlinkat  renameat  linkat  symlinkat  readlinkat  fchmodat
 		faccessat pselect6 ppoll unshare set_robust_list get_robust_list splice sync_file_range tee vmsplice
 		move_pages   getcpu  epoll_pwait  utimensat   signalfd  timerfd  eventfd  fallocate  timerfd_settime
-	       	timerfd_gettime  signalfd4   eventfd2  epoll_create1   dup3   pipe2  inotify_init1   preadv  pwritev
+		timerfd_gettime  signalfd4   eventfd2  epoll_create1   dup3   pipe2  inotify_init1   preadv  pwritev
 		rt_tg_sigqueueinfo perf_counter_open].inject({}) { |h, sc| h.update sc => h.length }
 	SYSCALLNR_I386.update SYSCALLNR_I386.invert
 	SYSCALLNR_X86_64 = %w[read write open close stat fstat lstat poll lseek mmap mprotect munmap brk rt_sigaction
 		rt_sigprocmask  rt_sigreturn ioctl  pread64 pwrite64  readv  writev access  pipe select  sched_yield
 		mremap  msync  mincore  madvise  shmget  shmat  shmctl dup  dup2  pause  nanosleep  getitimer  alarm
@@ -341,7 +411,7 @@ typedef unsigned __int32 __uid_t;
 typedef uintptr_t sigval_t;
 typedef long __clock_t;
-typedef struct siginfo {
+struct siginfo {
     int si_signo;
     int si_errno;
     int si_code;
@@ -377,138 +447,162 @@ typedef struct siginfo {
             long int si_band;	/* Band event for SIGPOLL.  */
             int si_fd;
         } _sigpoll;
+        struct {                /* SIGSYS under SECCOMP */
+            uintptr_t si_calladdr; /* calling insn address */
+            int si_syscall;     /* triggering syscall nr */
+            int si_arch;        /* AUDIT_ARCH_* for syscall */
+        } _sigsys;
     };
-} siginfo_t;
+};
 EOS
 	def sys_ptrace(req, pid, addr, data)
-		data = str_ptr(data) if data.kind_of?(String)
-		addr = [addr].pack(@packint).unpack(@packint).first
-		data = [data].pack(@packint).unpack(@packint).first
-		Kernel.syscall(@host_syscallnr['ptrace'], req, pid, addr, data)
+		ret = @sys_ptrace.ptrace(req, pid, addr, data)
+		if ret < 0 and ret > -256
+			raise SystemCallError.new("ptrace #{COMMAND.index(req) || req}", -ret)
+		end
+		ret
 	end
 	def traceme
-		sys_ptrace(COMMAND['TRACEME'], 0, 0, 0)
+		sys_ptrace(COMMAND[:TRACEME], 0, 0, 0)
 	end
 	def peektext(addr)
-		sys_ptrace(COMMAND['PEEKTEXT'], @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:PEEKTEXT], @pid, addr, @buf)
 		@buf
 	end
 	def peekdata(addr)
-		sys_ptrace(COMMAND['PEEKDATA'], @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:PEEKDATA], @pid, addr, @buf)
 		@buf
 	end
 	def peekusr(addr)
-		sys_ptrace(COMMAND['PEEKUSR'],  @pid, @host_intsize*addr, @bufptr)
-		bufval & ((1 << ([@host_intsize, @intsize].min*8)) - 1)
+		sys_ptrace(COMMAND[:PEEKUSR],  @pid, @host_intsize*addr, @buf)
+		@peekmask ||= (1 << ([@host_intsize, @intsize].min*8)) - 1
+		bufval & @peekmask
 	end
 	def poketext(addr, data)
-		sys_ptrace(COMMAND['POKETEXT'], @pid, addr, data.unpack(@packint).first)
+		sys_ptrace(COMMAND[:POKETEXT], @pid, addr, data.unpack(@packint).first)
 	end
 	def pokedata(addr, data)
-		sys_ptrace(COMMAND['POKEDATA'], @pid, addr, data.unpack(@packint).first)
+		sys_ptrace(COMMAND[:POKEDATA], @pid, addr, data.unpack(@packint).first)
 	end
 	def pokeusr(addr, data)
-		sys_ptrace(COMMAND['POKEUSR'],  @pid, @host_intsize*addr, data)
+		sys_ptrace(COMMAND[:POKEUSR],  @pid, @host_intsize*addr, data)
 	end
 	def getregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)	# AllocCStruct
 		buf ||= [0].pack('C')*512
-		sys_ptrace(COMMAND['GETREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETREGS], @pid, 0, buf)
 		buf
 	end
 	def setregs(buf)
-		sys_ptrace(COMMAND['SETREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETREGS], @pid, 0, buf)
 	end
 	def getfpregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)
 		buf ||= [0].pack('C')*1024
-		sys_ptrace(COMMAND['GETFPREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETFPREGS], @pid, 0, buf)
 		buf
 	end
 	def setfpregs(buf)
-		sys_ptrace(COMMAND['SETFPREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETFPREGS], @pid, 0, buf)
 	end
 	def getfpxregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)
 		buf ||= [0].pack('C')*512
-		sys_ptrace(COMMAND['GETFPXREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETFPXREGS], @pid, 0, buf)
 		buf
 	end
 	def setfpxregs(buf)
-		sys_ptrace(COMMAND['SETFPXREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETFPXREGS], @pid, 0, buf)
 	end
 	def get_thread_area(addr)
-		sys_ptrace(COMMAND['GET_THREAD_AREA'],  @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:GET_THREAD_AREA],  @pid, addr, @buf)
 		bufval
 	end
 	def set_thread_area(addr, data)
-		sys_ptrace(COMMAND['SET_THREAD_AREA'],  @pid, addr, data)
+		sys_ptrace(COMMAND[:SET_THREAD_AREA],  @pid, addr, data)
 	end
 	def prctl(addr, data)
-		sys_ptrace(COMMAND['ARCH_PRCTL'], @pid, addr, data)
+		sys_ptrace(COMMAND[:ARCH_PRCTL], @pid, addr, data)
 	end
 	def cont(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['CONT'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:CONT], @pid, 0, sig)
 	end
 	def kill
-		sys_ptrace(COMMAND['KILL'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:KILL], @pid, 0, 0)
 	end
 	def singlestep(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SINGLESTEP'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SINGLESTEP], @pid, 0, sig)
 	end
 	def singleblock(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SINGLEBLOCK'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SINGLEBLOCK], @pid, 0, sig)
 	end
 	def syscall(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SYSCALL'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SYSCALL], @pid, 0, sig)
 	end
 	def attach
-		sys_ptrace(COMMAND['ATTACH'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:ATTACH], @pid, 0, 0)
 	end
 	def detach
-		sys_ptrace(COMMAND['DETACH'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:DETACH], @pid, 0, 0)
 	end
 	def setoptions(*opt)
 		opt = opt.inject(0) { |b, o| b |= o.kind_of?(Integer) ? o : OPTIONS[o] }
-		sys_ptrace(COMMAND['SETOPTIONS'], @pid, 0, opt)
+		sys_ptrace(COMMAND[:SETOPTIONS], @pid, 0, opt)
 	end
 	# retrieve pid of cld for EVENT_CLONE/FORK, exitcode for EVENT_EXIT
 	def geteventmsg
-		sys_ptrace(COMMAND['GETEVENTMSG'], @pid, 0, @bufptr)
+		sys_ptrace(COMMAND[:GETEVENTMSG], @pid, 0, @buf)
 		bufval
 	end
+	def cp
+		@cp ||= @tgcpu.new_cparser
+	end
+	def siginfo
+		@siginfo ||= (
+			cp.parse SIGINFO_C if not cp.toplevel.struct['siginfo']
+			cp.alloc_c_struct('siginfo')
+		)
+	end
 	def getsiginfo
-		sys_ptrace(COMMAND['GETSIGINFO'], @pid, 0, @siginfo.str)
-		@siginfo
+		sys_ptrace(COMMAND[:GETSIGINFO], @pid, 0, siginfo.str)
+		siginfo
 	end
-	def setsiginfo(si=@siginfo)
+	def setsiginfo(si=siginfo)
 		si = si.str if si.respond_to?(:str)
-		sys_ptrace(COMMAND['SETSIGINFO'], @pid, 0, si)
+		sys_ptrace(COMMAND[:SETSIGINFO], @pid, 0, si)
 	end
 end
@@ -562,7 +656,7 @@ class LinOS < OS
 		# read from /proc/pid/task/
 		def threads
 			Dir.entries("/proc/#{pid}/task/").grep(/^\d+$/).map { |tid| tid.to_i }
-	       	rescue
+		rescue
 			# TODO handle pthread stuff (eg 2.4 kernels)
 			[pid]
 		end
@@ -641,11 +735,29 @@ class LinuxRemoteString < VirtualString
 		self.class.new(@pid, addr, len, dbg)
 	end
-	def do_ptrace
+	def do_ptrace(needproc)
 		if dbg
 			dbg.switch_context(@pid) {
-				# XXX tid ?
-				yield dbg.ptrace if dbg.state == :stopped
+				st = dbg.state
+				next if st != :stopped
+				if needproc
+					# we will try to access /proc/pid/mem
+					# if the main thread is still running, fallback to ptrace.readmem instead
+					pst = (dbg.tid == @pid ? st : dbg.tid_stuff[@pid][:state])
+					if pst != :stopped
+						savedreadfd = @readfd
+						@readfd = nil
+						begin
+							yield dbg.ptrace
+						ensure
+							@readfd = savedreadfd
+						end
+					else
+						yield dbg.ptrace
+					end
+				else
+					yield dbg.ptrace
+				end
 			}
 		else
 			PTrace.open(@pid) { |ptrace| yield ptrace }
@@ -654,11 +766,12 @@ class LinuxRemoteString < VirtualString
 	def rewrite_at(addr, data)
 		# target must be stopped
-		do_ptrace { |ptrace| ptrace.writemem(addr, data) }
+		wr = do_ptrace(false) { |ptrace| ptrace.writemem(addr, data) }
+		raise "couldn't ptrace_write at #{'%x' % addr}" if not wr
 	end
 	def get_page(addr, len=@pagelength)
-		do_ptrace { |ptrace|
+		do_ptrace(true) { |ptrace|
 			begin
 				if readfd and addr < (1<<63)
 					# 1<<63: ruby seek = 'too big to fit longlong', linux read = EINVAL
@@ -675,6 +788,305 @@ class LinuxRemoteString < VirtualString
 	end
 end
+class PTraceContext_Ia32 < PTrace
+	C_STRUCT = <<EOS
+struct user_regs_struct_ia32 {
+	unsigned __int32 ebx;
+	unsigned __int32 ecx;
+	unsigned __int32 edx;
+	unsigned __int32 esi;
+	unsigned __int32 edi;
+	unsigned __int32 ebp;
+	unsigned __int32 eax;
+	unsigned __int32 ds;
+	unsigned __int32 es;
+	unsigned __int32 fs;
+	unsigned __int32 gs;
+	unsigned __int32 orig_eax;
+	unsigned __int32 eip;
+	unsigned __int32 cs;
+	unsigned __int32 eflags;
+	unsigned __int32 esp;
+	unsigned __int32 ss;
+};
+struct user_fxsr_struct_ia32 {
+	unsigned __int16 cwd;
+	unsigned __int16 swd;
+	unsigned __int16 twd;
+	unsigned __int16 fop;
+	unsigned __int32 fip;
+	unsigned __int32 fcs;
+	unsigned __int32 foo;
+	unsigned __int32 fos;
+	unsigned __int32 mxcsr;
+	unsigned __int32 reserved;
+	unsigned __int32 st_space[32];   /* 8*16 bytes for each FP-reg = 128 bytes */
+	unsigned __int32 xmm_space[32];  /* 8*16 bytes for each XMM-reg = 128 bytes */
+	unsigned __int32 padding[56];
+};
+EOS
+	def initialize(ptrace, pid=ptrace.pid)
+		super(ptrace, :dup)
+		@pid = pid
+		@cp = ptrace.cp
+		init
+	end
+	def init
+		@gpr = @@gpr_ia32 ||= [:ebx, :ecx, :edx, :esi, :edi, :ebp, :eax,
+			:ds, :es, :fs, :gs, :orig_eax, :eip, :cs, :eflags,
+			:esp, :ss].inject({}) { |h, r| h.update r => true }
+		@gpr_peek = @@gpr_peek_ia32 ||= (0..7).inject({}) { |h, i|
+			h.update "dr#{i}".to_sym => REGS_I386["DR#{i}"] }
+		@gpr_sub = @@gpr_sub_ia32 ||= gpr_sub_init
+		@xmm = @@xmm_ia32 ||= [:cwd, :swd, :twd, :fop, :fip, :fcs, :foo,
+			:fos, :mxcsr].inject({}) { |h, r| h.update r => true }
+		@cp.parse C_STRUCT if not @cp.toplevel.struct['user_regs_struct_ia32']
+		@gpr_st = @xmm_st = nil
+	end
+	# :bh => [:ebx, 0xff, 8]
+	# XXX similar to Reg.symbolic... DRY
+	def gpr_sub_init
+		ret = {}
+		%w[a b c d].each { |r|
+			b = "e#{r}x".to_sym
+			ret["#{r}x".to_sym] = [b, 0xffff]
+			ret["#{r}l".to_sym] = [b, 0xff]
+			ret["#{r}h".to_sym] = [b, 0xff, 8]
+		}
+		%w[sp bp si di].each { |r|
+			b = "e#{r}".to_sym
+			ret[r.to_sym] = [b, 0xffff]
+		}
+		ret[:orig_rax] = [:orig_eax, 0xffff_ffff]
+		ret
+	end
+	def do_getregs
+		st = cp.alloc_c_struct('user_regs_struct_ia32')
+		getregs(st)
+		st
+	end
+	def do_setregs(st=@gpr_st)
+		setregs(st)
+	end
+	def do_getxmm
+		st = cp.alloc_c_struct('user_fxsr_struct_ia32')
+		getfpxregs(st)
+		st
+	end
+	def do_setxmm(st=@xmm_st)
+		setfpxregs(st)
+	end
+	def get_reg(r)
+		r = r.downcase if r == 'ORIG_EAX' or r == 'ORIG_RAX'
+		rs = r.to_sym
+		if @gpr[rs]
+			@gpr_st ||= do_getregs
+			@gpr_st[rs]
+		elsif o = @gpr_peek[rs]
+			peekusr(o)
+		elsif o = @gpr_sub[rs]
+			v = get_reg(o[0])
+			v >>= o[2] if o[2]
+			v &= o[1]
+		elsif @xmm[rs]
+			@xmm_st ||= do_getxmm
+			@xmm_st[rs]
+		else
+			case r.to_s
+			when /^st(\d?)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				[fu[4*i], fu[4*i+1], fu[4*i+2]].pack('L*').unpack('D').first	# XXX
+			when /^mmx?(\d)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i] | (fu[4*i + 1] << 32)
+			when /^xmm(\d+)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.xmm_space
+				fu[4*i] | (fu[4*i + 1] << 32) | (fu[4*i + 2] << 64) | (fu[4*i + 3] << 96)
+			# TODO when /^ymm(\d+)$/i
+			else raise "unknown register name #{r}"
+			end
+		end
+	end
+	def set_reg(r, v)
+		r = r.downcase if r == 'ORIG_EAX' or r == 'ORIG_RAX'
+		rs = r.to_sym
+		if @gpr[rs]
+			@gpr_st ||= do_getregs
+			@gpr_st[rs] = v
+			do_setregs
+		elsif o = @gpr_peek[rs]
+			pokeusr(o, v)
+		elsif o = @gpr_sub[rs]
+			vo = get_reg(o[0])
+			msk = o[1]
+			v &= o[1]
+			if o[2]
+				msk <<= o[2]
+				v <<= o[2]
+			end
+			v |= vo & ~msk
+			set_reg(o[0], v)
+		elsif @xmm[rs]
+			@xmm_st ||= do_getxmm
+			@xmm_st[rs] = v
+			do_setxmm
+		else
+			case r.to_s
+			when /^st(\d?)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i], fu[4*i+1], fu[4*i+2] = [v, -1].pack('DL').unpack('L*')	# XXX
+				do_setxmm
+			when /^mmx?(\d)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i] = v & 0xffff_ffff
+				fu[4*i + 1] = (v >> 32) & 0xffff_ffff
+				do_setxmm
+			when /^xmm(\d+)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.xmm_space
+				fu[4*i] = v & 0xffff_ffff
+				fu[4*i + 1] = (v >> 32) & 0xffff_ffff
+				fu[4*i + 2] = (v >> 64) & 0xffff_ffff
+				fu[4*i + 3] = (v >> 96) & 0xffff_ffff
+				do_setxmm
+			# TODO when /^ymm(\d+)$/i
+			else raise "unknown register name #{r}"
+			end
+		end
+	end
+end
+class PTraceContext_X64 < PTraceContext_Ia32
+	C_STRUCT = <<EOS
+struct user_regs_struct_x64 {
+	unsigned __int64 r15;
+	unsigned __int64 r14;
+	unsigned __int64 r13;
+	unsigned __int64 r12;
+	unsigned __int64 rbp;
+	unsigned __int64 rbx;
+	unsigned __int64 r11;
+	unsigned __int64 r10;
+	unsigned __int64 r9;
+	unsigned __int64 r8;
+	unsigned __int64 rax;
+	unsigned __int64 rcx;
+	unsigned __int64 rdx;
+	unsigned __int64 rsi;
+	unsigned __int64 rdi;
+	unsigned __int64 orig_rax;
+	unsigned __int64 rip;
+	unsigned __int64 cs;
+	unsigned __int64 rflags;
+	unsigned __int64 rsp;
+	unsigned __int64 ss;
+	unsigned __int64 fs_base;
+	unsigned __int64 gs_base;
+	unsigned __int64 ds;
+	unsigned __int64 es;
+	unsigned __int64 fs;
+	unsigned __int64 gs;
+};
+struct user_i387_struct_x64 {
+	unsigned __int16 cwd;
+	unsigned __int16 swd;
+	unsigned __int16 twd;    /* Note this is not the same as the 32bit/x87/FSAVE twd */
+	unsigned __int16 fop;
+	unsigned __int64 rip;
+	unsigned __int64 rdp;
+	unsigned __int32 mxcsr;
+	unsigned __int32 mxcsr_mask;
+	unsigned __int32 st_space[32];   /* 8*16 bytes for each FP-reg = 128 bytes */
+	unsigned __int32 xmm_space[64];  /* 16*16 bytes for each XMM-reg = 256 bytes */
+	unsigned __int32 padding[24];
+	// YMM ?
+};
+EOS
+	def init
+		@gpr = @@gpr_x64 ||= [:r15, :r14, :r13, :r12, :rbp, :rbx, :r11,
+			:r10, :r9, :r8, :rax, :rcx, :rdx, :rsi, :rdi, :orig_rax,
+			:rip, :cs, :rflags, :rsp, :ss, :fs_base, :gs_base, :ds,
+			:es, :fs, :gs].inject({}) { |h, r| h.update r => true }
+		@gpr_peek = @@gpr_peek_x64 ||= (0..7).inject({}) { |h, i|
+			h.update "dr#{i}".to_sym => REGS_X86_64["DR#{i}"] }
+		@gpr_sub = @@gpr_sub_x64 ||= gpr_sub_init
+		@xmm = @@xmm_x64 ||= [:cwd, :swd, :twd, :fop, :rip, :rdp, :mxcsr,
+			:mxcsr_mask].inject({}) { |h, r| h.update r => true }
+		@cp.parse C_STRUCT if not @cp.toplevel.struct['user_regs_struct_x64']
+		@gpr_st = @xmm_st = nil
+	end
+	def gpr_sub_init
+		ret = {}
+		%w[a b c d].each { |r|
+			b = "r#{r}x".to_sym
+			ret["e#{r}x".to_sym] = [b, 0xffff_ffff]
+			ret[ "#{r}x".to_sym] = [b, 0xffff]
+			ret[ "#{r}l".to_sym] = [b, 0xff]
+			ret[ "#{r}h".to_sym] = [b, 0xff, 8]
+		}
+		%w[sp bp si di].each { |r|
+			b = "r#{r}".to_sym
+			ret["e#{r}".to_sym] = [b, 0xffff_ffff]
+			ret[ "#{r}".to_sym] = [b, 0xffff]
+			ret["#{r}l".to_sym] = [b, 0xff]
+		}
+		(8..15).each { |i|
+			b = "r#{i}".to_sym
+			ret["r#{i}d"] = [b, 0xffff_ffff]
+			ret["r#{i}w"] = [b, 0xffff]
+			ret["r#{i}b"] = [b, 0xff]
+		}
+		ret[:eip] = [:rip, 0xffff_ffff]
+		ret[:eflags] = [:rflags, 0xffff_ffff]
+		ret[:orig_eax] = [:orig_rax, 0xffff_ffff]
+		ret
+	end
+	def do_getregs
+		st = cp.alloc_c_struct('user_regs_struct_x64')
+		getregs(st)
+		st
+	end
+	def do_setregs(st=@gpr_st)
+		setregs(st)
+	end
+	def do_getxmm
+		st = cp.alloc_c_struct('user_i387_struct_x64')
+		getfpregs(st)
+		st
+	end
+	def do_setxmm(st=@xmm_st)
+		setfpregs(st)
+	end
+end
 module ::Process
 	WALL   = 0x40000000 if not defined? WALL
 	WCLONE = 0x80000000 if not defined? WCLONE
@@ -683,10 +1095,10 @@ end
 # this class implements a high-level API over the ptrace debugging primitives
 class LinDebugger < Debugger
 	# ptrace is per-process or per-thread ?
-	attr_accessor :ptrace, :continuesignal, :has_pax_mprotect, :target_syscall
+	attr_accessor :ptrace, :continuesignal, :has_pax_mprotect, :target_syscall, :cached_waitpid
 	attr_accessor :callback_syscall, :callback_branch, :callback_exec
-	def initialize(pidpath=nil)
+	def initialize(pidpath=nil, &b)
 		super()
 		@pid_stuff_list << :has_pax_mprotect << :ptrace	<< :breaking << :os_process
 		@tid_stuff_list << :continuesignal << :saved_csig << :ctx << :target_syscall
@@ -696,15 +1108,14 @@ class LinDebugger < Debugger
 		@callback_syscall = lambda { |i| log "syscall #{i[:syscall]}" }
 		@callback_exec = lambda { |i| log "execve #{os_process.path}" }
+		@cached_waitpid = []
 		return if not pidpath
-		begin
-			pid = Integer(pidpath)
-			attach(pid)
-		rescue ArgumentError
-			create_process(pidpath)
-		end
+		t = begin; Integer(pidpath)
+		    rescue ArgumentError, TypeError
+		    end
+		t ? attach(t) : create_process(pidpath, &b)
 	end
 	def shortname; 'lindbg'; end
@@ -715,11 +1126,18 @@ class LinDebugger < Debugger
 		set_context(pt.pid, pt.pid)	# swapout+init_newpid
 		log "attached #@pid"
 		list_threads.each { |tid| attach_thread(tid) if tid != @pid }
+		set_tid @pid
 	end
 	# create a process and debug it
-	def create_process(path)
-		pt = PTrace.new(path, :create)
+	# if given a block, the block is run in the context of the ruby subprocess
+	# after the fork() and before exec()ing the target binary
+	# you can use it to eg tweak file descriptors:
+	#  tg_stdin_r, tg_stdin_w = IO.pipe
+	#  create_process('/bin/cat') { tg_stdin_w.close ; $stdin.reopen(tg_stdin_r) }
+	#  tg_stdin_w.write 'lol'
+	def create_process(path, &b)
+		pt = PTrace.new(path, :create, &b)
 		# TODO save path, allow restart etc
 		set_context(pt.pid, pt.pid)	# swapout+init_newpid
 		log "attached #@pid"
@@ -727,10 +1145,10 @@ class LinDebugger < Debugger
 	def initialize_cpu
 		@cpu = os_process.cpu
-		# need to init @ptrace here, before init_dasm calls gui.swapin
+		# need to init @ptrace here, before init_dasm calls gui.swapin	XXX this stinks
 		@ptrace = PTrace.new(@pid, false)
 		if @cpu.size == 64 and @ptrace.reg_off['EAX']
-			hack_64_32
+			hack_x64_32
 		end
 		set_tid @pid
 		set_thread_options
@@ -764,19 +1182,18 @@ class LinDebugger < Debugger
 		os_process.modules
 	end
-	# we're a 32bit process debugging a 64bit target
+	# We're a 32bit process debugging a 64bit target
 	# the ptrace kernel interface we use only allow us a 32bit-like target access
-	# with this we advertize the cpu as having eax..edi registers (the only one we
+	# With this we advertize the cpu as having eax..edi registers (the only one we
 	# can access), while still decoding x64 instructions (whose addr < 4G)
-	def hack_64_32
+	def hack_x64_32
 		log "WARNING: debugging a 64bit process from a 32bit debugger is a very bad idea !"
-		@cpu.instance_eval {
-			ia32 = Ia32.new
-			@dbg_register_pc = ia32.dbg_register_pc
-			@dbg_register_flags = ia32.dbg_register_flags
-			@dbg_register_list = ia32.dbg_register_list
-			@dbg_register_size = ia32.dbg_register_size
-		}
+		ia32 = Ia32.new
+		@cpu.instance_variable_set('@dbg_register_pc', ia32.dbg_register_pc)
+		@cpu.instance_variable_set('@dbg_register_sp', ia32.dbg_register_sp)
+		@cpu.instance_variable_set('@dbg_register_flags', ia32.dbg_register_flags)
+		@cpu.instance_variable_set('@dbg_register_list', ia32.dbg_register_list)
+		@cpu.instance_variable_set('@dbg_register_size', ia32.dbg_register_size)
 	end
 	# attach a thread of the current process
@@ -784,9 +1201,16 @@ class LinDebugger < Debugger
 		set_tid tid
 		@ptrace.pid = tid
 		@ptrace.attach
-		@state = :stopped	# no need to wait()
+		@state = :stopped
+		# store this waitpid so that we can return it in a future check_target
+		::Process.waitpid(tid, ::Process::WALL)
+		# XXX can $? be safely stored?
+		@cached_waitpid << [tid, $?.dup]
 		log "attached thread #{tid}"
 		set_thread_options
+	rescue Errno::ESRCH
+		# raced, thread quitted already
+		del_tid
 	end
 	# set the debugee ptrace options (notify clone/exec/exit, and fork/vfork depending on @trace_children)
@@ -807,27 +1231,23 @@ class LinDebugger < Debugger
 		super()
 	end
-	# a hash of the current thread context
-	# TODO keys = :gpr, :fpu, :xmm, :dr ; val = AllocCStruct
-	# include accessors for st0/xmm12 (@ptrace.getfpregs.unpack etc)
+	# current thread register values accessor
 	def ctx
-		@ctx ||= {}
+		@ctx ||= case @ptrace.host_csn
+			 when 'ia32'; PTraceContext_Ia32.new(@ptrace, @tid)
+			 when 'x64'; PTraceContext_X64.new(@ptrace, @tid)
+			 else raise '8==D'
+			 end
 	end
 	def get_reg_value(r)
-		raise "bad register #{r}" if not k = @ptrace.reg_off[r.to_s.upcase]
-		return ctx[r] || 0 if @state != :stopped
-		@ptrace.pid = @tid
-		ctx[r] ||= @ptrace.peekusr(k)
+		return 0 if @state != :stopped
+		ctx.get_reg(r)
 	rescue Errno::ESRCH
 		0
 	end
 	def set_reg_value(r, v)
-		raise "bad register #{r}" if not k = @ptrace.reg_off[r.to_s.upcase]
-		ctx[r] = v
-		return if @state != :stopped
-		@ptrace.pid = @tid
-		@ptrace.pokeusr(k, v)
+		ctx.set_reg(r, v)
 	end
 	def update_waitpid(status)
@@ -851,14 +1271,14 @@ class LinDebugger < Debugger
 			end
 		elsif status.stopped?
 			sig = status.stopsig & 0x7f
-			signame = PTrace::SIGNAL[sig]
+			signame = PTrace::SIGNAL[sig]
 			if signame == 'TRAP'
 				if status.stopsig & 0x80 > 0
 					# XXX int80 in x64 => syscallnr32 ?
 					evt_syscall info.update(:syscall => @ptrace.syscallnr[get_reg_value(@ptrace.syscallreg)])
 				elsif (status >> 16) > 0
-					case o = PTrace::WAIT_EXTENDEDRESULT[status >> 16]
+					case PTrace::WAIT_EXTENDEDRESULT[status >> 16]
 					when 'EVENT_FORK', 'EVENT_VFORK'
 						# parent notification of a fork
 						# child receives STOP (may have already happened)
@@ -870,6 +1290,7 @@ class LinDebugger < Debugger
 						resume_badbreak
 					when 'EVENT_EXIT'
+						@ptrace.pid = @tid
 						info.update :exitcode => @ptrace.geteventmsg
 						if @tid == @pid
 							evt_endprocess info
@@ -885,6 +1306,7 @@ class LinDebugger < Debugger
 					end
 				else
+					@ptrace.pid = @tid
 					si = @ptrace.getsiginfo
 					case si.si_code
 					when PTrace::SIGINFO['BRKPT'],
@@ -915,6 +1337,7 @@ class LinDebugger < Debugger
 			elsif signame == 'STOP' and @breaking
 				@state = :stopped
 				@info = 'break'
+				@breaking.call if @breaking.kind_of? Proc
 				@breaking = nil
 			else
@@ -923,6 +1346,7 @@ class LinDebugger < Debugger
 				if signame == 'SEGV'
 					# need more data on access violation (for bpm)
 					info.update :type => 'access violation'
+					@ptrace.pid = @tid
 					si = @ptrace.getsiginfo
 					access = case si.si_code
 						 when PTrace::SIGINFO['MAPERR']; :r	# XXX write access to unmapped => ?
@@ -937,36 +1361,53 @@ class LinDebugger < Debugger
 			evt_exception info.update(:type => "unknown wait #{status.inspect}")
 		end
 	end
 	def set_tid_findpid(tid)
 		return if tid == @tid
-		if tid != @pid and pr = list_processes.find { |p| p.threads.include? tid }
-			set_pid pr.pid
+		if tid != @pid and !@tid_stuff[tid]
+			if kv = @pid_stuff.find { |k, v| v[:tid_stuff] and v[:tid_stuff][tid] }
+				set_pid kv[0]
+			elsif pr = list_processes.find { |p| p.threads.include?(tid) }
+				set_pid pr.pid
+			end
 		end
 		set_tid tid
 	end
 	def do_check_target
-		return unless t = ::Process.waitpid(-1, ::Process::WNOHANG | ::Process::WALL)
-		# XXX all threads may have stopped, wait them now ?
+		if @cached_waitpid.empty?
+			t = ::Process.waitpid(-1, ::Process::WNOHANG | ::Process::WALL)
+			st = $?
+		else
+			t, st = @cached_waitpid.shift
+		end
+		return if not t
 		set_tid_findpid t
-		update_waitpid $?
+		update_waitpid st
+		true
 	rescue ::Errno::ECHILD
 	end
 	def do_wait_target
-		t = ::Process.waitpid(-1, ::Process::WALL)
+		if @cached_waitpid.empty?
+			t = ::Process.waitpid(-1, ::Process::WALL)
+			st = $?
+		else
+			t, st = @cached_waitpid.shift
+		end
 		set_tid_findpid t
-		update_waitpid $?
+		update_waitpid st
 	rescue ::Errno::ECHILD
 	end
 	def do_continue
+		@state = :running
 		@ptrace.pid = tid
 		@ptrace.cont(@continuesignal)
 	end
 	def do_singlestep(*a)
+		@state = :running
 		@ptrace.pid = tid
 		@ptrace.singlestep(@continuesignal)
 	end
@@ -975,10 +1416,21 @@ class LinDebugger < Debugger
 	# regexp allowed to wait a specific syscall
 	def syscall(arg=nil)
 		arg = nil if arg and arg.strip == ''
-		return if not check_pre_run(:syscall, arg)
-		@target_syscall = arg
-		@ptrace.pid = @tid
-		@ptrace.syscall(@continuesignal)
+		if b = check_breakpoint_cause and b.hash_shared.find { |bb| bb.state == :active }
+			singlestep_bp(b) {
+				next if not check_pre_run(:syscall, arg)
+				@target_syscall = arg
+				@state = :running
+				@ptrace.pid = @tid
+				@ptrace.syscall(@continuesignal)
+			}
+		else
+			return if not check_pre_run(:syscall, arg)
+			@target_syscall = arg
+			@state = :running
+			@ptrace.pid = @tid
+			@ptrace.syscall(@continuesignal)
+		end
 	end
 	def syscall_wait(*a, &b)
@@ -990,9 +1442,19 @@ class LinDebugger < Debugger
 	def singleblock
 		# record as singlestep to avoid evt_singlestep -> evt_exception
 		# step or block doesn't matter much here anyway
-		return if not check_pre_run(:singlestep)
-		@ptrace.pid = @tid
-		@ptrace.singleblock(@continuesignal)
+		if b = check_breakpoint_cause and b.hash_shared.find { |bb| bb.state == :active }
+			singlestep_bp(b) {
+				next if not check_pre_run(:singlestep)
+				@state = :running
+				@ptrace.pid = @tid
+				@ptrace.singleblock(@continuesignal)
+			}
+		else
+			return if not check_pre_run(:singlestep)
+			@state = :running
+			@ptrace.pid = @tid
+			@ptrace.singleblock(@continuesignal)
+		end
 	end
 	def singleblock_wait(*a, &b)
@@ -1034,8 +1496,8 @@ class LinDebugger < Debugger
 		# calling continue() here will loop back to TRAP+INFO_EXEC
 	end
-	def break
-		@breaking = true
+	def break(&b)
+		@breaking = b || true
 		kill 'STOP'
 	end
@@ -1059,7 +1521,7 @@ class LinDebugger < Debugger
 		when nil, ''; 9
 		when Integer; sig
 		when String
-		       	sig = sig.upcase.sub(/^SIG_?/, '')
+			sig = sig.upcase.sub(/^SIG_?/, '')
 			PTrace::SIGNAL[sig] || Integer(sig)
 		else raise "unhandled signal #{sig.inspect}"
 		end
@@ -1067,10 +1529,25 @@ class LinDebugger < Debugger
 	# stop debugging the current process
 	def detach
+		if @state == :running
+			# must be stopped so we can rm bps
+			self.break { detach }
+			mypid = @pid
+			wait_target
+			# after syscall(), wait will return once for interrupted syscall,
+			# and we need to wait more for the break callback to kick in
+			if @pid == mypid and @state == :stopped and @info =~ /syscall/
+				do_continue
+				check_target
+			end
+			return
+		end
 		del_all_breakpoints
 		each_tid {
 			@ptrace.pid = @tid
-			@ptrace.detach
+			@ptrace.detach rescue nil
 			@delete_thread = true
 		}
 		del_pid