RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} RENAMED

@@ -5,6 +5,7 @@
 require 'metasm/os/main'
+require 'metasm/debug'
 require 'socket'
 module Metasm
@@ -23,9 +24,11 @@ class GdbClient
 	def gdb_send(cmd, buf='')
 		buf = cmd + buf
 		buf = '$' << buf << '#' << gdb_csum(buf)
+		log "gdb_send #{buf.inspect}" if $DEBUG
 		5.times {
 			@io.write buf
+			out = ''
 			loop do
 				break if not IO.select([@io], nil, nil, 0.2)
 				raise Errno::EPIPE if not ack = @io.read(1)
@@ -33,12 +36,15 @@ class GdbClient
 				when '+'
 					return true
 				when '-'
-					puts "gdb_send: ack neg" if $DEBUG
+					log "gdb_send: ack neg" if $DEBUG
 					break
 				when nil
 					return
+				else
+					out << ack
 				end
 			end
+			log "no ack, got #{out.inspect}" if out != ''
 		}
 		log "send error #{cmd.inspect} (no ack)"
@@ -62,8 +68,18 @@ class GdbClient
 		buf = nil
 		while @recv_ctx
-			return unless IO.select([@io], nil, nil, timeout)
-			raise Errno::EPIPE if not c = @io.read(1)
+			if !@recv_ctx[:rbuf]
+				return unless IO.select([@io], nil, nil, timeout)
+				if @io.kind_of?(UDPSocket)
+					raise Errno::EPIPE if not @recv_ctx[:rbuf] = @io.recvfrom(65536)[0]
+				else
+					raise Errno::EPIPE if not c = @io.read(1)
+				end
+			end
+			if @recv_ctx[:rbuf]
+				c = @recv_ctx[:rbuf].slice!(0, 1)
+				@recv_ctx.delete :rbuf if @recv_ctx[:rbuf] == ''
+			end
 			case @recv_ctx[:state]
 			when :nosync
@@ -107,11 +123,11 @@ class GdbClient
 			end
 			outstr << unhex($1)
 			ret = gdb_readresp(timeout, outstr)
-			outstr.split("\n").each { |e| log 'gdb: ' + e } if first
+			outstr.split("\n").each { |o| log 'gdb: ' + o } if first
 			return ret
 		end
-		puts "gdb_readresp: got #{buf[0, 64].inspect}#{'...' if buf.length > 64}" if $DEBUG
+		log "gdb_readresp: got #{buf[0, 64].inspect}#{'...' if buf.length > 64}" if $DEBUG
 		buf
 	end
@@ -169,7 +185,7 @@ class GdbClient
 				buf = gdb_msg('g')
 				regs = unhex(unrle(buf)) if buf
 				if not buf or regs.length < @regmsgsize
-					raise "regs buffer recv is too short !"
+					raise "regs buffer recv is too short ! (#{regs.length} < #{@regmsgsize})"
 				end
 			end
 			Hash[*@gdbregs.zip(@unpack_int[regs]).flatten]
@@ -232,9 +248,9 @@ class GdbClient
 		case io
 		when IO; @io = io
-		when /^udp:(.*):(.*?)$/i; @io = UDPSocket.new ; @io.connect($1, $2)
-		when /^(?:tcp:)?(.*):(.*?)$/i; @io = TCPSocket.open($1, $2)	# XXX matches C:\fail
-		# TODO pipe, serial port, etc ; also check ipv6
+		when /^ser:(.*)/i; @io = File.open($1, 'rb+')
+		when /^udp:\[?(.*)\]?:(.*?)$/i; @io = UDPSocket.new ; @io.connect($1, $2)
+		when /^(?:tcp:)?\[?(..+)\]?:(.*?)$/i; @io = TCPSocket.open($1, $2)
 		else raise "unknown target #{io.inspect}"
 		end
@@ -242,6 +258,10 @@ class GdbClient
 	end
 	def gdb_setup
+		pnd = ''
+		pnd << @io.read(1) while IO.select([@io], nil, nil, 0.2)
+		log "startpending: #{pnd.inspect}" if pnd != ''
 		gdb_msg('q', 'Supported')
 		#gdb_msg('Hc', '-1')
 		#gdb_msg('qC')
@@ -295,17 +315,22 @@ class GdbClient
 	attr_accessor :logger, :quiet
 	def log(s)
+		puts s if $DEBUG and logger
 		return if quiet
-		@logger ||= $stdout
-		@logger.puts s
+		logger ? logger.log(s) : puts(s)
 	end
+	attr_accessor :ptrsz
 	# setup the various function used to pack ints & the reg list
 	# according to a target CPU
 	def setup_arch(cpu)
+		@ptrsz = cpu.size
 		case cpu.shortname
-		when 'ia32'
+		when /^ia32/
+			@ptrsz = 32
 			@gdbregs = GDBREGS_IA32
 			@regmsgsize = 4 * @gdbregs.length
 		when 'x64'
@@ -314,6 +339,12 @@ class GdbClient
 		when 'arm'
 			@gdbregs = cpu.dbg_register_list
 			@regmsgsize = 4 * @gdbregs.length
+		when 'arm64'
+			@gdbregs = cpu.dbg_register_list
+			@regmsgsize = 8 * @gdbregs.length
+		when 'mips'
+			@gdbregs = cpu.dbg_register_list
+			@regmsgsize = cpu.size/8 * @gdbregs.length
 		else
 			# we can still use readmem/kill and other generic commands
 			# XXX serverside setregs may fail if we give an incorrect regbuf size
@@ -324,7 +355,7 @@ class GdbClient
 		# yay life !
 		# do as if cpu is littleendian, fixup at the end
-		case cpu.size
+		case @ptrsz
 		when 16
 			@pack_netint   = lambda { |i| i.pack('n*') }
 			@unpack_netint = lambda { |s| s.unpack('n*') }
@@ -345,7 +376,7 @@ class GdbClient
 				@pack_netint, @pack_int = @pack_int, @pack_netint
 				@unpack_netint, @unpack_int = @unpack_int, @unpack_netint
 			end
-		else raise "GdbServer: unsupported cpu size #{cpu.size}"
+		else raise "GdbServer: unsupported cpu size #{@ptrsz}"
 		end
 		# if target cpu is bigendian, use netint everywhere
@@ -362,7 +393,7 @@ class GdbRemoteString < VirtualString
 	def initialize(gdb, addr_start=0, length=nil)
 		@gdb = gdb
-		length ||= 1 << (@gdb.cpu.size rescue 32)
+		length ||= 1 << (@gdb.ptrsz || 32)
 		@pagelength = 512
 		super(addr_start, length)
 	end
@@ -389,17 +420,55 @@ end
 # this class implements a high-level API using the gdb-server network debugging protocol
 class GdbRemoteDebugger < Debugger
-	attr_accessor :gdb, :check_target_timeout
+	attr_accessor :gdb, :check_target_timeout, :reg_val_cache
 	def initialize(url, cpu='Ia32')
+		super()
+		@tid_stuff_list << :reg_val_cache << :regs_dirty
 		@gdb = GdbClient.new(url, cpu)
 		@gdb.logger = self
-		@cpu = @gdb.cpu
-		@memory = GdbRemoteString.new(@gdb)
-		@reg_val_cache = {}
-		@regs_dirty = false
 		# when checking target, if no message seen since this much seconds, send a 'status' query
 		@check_target_timeout = 1
+		set_context(28, 28)
+	end
+	def check_pid(pid)
+		# return nil if pid == nil
+		pid
+	end
+	def check_tid(tid)
+		tid
+	end
+	def list_processes
+		[@pid].compact
+	end
+	def list_threads
+		[@tid].compact
+	end
+	def mappings
+		[]
+	end
+	def modules
+		[]
+	end
+	def initialize_newtid
 		super()
+		@reg_val_cache = {}
+		@regs_dirty = false
+	end
+	attr_accessor :realmode
+	def initialize_cpu
+		@cpu = @gdb.cpu
+		@realmode = true if @cpu and @cpu.shortname =~ /^ia32_16/
+	end
+	def initialize_memory
+		@memory = GdbRemoteString.new(@gdb)
 	end
 	def invalidate
@@ -409,12 +478,24 @@ class GdbRemoteDebugger < Debugger
 	end
 	def get_reg_value(r)
+		r = r.to_sym
 		return @reg_val_cache[r] || 0 if @state != :stopped
 		sync_regs
 		@reg_val_cache = @gdb.read_regs || {} if @reg_val_cache.empty?
+		if realmode
+			case r
+			when :eip; seg = :cs
+			when :esp; seg = :ss
+			else seg = :ds
+			end
+			# XXX seg override
+			return @reg_val_cache[seg].to_i*16 + @reg_val_cache[r].to_i
+		end
 		@reg_val_cache[r] || 0
 	end
 	def set_reg_value(r, v)
+		r = r.to_sym
+		# XXX realmode
 		@reg_val_cache[r] = v
 		@regs_dirty = true
 	end
@@ -426,37 +507,49 @@ class GdbRemoteDebugger < Debugger
 	def do_check_target
 		return if @state == :dead
+		# keep-alive on the connexion
 		t = Time.now
 		@last_check_target ||= t
 		if @state == :running and t - @last_check_target > @check_target_timeout
 			@gdb.io.write '$?#' << @gdb.gdb_csum('?')
 			@last_check_target = t
 		end
 		return unless i = @gdb.check_target(0.01)
-		invalidate if i[:state] == :stopped and @state != :stopped
-		@state, @info = i[:state], i[:info]
-		@info = nil if @info =~ /TRAP/
+		update_state(i)
+		true
 	end
 	def do_wait_target
 		return unless i = @gdb.check_target(nil)
-		invalidate if i[:state] == :stopped and @state != :stopped
-		@state, @info = i[:state], i[:info]
-		@info = nil if @info =~ /TRAP/
+		update_state(i)
+	end
+	def update_state(i)
+		@info = (i[:info] if i[:info] !~ /TRAP/)
+		if i[:state] == :stopped and @state != :stopped
+			invalidate
+			@state = i[:state]
+			case @run_method
+			when :singlestep
+				evt_singlestep
+			else
+				evt_bpx	# XXX evt_hwbp?
+			end
+		else
+			@state = i[:state]
+		end
 	end
 	def do_continue(*a)
-		return if @state != :stopped
 		@state = :running
-		@info = 'continue'
 		@gdb.continue
 		@last_check_target = Time.now
 	end
 	def do_singlestep(*a)
-		return if @state != :stopped
 		@state = :running
-		@info = 'singlestep'
 		@gdb.singlestep
 		@last_check_target = Time.now
 	end
@@ -467,53 +560,52 @@ class GdbRemoteDebugger < Debugger
 	def kill(sig=nil)
 		# TODO signal nr
-		@gdb.kill
 		@state = :dead
-		@info = 'killed'
+		@gdb.kill
 	end
 	def detach
-		super()	# remove breakpoints & stuff
-		@gdb.detach
-		@state = :dead
-		@info = 'detached'
+		del_all_breakpoints
+		del_pid
 	end
-	# set to true to use the gdb msg to handle bpx, false to set 0xcc ourself
+	# set to true to use the gdb msg to handle bpx, false to set 0xcc manually ourself
 	attr_accessor :gdb_bpx
-	def enable_bp(addr)
-		return if not b = @breakpoint[addr]
-		b.state = :active
+	def do_enable_bp(b)
 		case b.type
+		when :bpm
+			do_enable_bpm(b)
 		when :bpx
 			if gdb_bpx
-				@gdb.set_hwbp('s', addr, 1)
+				@gdb.set_hwbp('s', b.address, 1)
 			else
-				@cpu.dbg_enable_bp(self, addr, b)
+				@cpu.dbg_enable_bp(self, b)
 			end
-		when :hw
-			@gdb.set_hwbp(b.mtype, addr, b.mlen)
+		when :hwbp
+			@gdb.set_hwbp(b.internal[:type], b.address, b.internal[:len])
 		end
 	end
-	def disable_bp(addr)
-		return if not b = @breakpoint[addr]
-		b.state = :inactive
+	def do_disable_bp(b)
 		case b.type
+		when :bpm
+			do_disable_bpm(b)
 		when :bpx
 			if gdb_bpx
-				@gdb.unset_hwbp('s', addr, 1)
+				@gdb.unset_hwbp('s', b.address, 1)
 			else
-				@cpu.dbg_disable_bp(self, addr, b)
+				@cpu.dbg_disable_bp(self, b)
 			end
-		when :hw
-			@gdb.unset_hwbp(b.mtype, addr, b.mlen)
+		when :hwbp
+			@gdb.unset_hwbp(b.internal[:type], b.address, b.internal[:len])
 		end
 	end
 	def check_pre_run(*a)
-		sync_regs
-		super(*a)
+		if ret = super(*a)
+			sync_regs
+			ret
+		end
 	end
 	def loadallsyms

data/{lib/metasm → metasm}/os/gnu_exports.rb RENAMED

@@ -258,7 +258,7 @@ libruby1.8.so.1.8
  ruby_current_node ruby_debug ruby_description ruby_digitmap ruby_dln_librefs ruby_dyna_vars ruby_errinfo ruby_eval_tree ruby_eval_tree_begin ruby_frame
  ruby_gc_stress ruby_ignorecase ruby_in_compile ruby_in_eval ruby_inplace_mode ruby_nerrs ruby_patchlevel ruby_platform ruby_release_date ruby_safe_level
  ruby_sandbox_restore ruby_sandbox_save ruby_scope ruby_sourcefile ruby_sourceline ruby_top_cref ruby_top_self ruby_verbose ruby_version ruby_yychar
- ruby_yydebug ruby_yylval
+ ruby_yydebug ruby_yylval rb_float_new_in_heap
 EOL
 	curlibname = nil
 	data.each_line { |l|

data/{lib/metasm → metasm}/os/linux.rb RENAMED

@@ -5,6 +5,7 @@
 require 'metasm/os/main'
+require 'metasm/debug'
 module Metasm
 class PTrace
@@ -13,9 +14,11 @@ class PTrace
 	def self.open(target)
 		ptrace = new(target)
 		return ptrace if not block_given?
-		ret = yield ptrace
-		ptrace.detach
-		ret
+		begin
+			yield ptrace
+		ensure
+			ptrace.detach
+		end
 	end
 	# calls PTRACE_TRACEME on the current (ruby) process
@@ -28,41 +31,65 @@ class PTrace
 	# values for do_attach:
 	#  :create => always fork+traceme+exec+wait
 	#  :attach => always attach
-	#  false/nil => same as attach, without actually calling PT_ATTACH (usefull if we're already tracing pid)
-	#  anything else: try to attach if pid is numeric (using Integer()), else create
-	def initialize(target, do_attach=true)
-		begin
-			raise ArgumentError if do_attach == :create
+	#  false/nil => same as attach, without actually calling PT_ATTACH (useful when the ruby process is already tracing pid)
+	#  default/anything else: try to attach if pid is numeric, else create
+	def initialize(target, do_attach=true, &b)
+		case do_attach
+		when :create
+			init_create(target, &b)
+		when :attach
+			init_attach(target)
+		when :dup
+			raise ArgumentError unless target.kind_of?(PTrace)
+			@pid = target.pid
+			tweak_for_pid(@pid, target.tgcpu)		# avoid re-parsing /proc/self/exe
+		when nil, false
 			@pid = Integer(target)
 			tweak_for_pid(@pid)
-			return if not do_attach
-			attach
-		rescue ArgumentError, TypeError
-			raise if do_attach == :attach or not do_attach
-			did_exec = true
-			if not @pid = fork
-				tweak_for_pid(::Process.pid)
-				traceme
-				::Process.exec(*target)
-				exit!(0)
-			end
+		else
+			t = begin; Integer(target)
+			    rescue ArgumentError, TypeError
+			    end
+			t ? init_attach(t) : init_create(target, &b)
 		end
+	end
+	def init_attach(target)
+		@pid = Integer(target)
+		tweak_for_pid(@pid)
+		attach
 		wait
-		raise "could not exec #{target}" if $?.exited?
-		tweak_for_pid(@pid) if did_exec
 		puts "Ptrace: attached to #@pid" if $DEBUG
 	end
+	def init_create(target, &b)
+		if not @pid = ::Process.fork
+			tweak_for_pid(::Process.pid)
+			traceme
+			b.call if b
+			::Process.exec(*target)
+			exit!(0)
+		end
+		wait
+		raise "could not exec #{target}" if $?.exited?
+		tweak_for_pid(@pid)
+		puts "Ptrace: attached to new #@pid" if $DEBUG
+	end
 	def wait
 		::Process.wait(@pid, ::Process::WALL)
 	end
 	attr_accessor :reg_off, :intsize, :syscallnr, :syscallreg
 	attr_accessor :packint, :packuint, :host_intsize, :host_syscallnr
-	# setup the variables according to the target
-	def tweak_for_pid(pid=@pid)
+	attr_accessor :tgcpu
+	@@sys_ptrace = {}
+	# setup variables according to the target (ptrace interface, syscall nrs, ...)
+	def tweak_for_pid(pid=@pid, tgcpu=nil)
 		# use these for our syscalls PTRACE
-		case LinOS.open_process(::Process.pid).cpu.shortname
+		@@host_csn ||= LinOS.open_process(::Process.pid).cpu.shortname
+		case @@host_csn
 		when 'ia32'
 			@packint = 'l'
 			@packuint = 'L'
@@ -78,9 +105,9 @@ class PTrace
 		else raise 'unsupported architecture'
 		end
+		@tgcpu = tgcpu || LinOS.open_process(pid).cpu
 		# use these to interpret the child state
-		tgcpu = LinOS.open_process(pid).cpu
-		case tgcpu.shortname
+		case @tgcpu.shortname
 		when 'ia32'
 			@syscallreg = 'ORIG_EAX'
 			@syscallnr = SYSCALLNR_I386
@@ -92,13 +119,53 @@ class PTrace
 		else raise 'unsupported target architecture'
 		end
-		cp = tgcpu.new_cparser
-		cp.parse SIGINFO_C
-		@siginfo = cp.alloc_c_struct('siginfo')
 		# buffer used in ptrace syscalls
 		@buf = [0].pack(@packint)
-		@bufptr = str_ptr(@buf)
+		@sys_ptrace = @@sys_ptrace[@host_syscallnr['ptrace']] ||= setup_sys_ptrace(@host_syscallnr['ptrace'])
+	end
+	def setup_sys_ptrace(sysnr)
+		moo = Class.new(DynLdr)
+		case @@host_csn
+		when 'ia32'
+			# XXX compat lin2.4 ?
+			asm = <<EOS
+#define off 3*4
+push ebx
+push esi
+mov eax, #{sysnr}
+mov ebx, [esp+off]
+mov ecx, [esp+off+4]
+mov edx, [esp+off+8]
+mov esi, [esp+off+12]
+call gs:[10h]
+pop esi
+pop ebx
+ret
+EOS
+		when 'x64'
+			asm = <<EOS
+#define off 3*8
+mov rax, #{sysnr}
+//mov rdi, rdi
+//mov rsi, rdi
+//mov rdx, rdx
+mov r10, rcx
+syscall
+ret
+EOS
+		else raise 'unsupported target architecture'
+		end
+		moo.new_func_asm 'long ptrace(unsigned long, unsigned long, unsigned long, unsigned long)', asm
+		moo
+	end
+	def host_csn; @@host_csn end
+	def dup
+		self.class.new(self, :dup)
 	end
 	def str_ptr(str)
@@ -130,6 +197,7 @@ class PTrace
 	end
 	def writemem(off, str)
+		str.force_encoding('binary') if str.respond_to?(:force_encoding)
 		decal = off % @host_intsize
 		if decal > 0
 			off -= decal
@@ -146,29 +214,30 @@ class PTrace
 			pokedata(off+i, str[i, @host_intsize])
 			i += @host_intsize
 		end
+		true
 	end
 	# linux/ptrace.h
 	COMMAND = {
-		'TRACEME'         =>   0, 'PEEKTEXT'        =>   1,
-		'PEEKDATA'        =>   2, 'PEEKUSR'         =>   3,
-		'POKETEXT'        =>   4, 'POKEDATA'        =>   5,
-		'POKEUSR'         =>   6, 'CONT'            =>   7,
-		'KILL'            =>   8, 'SINGLESTEP'      =>   9,
-		'ATTACH'          =>  16, 'DETACH'          =>  17,
-		'SYSCALL'         =>  24,
+		:TRACEME         =>   0, :PEEKTEXT        =>   1,
+		:PEEKDATA        =>   2, :PEEKUSR         =>   3,
+		:POKETEXT        =>   4, :POKEDATA        =>   5,
+		:POKEUSR         =>   6, :CONT            =>   7,
+		:KILL            =>   8, :SINGLESTEP      =>   9,
+		:ATTACH          =>  16, :DETACH          =>  17,
+		:SYSCALL         =>  24,
 		# arch/x86/include/ptrace-abi.h
-		'GETREGS'         =>  12, 'SETREGS'         =>  13,
-		'GETFPREGS'       =>  14, 'SETFPREGS'       =>  15,
-		'GETFPXREGS'      =>  18, 'SETFPXREGS'      =>  19,
-		'OLDSETOPTIONS'   =>  21, 'GET_THREAD_AREA' =>  25,
-		'SET_THREAD_AREA' =>  26, 'ARCH_PRCTL'      =>  30,
-		'SYSEMU'          =>  31, 'SYSEMU_SINGLESTEP'=> 32,
-		'SINGLEBLOCK'     =>  33,
+		:GETREGS         =>  12, :SETREGS         =>  13,
+		:GETFPREGS       =>  14, :SETFPREGS       =>  15,
+		:GETFPXREGS      =>  18, :SETFPXREGS      =>  19,
+		:OLDSETOPTIONS   =>  21, :GET_THREAD_AREA =>  25,
+		:SET_THREAD_AREA =>  26, :ARCH_PRCTL      =>  30,
+		:SYSEMU          =>  31, :SYSEMU_SINGLESTEP=> 32,
+		:SINGLEBLOCK     =>  33,
 		# 0x4200-0x4300 are reserved for architecture-independent additions.
-		'SETOPTIONS'      => 0x4200, 'GETEVENTMSG'   => 0x4201,
-		'GETSIGINFO'      => 0x4202, 'SETSIGINFO'    => 0x4203
+		:SETOPTIONS      => 0x4200, :GETEVENTMSG   => 0x4201,
+		:GETSIGINFO      => 0x4202, :SETSIGINFO    => 0x4203
 	}
 	OPTIONS = {
@@ -176,14 +245,15 @@ class PTrace
 		'TRACESYSGOOD'  => 0x01, 'TRACEFORK'     => 0x02,
 		'TRACEVFORK'    => 0x04, 'TRACECLONE'    => 0x08,
 		'TRACEEXEC'     => 0x10, 'TRACEVFORKDONE'=> 0x20,
-		'TRACEEXIT'     => 0x40
+		'TRACEEXIT'     => 0x40, 'TRACESECCOMP'  => 0x80,
 	}
 	WAIT_EXTENDEDRESULT = {
 		# Wait extended result codes for the above trace options.
 		'EVENT_FORK'       => 1, 'EVENT_VFORK'      => 2,
 		'EVENT_CLONE'      => 3, 'EVENT_EXEC'       => 4,
-		'EVENT_VFORK_DONE' => 5, 'EVENT_EXIT'       => 6
+		'EVENT_VFORK_DONE' => 5, 'EVENT_EXIT'       => 6,
+		'EVENT_SECCOMP'    => 7,
 	}
 	WAIT_EXTENDEDRESULT.update WAIT_EXTENDEDRESULT.invert
@@ -261,10 +331,10 @@ class PTrace
 		mknodat  fchownat  futimesat  fstatat64  unlinkat  renameat  linkat  symlinkat  readlinkat  fchmodat
 		faccessat pselect6 ppoll unshare set_robust_list get_robust_list splice sync_file_range tee vmsplice
 		move_pages   getcpu  epoll_pwait  utimensat   signalfd  timerfd  eventfd  fallocate  timerfd_settime
-	       	timerfd_gettime  signalfd4   eventfd2  epoll_create1   dup3   pipe2  inotify_init1   preadv  pwritev
+		timerfd_gettime  signalfd4   eventfd2  epoll_create1   dup3   pipe2  inotify_init1   preadv  pwritev
 		rt_tg_sigqueueinfo perf_counter_open].inject({}) { |h, sc| h.update sc => h.length }
 	SYSCALLNR_I386.update SYSCALLNR_I386.invert
 	SYSCALLNR_X86_64 = %w[read write open close stat fstat lstat poll lseek mmap mprotect munmap brk rt_sigaction
 		rt_sigprocmask  rt_sigreturn ioctl  pread64 pwrite64  readv  writev access  pipe select  sched_yield
 		mremap  msync  mincore  madvise  shmget  shmat  shmctl dup  dup2  pause  nanosleep  getitimer  alarm
@@ -341,7 +411,7 @@ typedef unsigned __int32 __uid_t;
 typedef uintptr_t sigval_t;
 typedef long __clock_t;
-typedef struct siginfo {
+struct siginfo {
     int si_signo;
     int si_errno;
     int si_code;
@@ -377,138 +447,162 @@ typedef struct siginfo {
             long int si_band;	/* Band event for SIGPOLL.  */
             int si_fd;
         } _sigpoll;
+        struct {                /* SIGSYS under SECCOMP */
+            uintptr_t si_calladdr; /* calling insn address */
+            int si_syscall;     /* triggering syscall nr */
+            int si_arch;        /* AUDIT_ARCH_* for syscall */
+        } _sigsys;
     };
-} siginfo_t;
+};
 EOS
 	def sys_ptrace(req, pid, addr, data)
-		data = str_ptr(data) if data.kind_of?(String)
-		addr = [addr].pack(@packint).unpack(@packint).first
-		data = [data].pack(@packint).unpack(@packint).first
-		Kernel.syscall(@host_syscallnr['ptrace'], req, pid, addr, data)
+		ret = @sys_ptrace.ptrace(req, pid, addr, data)
+		if ret < 0 and ret > -256
+			raise SystemCallError.new("ptrace #{COMMAND.index(req) || req}", -ret)
+		end
+		ret
 	end
 	def traceme
-		sys_ptrace(COMMAND['TRACEME'], 0, 0, 0)
+		sys_ptrace(COMMAND[:TRACEME], 0, 0, 0)
 	end
 	def peektext(addr)
-		sys_ptrace(COMMAND['PEEKTEXT'], @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:PEEKTEXT], @pid, addr, @buf)
 		@buf
 	end
 	def peekdata(addr)
-		sys_ptrace(COMMAND['PEEKDATA'], @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:PEEKDATA], @pid, addr, @buf)
 		@buf
 	end
 	def peekusr(addr)
-		sys_ptrace(COMMAND['PEEKUSR'],  @pid, @host_intsize*addr, @bufptr)
-		bufval & ((1 << ([@host_intsize, @intsize].min*8)) - 1)
+		sys_ptrace(COMMAND[:PEEKUSR],  @pid, @host_intsize*addr, @buf)
+		@peekmask ||= (1 << ([@host_intsize, @intsize].min*8)) - 1
+		bufval & @peekmask
 	end
 	def poketext(addr, data)
-		sys_ptrace(COMMAND['POKETEXT'], @pid, addr, data.unpack(@packint).first)
+		sys_ptrace(COMMAND[:POKETEXT], @pid, addr, data.unpack(@packint).first)
 	end
 	def pokedata(addr, data)
-		sys_ptrace(COMMAND['POKEDATA'], @pid, addr, data.unpack(@packint).first)
+		sys_ptrace(COMMAND[:POKEDATA], @pid, addr, data.unpack(@packint).first)
 	end
 	def pokeusr(addr, data)
-		sys_ptrace(COMMAND['POKEUSR'],  @pid, @host_intsize*addr, data)
+		sys_ptrace(COMMAND[:POKEUSR],  @pid, @host_intsize*addr, data)
 	end
 	def getregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)	# AllocCStruct
 		buf ||= [0].pack('C')*512
-		sys_ptrace(COMMAND['GETREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETREGS], @pid, 0, buf)
 		buf
 	end
 	def setregs(buf)
-		sys_ptrace(COMMAND['SETREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETREGS], @pid, 0, buf)
 	end
 	def getfpregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)
 		buf ||= [0].pack('C')*1024
-		sys_ptrace(COMMAND['GETFPREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETFPREGS], @pid, 0, buf)
 		buf
 	end
 	def setfpregs(buf)
-		sys_ptrace(COMMAND['SETFPREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETFPREGS], @pid, 0, buf)
 	end
 	def getfpxregs(buf=nil)
+		buf = buf.str if buf.respond_to?(:str)
 		buf ||= [0].pack('C')*512
-		sys_ptrace(COMMAND['GETFPXREGS'], @pid, 0, buf)
+		sys_ptrace(COMMAND[:GETFPXREGS], @pid, 0, buf)
 		buf
 	end
 	def setfpxregs(buf)
-		sys_ptrace(COMMAND['SETFPXREGS'], @pid, 0, buf)
+		buf = buf.str if buf.respond_to?(:str)
+		sys_ptrace(COMMAND[:SETFPXREGS], @pid, 0, buf)
 	end
 	def get_thread_area(addr)
-		sys_ptrace(COMMAND['GET_THREAD_AREA'],  @pid, addr, @bufptr)
+		sys_ptrace(COMMAND[:GET_THREAD_AREA],  @pid, addr, @buf)
 		bufval
 	end
 	def set_thread_area(addr, data)
-		sys_ptrace(COMMAND['SET_THREAD_AREA'],  @pid, addr, data)
+		sys_ptrace(COMMAND[:SET_THREAD_AREA],  @pid, addr, data)
 	end
 	def prctl(addr, data)
-		sys_ptrace(COMMAND['ARCH_PRCTL'], @pid, addr, data)
+		sys_ptrace(COMMAND[:ARCH_PRCTL], @pid, addr, data)
 	end
 	def cont(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['CONT'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:CONT], @pid, 0, sig)
 	end
 	def kill
-		sys_ptrace(COMMAND['KILL'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:KILL], @pid, 0, 0)
 	end
 	def singlestep(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SINGLESTEP'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SINGLESTEP], @pid, 0, sig)
 	end
 	def singleblock(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SINGLEBLOCK'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SINGLEBLOCK], @pid, 0, sig)
 	end
 	def syscall(sig = nil)
 		sig ||= 0
-		sys_ptrace(COMMAND['SYSCALL'], @pid, 0, sig)
+		sys_ptrace(COMMAND[:SYSCALL], @pid, 0, sig)
 	end
 	def attach
-		sys_ptrace(COMMAND['ATTACH'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:ATTACH], @pid, 0, 0)
 	end
 	def detach
-		sys_ptrace(COMMAND['DETACH'], @pid, 0, 0)
+		sys_ptrace(COMMAND[:DETACH], @pid, 0, 0)
 	end
 	def setoptions(*opt)
 		opt = opt.inject(0) { |b, o| b |= o.kind_of?(Integer) ? o : OPTIONS[o] }
-		sys_ptrace(COMMAND['SETOPTIONS'], @pid, 0, opt)
+		sys_ptrace(COMMAND[:SETOPTIONS], @pid, 0, opt)
 	end
 	# retrieve pid of cld for EVENT_CLONE/FORK, exitcode for EVENT_EXIT
 	def geteventmsg
-		sys_ptrace(COMMAND['GETEVENTMSG'], @pid, 0, @bufptr)
+		sys_ptrace(COMMAND[:GETEVENTMSG], @pid, 0, @buf)
 		bufval
 	end
+	def cp
+		@cp ||= @tgcpu.new_cparser
+	end
+	def siginfo
+		@siginfo ||= (
+			cp.parse SIGINFO_C if not cp.toplevel.struct['siginfo']
+			cp.alloc_c_struct('siginfo')
+		)
+	end
 	def getsiginfo
-		sys_ptrace(COMMAND['GETSIGINFO'], @pid, 0, @siginfo.str)
-		@siginfo
+		sys_ptrace(COMMAND[:GETSIGINFO], @pid, 0, siginfo.str)
+		siginfo
 	end
-	def setsiginfo(si=@siginfo)
+	def setsiginfo(si=siginfo)
 		si = si.str if si.respond_to?(:str)
-		sys_ptrace(COMMAND['SETSIGINFO'], @pid, 0, si)
+		sys_ptrace(COMMAND[:SETSIGINFO], @pid, 0, si)
 	end
 end
@@ -562,7 +656,7 @@ class LinOS < OS
 		# read from /proc/pid/task/
 		def threads
 			Dir.entries("/proc/#{pid}/task/").grep(/^\d+$/).map { |tid| tid.to_i }
-	       	rescue
+		rescue
 			# TODO handle pthread stuff (eg 2.4 kernels)
 			[pid]
 		end
@@ -641,11 +735,29 @@ class LinuxRemoteString < VirtualString
 		self.class.new(@pid, addr, len, dbg)
 	end
-	def do_ptrace
+	def do_ptrace(needproc)
 		if dbg
 			dbg.switch_context(@pid) {
-				# XXX tid ?
-				yield dbg.ptrace if dbg.state == :stopped
+				st = dbg.state
+				next if st != :stopped
+				if needproc
+					# we will try to access /proc/pid/mem
+					# if the main thread is still running, fallback to ptrace.readmem instead
+					pst = (dbg.tid == @pid ? st : dbg.tid_stuff[@pid][:state])
+					if pst != :stopped
+						savedreadfd = @readfd
+						@readfd = nil
+						begin
+							yield dbg.ptrace
+						ensure
+							@readfd = savedreadfd
+						end
+					else
+						yield dbg.ptrace
+					end
+				else
+					yield dbg.ptrace
+				end
 			}
 		else
 			PTrace.open(@pid) { |ptrace| yield ptrace }
@@ -654,11 +766,12 @@ class LinuxRemoteString < VirtualString
 	def rewrite_at(addr, data)
 		# target must be stopped
-		do_ptrace { |ptrace| ptrace.writemem(addr, data) }
+		wr = do_ptrace(false) { |ptrace| ptrace.writemem(addr, data) }
+		raise "couldn't ptrace_write at #{'%x' % addr}" if not wr
 	end
 	def get_page(addr, len=@pagelength)
-		do_ptrace { |ptrace|
+		do_ptrace(true) { |ptrace|
 			begin
 				if readfd and addr < (1<<63)
 					# 1<<63: ruby seek = 'too big to fit longlong', linux read = EINVAL
@@ -675,6 +788,305 @@ class LinuxRemoteString < VirtualString
 	end
 end
+class PTraceContext_Ia32 < PTrace
+	C_STRUCT = <<EOS
+struct user_regs_struct_ia32 {
+	unsigned __int32 ebx;
+	unsigned __int32 ecx;
+	unsigned __int32 edx;
+	unsigned __int32 esi;
+	unsigned __int32 edi;
+	unsigned __int32 ebp;
+	unsigned __int32 eax;
+	unsigned __int32 ds;
+	unsigned __int32 es;
+	unsigned __int32 fs;
+	unsigned __int32 gs;
+	unsigned __int32 orig_eax;
+	unsigned __int32 eip;
+	unsigned __int32 cs;
+	unsigned __int32 eflags;
+	unsigned __int32 esp;
+	unsigned __int32 ss;
+};
+struct user_fxsr_struct_ia32 {
+	unsigned __int16 cwd;
+	unsigned __int16 swd;
+	unsigned __int16 twd;
+	unsigned __int16 fop;
+	unsigned __int32 fip;
+	unsigned __int32 fcs;
+	unsigned __int32 foo;
+	unsigned __int32 fos;
+	unsigned __int32 mxcsr;
+	unsigned __int32 reserved;
+	unsigned __int32 st_space[32];   /* 8*16 bytes for each FP-reg = 128 bytes */
+	unsigned __int32 xmm_space[32];  /* 8*16 bytes for each XMM-reg = 128 bytes */
+	unsigned __int32 padding[56];
+};
+EOS
+	def initialize(ptrace, pid=ptrace.pid)
+		super(ptrace, :dup)
+		@pid = pid
+		@cp = ptrace.cp
+		init
+	end
+	def init
+		@gpr = @@gpr_ia32 ||= [:ebx, :ecx, :edx, :esi, :edi, :ebp, :eax,
+			:ds, :es, :fs, :gs, :orig_eax, :eip, :cs, :eflags,
+			:esp, :ss].inject({}) { |h, r| h.update r => true }
+		@gpr_peek = @@gpr_peek_ia32 ||= (0..7).inject({}) { |h, i|
+			h.update "dr#{i}".to_sym => REGS_I386["DR#{i}"] }
+		@gpr_sub = @@gpr_sub_ia32 ||= gpr_sub_init
+		@xmm = @@xmm_ia32 ||= [:cwd, :swd, :twd, :fop, :fip, :fcs, :foo,
+			:fos, :mxcsr].inject({}) { |h, r| h.update r => true }
+		@cp.parse C_STRUCT if not @cp.toplevel.struct['user_regs_struct_ia32']
+		@gpr_st = @xmm_st = nil
+	end
+	# :bh => [:ebx, 0xff, 8]
+	# XXX similar to Reg.symbolic... DRY
+	def gpr_sub_init
+		ret = {}
+		%w[a b c d].each { |r|
+			b = "e#{r}x".to_sym
+			ret["#{r}x".to_sym] = [b, 0xffff]
+			ret["#{r}l".to_sym] = [b, 0xff]
+			ret["#{r}h".to_sym] = [b, 0xff, 8]
+		}
+		%w[sp bp si di].each { |r|
+			b = "e#{r}".to_sym
+			ret[r.to_sym] = [b, 0xffff]
+		}
+		ret[:orig_rax] = [:orig_eax, 0xffff_ffff]
+		ret
+	end
+	def do_getregs
+		st = cp.alloc_c_struct('user_regs_struct_ia32')
+		getregs(st)
+		st
+	end
+	def do_setregs(st=@gpr_st)
+		setregs(st)
+	end
+	def do_getxmm
+		st = cp.alloc_c_struct('user_fxsr_struct_ia32')
+		getfpxregs(st)
+		st
+	end
+	def do_setxmm(st=@xmm_st)
+		setfpxregs(st)
+	end
+	def get_reg(r)
+		r = r.downcase if r == 'ORIG_EAX' or r == 'ORIG_RAX'
+		rs = r.to_sym
+		if @gpr[rs]
+			@gpr_st ||= do_getregs
+			@gpr_st[rs]
+		elsif o = @gpr_peek[rs]
+			peekusr(o)
+		elsif o = @gpr_sub[rs]
+			v = get_reg(o[0])
+			v >>= o[2] if o[2]
+			v &= o[1]
+		elsif @xmm[rs]
+			@xmm_st ||= do_getxmm
+			@xmm_st[rs]
+		else
+			case r.to_s
+			when /^st(\d?)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				[fu[4*i], fu[4*i+1], fu[4*i+2]].pack('L*').unpack('D').first	# XXX
+			when /^mmx?(\d)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i] | (fu[4*i + 1] << 32)
+			when /^xmm(\d+)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.xmm_space
+				fu[4*i] | (fu[4*i + 1] << 32) | (fu[4*i + 2] << 64) | (fu[4*i + 3] << 96)
+			# TODO when /^ymm(\d+)$/i
+			else raise "unknown register name #{r}"
+			end
+		end
+	end
+	def set_reg(r, v)
+		r = r.downcase if r == 'ORIG_EAX' or r == 'ORIG_RAX'
+		rs = r.to_sym
+		if @gpr[rs]
+			@gpr_st ||= do_getregs
+			@gpr_st[rs] = v
+			do_setregs
+		elsif o = @gpr_peek[rs]
+			pokeusr(o, v)
+		elsif o = @gpr_sub[rs]
+			vo = get_reg(o[0])
+			msk = o[1]
+			v &= o[1]
+			if o[2]
+				msk <<= o[2]
+				v <<= o[2]
+			end
+			v |= vo & ~msk
+			set_reg(o[0], v)
+		elsif @xmm[rs]
+			@xmm_st ||= do_getxmm
+			@xmm_st[rs] = v
+			do_setxmm
+		else
+			case r.to_s
+			when /^st(\d?)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i], fu[4*i+1], fu[4*i+2] = [v, -1].pack('DL').unpack('L*')	# XXX
+				do_setxmm
+			when /^mmx?(\d)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.st_space
+				fu[4*i] = v & 0xffff_ffff
+				fu[4*i + 1] = (v >> 32) & 0xffff_ffff
+				do_setxmm
+			when /^xmm(\d+)$/i
+				i = $1.to_i
+				@xmm_st ||= do_getxmm
+				fu = @xmm_st.xmm_space
+				fu[4*i] = v & 0xffff_ffff
+				fu[4*i + 1] = (v >> 32) & 0xffff_ffff
+				fu[4*i + 2] = (v >> 64) & 0xffff_ffff
+				fu[4*i + 3] = (v >> 96) & 0xffff_ffff
+				do_setxmm
+			# TODO when /^ymm(\d+)$/i
+			else raise "unknown register name #{r}"
+			end
+		end
+	end
+end
+class PTraceContext_X64 < PTraceContext_Ia32
+	C_STRUCT = <<EOS
+struct user_regs_struct_x64 {
+	unsigned __int64 r15;
+	unsigned __int64 r14;
+	unsigned __int64 r13;
+	unsigned __int64 r12;
+	unsigned __int64 rbp;
+	unsigned __int64 rbx;
+	unsigned __int64 r11;
+	unsigned __int64 r10;
+	unsigned __int64 r9;
+	unsigned __int64 r8;
+	unsigned __int64 rax;
+	unsigned __int64 rcx;
+	unsigned __int64 rdx;
+	unsigned __int64 rsi;
+	unsigned __int64 rdi;
+	unsigned __int64 orig_rax;
+	unsigned __int64 rip;
+	unsigned __int64 cs;
+	unsigned __int64 rflags;
+	unsigned __int64 rsp;
+	unsigned __int64 ss;
+	unsigned __int64 fs_base;
+	unsigned __int64 gs_base;
+	unsigned __int64 ds;
+	unsigned __int64 es;
+	unsigned __int64 fs;
+	unsigned __int64 gs;
+};
+struct user_i387_struct_x64 {
+	unsigned __int16 cwd;
+	unsigned __int16 swd;
+	unsigned __int16 twd;    /* Note this is not the same as the 32bit/x87/FSAVE twd */
+	unsigned __int16 fop;
+	unsigned __int64 rip;
+	unsigned __int64 rdp;
+	unsigned __int32 mxcsr;
+	unsigned __int32 mxcsr_mask;
+	unsigned __int32 st_space[32];   /* 8*16 bytes for each FP-reg = 128 bytes */
+	unsigned __int32 xmm_space[64];  /* 16*16 bytes for each XMM-reg = 256 bytes */
+	unsigned __int32 padding[24];
+	// YMM ?
+};
+EOS
+	def init
+		@gpr = @@gpr_x64 ||= [:r15, :r14, :r13, :r12, :rbp, :rbx, :r11,
+			:r10, :r9, :r8, :rax, :rcx, :rdx, :rsi, :rdi, :orig_rax,
+			:rip, :cs, :rflags, :rsp, :ss, :fs_base, :gs_base, :ds,
+			:es, :fs, :gs].inject({}) { |h, r| h.update r => true }
+		@gpr_peek = @@gpr_peek_x64 ||= (0..7).inject({}) { |h, i|
+			h.update "dr#{i}".to_sym => REGS_X86_64["DR#{i}"] }
+		@gpr_sub = @@gpr_sub_x64 ||= gpr_sub_init
+		@xmm = @@xmm_x64 ||= [:cwd, :swd, :twd, :fop, :rip, :rdp, :mxcsr,
+			:mxcsr_mask].inject({}) { |h, r| h.update r => true }
+		@cp.parse C_STRUCT if not @cp.toplevel.struct['user_regs_struct_x64']
+		@gpr_st = @xmm_st = nil
+	end
+	def gpr_sub_init
+		ret = {}
+		%w[a b c d].each { |r|
+			b = "r#{r}x".to_sym
+			ret["e#{r}x".to_sym] = [b, 0xffff_ffff]
+			ret[ "#{r}x".to_sym] = [b, 0xffff]
+			ret[ "#{r}l".to_sym] = [b, 0xff]
+			ret[ "#{r}h".to_sym] = [b, 0xff, 8]
+		}
+		%w[sp bp si di].each { |r|
+			b = "r#{r}".to_sym
+			ret["e#{r}".to_sym] = [b, 0xffff_ffff]
+			ret[ "#{r}".to_sym] = [b, 0xffff]
+			ret["#{r}l".to_sym] = [b, 0xff]
+		}
+		(8..15).each { |i|
+			b = "r#{i}".to_sym
+			ret["r#{i}d"] = [b, 0xffff_ffff]
+			ret["r#{i}w"] = [b, 0xffff]
+			ret["r#{i}b"] = [b, 0xff]
+		}
+		ret[:eip] = [:rip, 0xffff_ffff]
+		ret[:eflags] = [:rflags, 0xffff_ffff]
+		ret[:orig_eax] = [:orig_rax, 0xffff_ffff]
+		ret
+	end
+	def do_getregs
+		st = cp.alloc_c_struct('user_regs_struct_x64')
+		getregs(st)
+		st
+	end
+	def do_setregs(st=@gpr_st)
+		setregs(st)
+	end
+	def do_getxmm
+		st = cp.alloc_c_struct('user_i387_struct_x64')
+		getfpregs(st)
+		st
+	end
+	def do_setxmm(st=@xmm_st)
+		setfpregs(st)
+	end
+end
 module ::Process
 	WALL   = 0x40000000 if not defined? WALL
 	WCLONE = 0x80000000 if not defined? WCLONE
@@ -683,10 +1095,10 @@ end
 # this class implements a high-level API over the ptrace debugging primitives
 class LinDebugger < Debugger
 	# ptrace is per-process or per-thread ?
-	attr_accessor :ptrace, :continuesignal, :has_pax_mprotect, :target_syscall
+	attr_accessor :ptrace, :continuesignal, :has_pax_mprotect, :target_syscall, :cached_waitpid
 	attr_accessor :callback_syscall, :callback_branch, :callback_exec
-	def initialize(pidpath=nil)
+	def initialize(pidpath=nil, &b)
 		super()
 		@pid_stuff_list << :has_pax_mprotect << :ptrace	<< :breaking << :os_process
 		@tid_stuff_list << :continuesignal << :saved_csig << :ctx << :target_syscall
@@ -696,15 +1108,14 @@ class LinDebugger < Debugger
 		@callback_syscall = lambda { |i| log "syscall #{i[:syscall]}" }
 		@callback_exec = lambda { |i| log "execve #{os_process.path}" }
+		@cached_waitpid = []
 		return if not pidpath
-		begin
-			pid = Integer(pidpath)
-			attach(pid)
-		rescue ArgumentError
-			create_process(pidpath)
-		end
+		t = begin; Integer(pidpath)
+		    rescue ArgumentError, TypeError
+		    end
+		t ? attach(t) : create_process(pidpath, &b)
 	end
 	def shortname; 'lindbg'; end
@@ -715,11 +1126,18 @@ class LinDebugger < Debugger
 		set_context(pt.pid, pt.pid)	# swapout+init_newpid
 		log "attached #@pid"
 		list_threads.each { |tid| attach_thread(tid) if tid != @pid }
+		set_tid @pid
 	end
 	# create a process and debug it
-	def create_process(path)
-		pt = PTrace.new(path, :create)
+	# if given a block, the block is run in the context of the ruby subprocess
+	# after the fork() and before exec()ing the target binary
+	# you can use it to eg tweak file descriptors:
+	#  tg_stdin_r, tg_stdin_w = IO.pipe
+	#  create_process('/bin/cat') { tg_stdin_w.close ; $stdin.reopen(tg_stdin_r) }
+	#  tg_stdin_w.write 'lol'
+	def create_process(path, &b)
+		pt = PTrace.new(path, :create, &b)
 		# TODO save path, allow restart etc
 		set_context(pt.pid, pt.pid)	# swapout+init_newpid
 		log "attached #@pid"
@@ -727,10 +1145,10 @@ class LinDebugger < Debugger
 	def initialize_cpu
 		@cpu = os_process.cpu
-		# need to init @ptrace here, before init_dasm calls gui.swapin
+		# need to init @ptrace here, before init_dasm calls gui.swapin	XXX this stinks
 		@ptrace = PTrace.new(@pid, false)
 		if @cpu.size == 64 and @ptrace.reg_off['EAX']
-			hack_64_32
+			hack_x64_32
 		end
 		set_tid @pid
 		set_thread_options
@@ -764,19 +1182,18 @@ class LinDebugger < Debugger
 		os_process.modules
 	end
-	# we're a 32bit process debugging a 64bit target
+	# We're a 32bit process debugging a 64bit target
 	# the ptrace kernel interface we use only allow us a 32bit-like target access
-	# with this we advertize the cpu as having eax..edi registers (the only one we
+	# With this we advertize the cpu as having eax..edi registers (the only one we
 	# can access), while still decoding x64 instructions (whose addr < 4G)
-	def hack_64_32
+	def hack_x64_32
 		log "WARNING: debugging a 64bit process from a 32bit debugger is a very bad idea !"
-		@cpu.instance_eval {
-			ia32 = Ia32.new
-			@dbg_register_pc = ia32.dbg_register_pc
-			@dbg_register_flags = ia32.dbg_register_flags
-			@dbg_register_list = ia32.dbg_register_list
-			@dbg_register_size = ia32.dbg_register_size
-		}
+		ia32 = Ia32.new
+		@cpu.instance_variable_set('@dbg_register_pc', ia32.dbg_register_pc)
+		@cpu.instance_variable_set('@dbg_register_sp', ia32.dbg_register_sp)
+		@cpu.instance_variable_set('@dbg_register_flags', ia32.dbg_register_flags)
+		@cpu.instance_variable_set('@dbg_register_list', ia32.dbg_register_list)
+		@cpu.instance_variable_set('@dbg_register_size', ia32.dbg_register_size)
 	end
 	# attach a thread of the current process
@@ -784,9 +1201,16 @@ class LinDebugger < Debugger
 		set_tid tid
 		@ptrace.pid = tid
 		@ptrace.attach
-		@state = :stopped	# no need to wait()
+		@state = :stopped
+		# store this waitpid so that we can return it in a future check_target
+		::Process.waitpid(tid, ::Process::WALL)
+		# XXX can $? be safely stored?
+		@cached_waitpid << [tid, $?.dup]
 		log "attached thread #{tid}"
 		set_thread_options
+	rescue Errno::ESRCH
+		# raced, thread quitted already
+		del_tid
 	end
 	# set the debugee ptrace options (notify clone/exec/exit, and fork/vfork depending on @trace_children)
@@ -807,27 +1231,23 @@ class LinDebugger < Debugger
 		super()
 	end
-	# a hash of the current thread context
-	# TODO keys = :gpr, :fpu, :xmm, :dr ; val = AllocCStruct
-	# include accessors for st0/xmm12 (@ptrace.getfpregs.unpack etc)
+	# current thread register values accessor
 	def ctx
-		@ctx ||= {}
+		@ctx ||= case @ptrace.host_csn
+			 when 'ia32'; PTraceContext_Ia32.new(@ptrace, @tid)
+			 when 'x64'; PTraceContext_X64.new(@ptrace, @tid)
+			 else raise '8==D'
+			 end
 	end
 	def get_reg_value(r)
-		raise "bad register #{r}" if not k = @ptrace.reg_off[r.to_s.upcase]
-		return ctx[r] || 0 if @state != :stopped
-		@ptrace.pid = @tid
-		ctx[r] ||= @ptrace.peekusr(k)
+		return 0 if @state != :stopped
+		ctx.get_reg(r)
 	rescue Errno::ESRCH
 		0
 	end
 	def set_reg_value(r, v)
-		raise "bad register #{r}" if not k = @ptrace.reg_off[r.to_s.upcase]
-		ctx[r] = v
-		return if @state != :stopped
-		@ptrace.pid = @tid
-		@ptrace.pokeusr(k, v)
+		ctx.set_reg(r, v)
 	end
 	def update_waitpid(status)
@@ -851,14 +1271,14 @@ class LinDebugger < Debugger
 			end
 		elsif status.stopped?
 			sig = status.stopsig & 0x7f
-			signame = PTrace::SIGNAL[sig]
+			signame = PTrace::SIGNAL[sig]
 			if signame == 'TRAP'
 				if status.stopsig & 0x80 > 0
 					# XXX int80 in x64 => syscallnr32 ?
 					evt_syscall info.update(:syscall => @ptrace.syscallnr[get_reg_value(@ptrace.syscallreg)])
 				elsif (status >> 16) > 0
-					case o = PTrace::WAIT_EXTENDEDRESULT[status >> 16]
+					case PTrace::WAIT_EXTENDEDRESULT[status >> 16]
 					when 'EVENT_FORK', 'EVENT_VFORK'
 						# parent notification of a fork
 						# child receives STOP (may have already happened)
@@ -870,6 +1290,7 @@ class LinDebugger < Debugger
 						resume_badbreak
 					when 'EVENT_EXIT'
+						@ptrace.pid = @tid
 						info.update :exitcode => @ptrace.geteventmsg
 						if @tid == @pid
 							evt_endprocess info
@@ -885,6 +1306,7 @@ class LinDebugger < Debugger
 					end
 				else
+					@ptrace.pid = @tid
 					si = @ptrace.getsiginfo
 					case si.si_code
 					when PTrace::SIGINFO['BRKPT'],
@@ -915,6 +1337,7 @@ class LinDebugger < Debugger
 			elsif signame == 'STOP' and @breaking
 				@state = :stopped
 				@info = 'break'
+				@breaking.call if @breaking.kind_of? Proc
 				@breaking = nil
 			else
@@ -923,6 +1346,7 @@ class LinDebugger < Debugger
 				if signame == 'SEGV'
 					# need more data on access violation (for bpm)
 					info.update :type => 'access violation'
+					@ptrace.pid = @tid
 					si = @ptrace.getsiginfo
 					access = case si.si_code
 						 when PTrace::SIGINFO['MAPERR']; :r	# XXX write access to unmapped => ?
@@ -937,36 +1361,53 @@ class LinDebugger < Debugger
 			evt_exception info.update(:type => "unknown wait #{status.inspect}")
 		end
 	end
 	def set_tid_findpid(tid)
 		return if tid == @tid
-		if tid != @pid and pr = list_processes.find { |p| p.threads.include? tid }
-			set_pid pr.pid
+		if tid != @pid and !@tid_stuff[tid]
+			if kv = @pid_stuff.find { |k, v| v[:tid_stuff] and v[:tid_stuff][tid] }
+				set_pid kv[0]
+			elsif pr = list_processes.find { |p| p.threads.include?(tid) }
+				set_pid pr.pid
+			end
 		end
 		set_tid tid
 	end
 	def do_check_target
-		return unless t = ::Process.waitpid(-1, ::Process::WNOHANG | ::Process::WALL)
-		# XXX all threads may have stopped, wait them now ?
+		if @cached_waitpid.empty?
+			t = ::Process.waitpid(-1, ::Process::WNOHANG | ::Process::WALL)
+			st = $?
+		else
+			t, st = @cached_waitpid.shift
+		end
+		return if not t
 		set_tid_findpid t
-		update_waitpid $?
+		update_waitpid st
+		true
 	rescue ::Errno::ECHILD
 	end
 	def do_wait_target
-		t = ::Process.waitpid(-1, ::Process::WALL)
+		if @cached_waitpid.empty?
+			t = ::Process.waitpid(-1, ::Process::WALL)
+			st = $?
+		else
+			t, st = @cached_waitpid.shift
+		end
 		set_tid_findpid t
-		update_waitpid $?
+		update_waitpid st
 	rescue ::Errno::ECHILD
 	end
 	def do_continue
+		@state = :running
 		@ptrace.pid = tid
 		@ptrace.cont(@continuesignal)
 	end
 	def do_singlestep(*a)
+		@state = :running
 		@ptrace.pid = tid
 		@ptrace.singlestep(@continuesignal)
 	end
@@ -975,10 +1416,21 @@ class LinDebugger < Debugger
 	# regexp allowed to wait a specific syscall
 	def syscall(arg=nil)
 		arg = nil if arg and arg.strip == ''
-		return if not check_pre_run(:syscall, arg)
-		@target_syscall = arg
-		@ptrace.pid = @tid
-		@ptrace.syscall(@continuesignal)
+		if b = check_breakpoint_cause and b.hash_shared.find { |bb| bb.state == :active }
+			singlestep_bp(b) {
+				next if not check_pre_run(:syscall, arg)
+				@target_syscall = arg
+				@state = :running
+				@ptrace.pid = @tid
+				@ptrace.syscall(@continuesignal)
+			}
+		else
+			return if not check_pre_run(:syscall, arg)
+			@target_syscall = arg
+			@state = :running
+			@ptrace.pid = @tid
+			@ptrace.syscall(@continuesignal)
+		end
 	end
 	def syscall_wait(*a, &b)
@@ -990,9 +1442,19 @@ class LinDebugger < Debugger
 	def singleblock
 		# record as singlestep to avoid evt_singlestep -> evt_exception
 		# step or block doesn't matter much here anyway
-		return if not check_pre_run(:singlestep)
-		@ptrace.pid = @tid
-		@ptrace.singleblock(@continuesignal)
+		if b = check_breakpoint_cause and b.hash_shared.find { |bb| bb.state == :active }
+			singlestep_bp(b) {
+				next if not check_pre_run(:singlestep)
+				@state = :running
+				@ptrace.pid = @tid
+				@ptrace.singleblock(@continuesignal)
+			}
+		else
+			return if not check_pre_run(:singlestep)
+			@state = :running
+			@ptrace.pid = @tid
+			@ptrace.singleblock(@continuesignal)
+		end
 	end
 	def singleblock_wait(*a, &b)
@@ -1034,8 +1496,8 @@ class LinDebugger < Debugger
 		# calling continue() here will loop back to TRAP+INFO_EXEC
 	end
-	def break
-		@breaking = true
+	def break(&b)
+		@breaking = b || true
 		kill 'STOP'
 	end
@@ -1059,7 +1521,7 @@ class LinDebugger < Debugger
 		when nil, ''; 9
 		when Integer; sig
 		when String
-		       	sig = sig.upcase.sub(/^SIG_?/, '')
+			sig = sig.upcase.sub(/^SIG_?/, '')
 			PTrace::SIGNAL[sig] || Integer(sig)
 		else raise "unhandled signal #{sig.inspect}"
 		end
@@ -1067,10 +1529,25 @@ class LinDebugger < Debugger
 	# stop debugging the current process
 	def detach
+		if @state == :running
+			# must be stopped so we can rm bps
+			self.break { detach }
+			mypid = @pid
+			wait_target
+			# after syscall(), wait will return once for interrupted syscall,
+			# and we need to wait more for the break callback to kick in
+			if @pid == mypid and @state == :stopped and @info =~ /syscall/
+				do_continue
+				check_target
+			end
+			return
+		end
 		del_all_breakpoints
 		each_tid {
 			@ptrace.pid = @tid
-			@ptrace.detach
+			@ptrace.detach rescue nil
 			@delete_thread = true
 		}
 		del_pid