ragweed 0.2.1 → 0.2.2

data/README.rdoc

@@ -20,11 +20,10 @@ Ragweed is supported and has been tested on the following platforms (32bit intel
   Mac OS X 10.6
   Mac OS X 10.5
 
-At this time only Ruby 1.8.x has been tested. We are actively investigating both 64 bit
-support for each platform and support for Ruby 1.9.x. Unfortunately, both of these things
-require significant changes to Ragweed.
+Ragweed works with Ruby 1.8.7, 1.9.1 and 1.9.2 and should work with any Ruby that includes FFI support on 32bit WinXP, Win7, Linux 2.6 and OSX 10.6.
+We are actively investigating 64 bit support for each platform. Unfortunately, this will require significant changes to Ragweed.
 
-* We are currently moving to FFI from ruby/dl. This will likely result in some incompatibilities if you are using the low level functions calls directly. It will also add ffi as a dependency. This move is to facilitate 1.9 and 64bit support.
+* We have completed switching from Ruby/DL to FFI in 0.2.0. There should be no incompatibilities as a result of this switch. Additionally, ragweed may now work on rubies that include FFI support (jruby, ree, rbx), this has not yet been tested.
 
 == FEATURES/PROBLEMS:
 
@@ -33,10 +32,6 @@ require significant changes to Ragweed.
 
 * Work is ongoing to complete and unify the OSX and Linux portions.
 
-* The FFI move is mostly complete. There may be a few changes to some structures to come, but everything should mostly match the C APIs.
-
-* The move to FFI should give us free support for jRuby. This is, however, untested at this time.
-
 * Struct's Nerve[http://github.com/struct/Nerve] is an example of the API we are heading toward
 
 == SYNOPSIS:
@@ -57,4 +52,4 @@ Please see the examples directory for more. There are hit tracers for each platf
 
 == LICENSE:
 
-Copyright 2009/2010 Matasano Security, LLC All Rights Reserved
+Copyright 2009-2011 Matasano Security, LLC All Rights Reserved

data/VERSION

@@ -1 +1 @@
-0.2.1
+0.2.2

data/lib/ragweed/debuggerosx.rb

@@ -217,7 +217,7 @@ class Ragweed::Debuggerosx
     on_attach
     self.hook(opts) if (opts[:hook] and not @hooked)
     self.install_bps if (opts[:install] and not @installed)
-    return r
+    return r.first
   end
 
   # remove breakpoints and release child
@@ -229,7 +229,7 @@ class Ragweed::Debuggerosx
     @attached = false
     on_detach
     self.unhook(opts) if opts[:hook] and @hooked
-    return r
+    return r.first
   end
 
   # get task port for @pid and store in @task so mach calls can be made
@@ -253,14 +253,14 @@ class Ragweed::Debuggerosx
   # resumes thread that has been suspended via thread_suspend
   # thread: thread id of thread to be resumed
   def resume(thread = nil)
-    thread = (thread or self.threads.first)
+    thread ||= self.threads.first)
     Ragweed::Wraposx::thread_resume(thread)
   end
 
   # suspends thread
   # thread: thread id of thread to be suspended
   def suspend(thread = nil)
-    thread = (thread or self.threads.first)
+    thread ||= self.threads.first)
     Ragweed::Wraposx::thread_suspend(thread)
   end
 
@@ -359,16 +359,17 @@ class Ragweed::Debuggerosx
   # returns a Ragweed::Wraposx::ThreadContext object containing the register states
   # thread: thread to get the register state of
   def get_registers(thread=nil)
-    thread = (thread or self.threads.first)
-    Ragweed::Wraposx::ThreadContext.get(thread)
+    thread ||= self.threads.first)
+    Ragweed::Wraposx.thread_get_state(thread, Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE)
   end
 
   # sets the register state of a thread
   # thread: thread id to set registers for
   # regs: Ragweed::Wraposx::ThreadContext object containing the new register state for the thread
   def set_registers(thread, regs)
-    raise "Must supply registers and thread to set" if (not (thread and regs) or not thread.kind_of? Numeric or not regs.kind_of? Ragweed::Wraposx::ThreadContext)
-    regs.set(thread)
+    # XXX - needs updated conditions
+    # raise "Must supply registers and thread to set" if (not (thread and regs) or not thread.kind_of? Numeric or not regs.kind_of? Ragweed::Wraposx::ThreadContext)
+    Ragweed::Wraposx.thread_set_state(thread, regs.class::FLAVOR, regs)
   end
 
   # continue stopped child process.
@@ -400,18 +401,26 @@ class Ragweed::Debuggerosx
   def installed?; @installed; end
 
   def region_info(addr, flavor = :basic)
-    case flavor
+    flav = case flavor
     when :basic
-      return Ragweed::Wraposx::RegionBasicInfo.get(@task, addr)
+      Ragweed::Wraposx::Vm::RegionBasicInfo::FLAVOR
 
     # Extended and Top info flavors are included in case Apple re implements them
     when :extended
-      return Ragweed::Wraposx::RegionExtendedInfo.get(@task, addr)
+      Ragweed::Wraposx::Vm::RegionExtendedInfo::FLAVOR
     when :top
-      return Ragweed::Wraposx::RegionTopInfo.get(@task, addr)
+      Ragweed::Wraposx::Vm::RegionTopInfo::FLAVOR
+    when Integer
+      flavor
     else
       warn "Unknown flavor requested. Returning RegionBasicInfo."
-      return Ragweed::Wraposx::RegionBasicInfo.get(@task, addr)
+      Ragweed::Wraposx::RegionBasicInfo::FLAVOR
+    end
+    
+    if Ragweed::Wraposx.respond_to? :vm_region_64
+      Ragweed::Wraposx.vm_region_64(@task, addr, flav)
+    else
+      Ragweed::Wraposx.vm_region(@task, addr, flav)
     end
   end
 
@@ -428,7 +437,7 @@ class Ragweed::Debuggerosx
             first
         if exact && (rtype == name || purpose == name)
           ret << [saddr, eaddr].map{|x| x.to_i(16)}
-        elsif rtype.match(name) || purpose.match(name)
+        elsif rtype && purpose && (rtype.match(name) || purpose.match(name))
           ret << [saddr, eaddr].map{|x| x.to_i(16)}
         end
       end

data/lib/ragweed/debuggertux.rb

@@ -13,7 +13,7 @@ module Ragweed; end
 ##     that Debuggertux already handles, call "super", too.
 class Ragweed::Debuggertux
   attr_reader :pid, :status, :exited, :signal
-  attr_accessor :breakpoints, :mapped_regions, :process
+  attr_accessor :breakpoints, :mapped_regions, :process, :use_ptrace_for_search
 
   ## Class to handle installing/uninstalling breakpoints
   class Breakpoint
@@ -74,6 +74,7 @@ class Ragweed::Debuggertux
     default_opts(opts)
     @installed = false
     @attached = false
+    @use_ptrace_for_search = false
 
     @mapped_regions = Hash.new
     @breakpoints = Hash.new
@@ -132,7 +133,6 @@ class Ragweed::Debuggertux
   ## value = Size of the region
   def mapped
     @mapped_regions.clear if @mapped_regions
-
     File.open("/proc/#{pid}/maps") do |f|
       f.each_line do |l|
         e = l.split(' ',2).first
@@ -209,9 +209,7 @@ class Ragweed::Debuggertux
           lib = l.split(' ', 6)
           sa = l.split('-', 0)
 
-          if lib[5] =~ /vdso/
-            next
-          end
+          next if lib[5] =~ /vdso/
 
           lib = lib[5].strip
           lib.gsub!(/[\s\n]+/, "")
@@ -229,50 +227,89 @@ class Ragweed::Debuggertux
   end
 
   ## Search a specific page for a value
-  ## Should be used by most of the search_* methods
-  def search_page(base, max, val)
-    loc = Array.new
-
-    while base.to_i < max.to_i
-        r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, @pid, base, 0)
-        if r == val
-            loc.push(base)
+  ## Should be used by most search methods
+  def search_page(base, max, val, &block)
+    loc = []
+    if self.use_ptrace_for_search == true
+        while base.to_i < max.to_i
+            r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, @pid, base, 0)
+            loc << base if r == val
+            base += 4
+            yield loc if block_given?
+        end
+    else
+        sz = max.to_i - base.to_i
+        d = File.new("/proc/#{pid}/mem")
+        d.seek(base.to_i, IO::SEEK_SET)
+        b = d.read(sz)
+        i = 0
+        while(i < sz)
+          if val == b[i,4].unpack('L')
+            loc << base.to_i + i
+            yield(base.to_i + i) if block_given?
+          end
+          i += 4
         end
-        base += 1
+        d.close
     end
 
     loc
   end
 
-  ## Search the heap for a value
-  def search_heap(val)
-    loc = Array.new
+  def search_mem_by_name(name, val, &block)
+    loc = []
     File.open("/proc/#{pid}/maps") do |f|
       f.each_line do |l|
-        if l =~ /\[heap\]/
+        if l =~ /\[#{name}\]/
           s,e = l.split('-')
           e = e.split(' ').first
           s = s.to_i(16)
           e = e.to_i(16)
           sz = e - s
           max = s + sz
-          loc = search_page(s, max, val)
+          loc << search_page(s, max, val, &block)
         end
       end
     end
-    loc
+    loc    
+  end
+
+  def search_mem_by_permission(perm, val, &block)
+    loc = []
+    File.open("/proc/#{pid}/maps") do |f|
+      f.each_line do |l|
+        if l.split(' ')[1] =~ /#{perm}/
+          s,e = l.split('-')
+          e = e.split(' ').first
+          s = s.to_i(16)
+          e = e.to_i(16)
+          sz = e - s
+          max = s + sz
+          loc << search_page(s, max, val, &block)
+        end
+      end
+    end
+    loc    
+  end
+
+  ## Search the heap for a value, returns an array of matches
+  def search_heap(val, &block)
+    search_mem_by_name('heap', &block)
+  end
+
+  ## Search the stack for a value, returns an array of matches
+  def search_stack(val, &block)
+    search_mem_by_name('stack', &block)
   end
 
   ## Search all mapped regions for a value
-  def search_process(val)
-    loc = Array.new
+  def search_process(val, &block)
+    loc = []
     self.mapped
     @mapped_regions.each_pair do |k,v|
-        if k == 0 or v == 0
-            next
-        end
+        next if k == 0 or v == 0
         max = k+v
-        loc.concat(search_page(k, max, val))
+        loc << search_page(k, max, val, &block)
     end
     loc
   end

data/lib/ragweed/wrap32/process_token.rb

@@ -27,6 +27,7 @@ module Ragweed::Wrap32
     ffi_convention :stdcall
     attach_function 'OpenProcess', [ :long, :long, :long ], :long
     attach_function 'OpenProcessToken', [:long, :long, :pointer ], :long
+    attach_function 'TerminateProcess', [:long, :uint], :long
 
     # ffi_lib 'advapi32'
     # ffi_convention :stdcall
@@ -60,6 +61,11 @@ module Ragweed::Wrap32
       outw.read_long_long
     end
   end
+  
+  def terminate_process(handle, exit_code)
+    r = Win.TerminateProcess(handle, exit_code)
+    raise WinX.new(:terminate_process) if r != 0
+  end
 end
 
 class Ragweed::Wrap32::ProcessToken

data/lib/ragweed/wraposx/region_info.rb

@@ -39,6 +39,7 @@ module Ragweed::Wraposx::Vm
   end
 
   class RegionBasicInfo < RegionInfo
+    FLAVOR = Ragweed::Wraposx::Vm::REGION_BASIC_INFO
 
     layout :protection, Ragweed::Wraposx::Libc.find_type(:vm_prot_t),
            :max_protection, Ragweed::Wraposx::Libc.find_type(:vm_prot_t),
@@ -73,6 +74,7 @@ EOM
   end
 
   class RegionBasicInfo64 < RegionInfo
+    FLAVOR = Ragweed::Wraposx::Vm::REGION_BASIC_INFO_64
 
     layout :protection, Ragweed::Wraposx::Libc.find_type(:vm_prot_t),
            :max_protection, Ragweed::Wraposx::Libc.find_type(:vm_prot_t),
@@ -118,6 +120,8 @@ EOM
   #         unsigned char           share_mode;
   # };
   class RegionExtendedInfo < RegionInfo
+    FLAVOR = Ragweed::Wraposx::Vm::REGION_EXTENDED_INFO
+
     layout :protection, Ragweed::Wraposx::Libc.find_type(:vm_prot_t),
            :user_tag, :uint,
            :pages_resident, :uint,
@@ -161,6 +165,8 @@ EOM
   #         unsigned char           share_mode;
   # };
   class RegionTopInfo < RegionInfo
+    FLAVOR = Ragweed::Wraposx::Vm::REGION_TOP_INFO
+
     layout :obj_id, :uint,
            :ref_count, :uint,
            :private_pages_resident, :uint,
@@ -230,9 +236,9 @@ module Ragweed::Wraposx
     def vm_region(task, addr, flavor)
       info = FFI::MemoryPointer.new(Vm::FLAVORS[flavor][:class], 1)
       count = FFI::MemoryPointer.new(:int, 1).write_int(Vm::FLAVORS[flavor][:count])
-      address = FFI::MemoryPointer.new(:vm_address_t, 1).write_ulong(addr)
-      sz = FFI::MemoryPointer.new(:vm_size_t, 1)
-      objn = FFI::MemoryPointer.new(:mach_port_t, 1)
+      address = FFI::MemoryPointer.new(Libc.find_type(:vm_address_t), 1).write_ulong(addr)
+      sz = FFI::MemoryPointer.new(Libc.find_type(:vm_size_t), 1)
+      objn = FFI::MemoryPointer.new(Libc.find_type(:mach_port_t), 1)
       
       r = Libc.vm_region(task, address, sz, flavor, info, count, objn)
       raise KernelCallError.new(:vm_region, r) if r != 0
@@ -258,7 +264,7 @@ module Ragweed::Wraposx
     def vm_region_64(task, addr, flavor)
       # OSX does this as well, so we need to do it ourselves
       flavor = Vm::REGION_BASIC_INFO_64 if flavor == Vm::REGION_BASIC_INFO
-      info = FFI::MemoryPointer.new(:uint8, Vm::FLAVORS[flavor][:size])
+      info = FFI::MemoryPointer.new(Vm::FLAVORS[flavor][:class])
       count = FFI::MemoryPointer.new(Libc.find_type(:mach_msg_type_number_t), 1).write_uint(Vm::FLAVORS[flavor][:count])
       address = FFI::MemoryPointer.new(Libc.find_type(:vm_address_t), 1).write_ulong(addr)
       sz = FFI::MemoryPointer.new(Libc.find_type(:vm_size_t), 1)
@@ -266,8 +272,8 @@ module Ragweed::Wraposx
       
       r = Libc.vm_region_64(task, address, sz, flavor, info, count, objn)
       raise KernelCallError.new(:vm_region_64, r) if r != 0
-      ret = Vm::Flavors[flavor][:class].new info
-      ret.region_size = size.read_ulong
+      ret = Vm::FLAVORS[flavor][:class].new info
+      ret.region_size = sz.read_ulong
       ret.base_address = address.read_ulong
       ret
     end if Libc.find_function "vm_region_64"

data/lib/ragweed/wraposx/thread_context.rb

@@ -34,6 +34,14 @@ module Ragweed::Wraposx::ThreadContext
   I386_FLOAT_STATE      = X86_FLOAT_STATE32
   I386_EXCEPTION_STATE  = X86_EXCEPTION_STATE32
 
+  def self.get(thread, flavor = X86_THREAD_STATE)
+    Ragweed::Wraposx.thread_get_state(thread, flavor)
+  end
+
+  def self.set(thread, state)
+    Ragweed::Wraposx.thread_set_state(thread, state.class::FLAVOR, state)
+  end
+
   # struct x86_state_hdr {
   #         int     flavor;
   #         int     count;
@@ -42,6 +50,20 @@ module Ragweed::Wraposx::ThreadContext
     include Ragweed::FFIStructInclude
     layout :flavor, :int,
            :count, :int
+    def is_64?
+      case self[:flavor]
+      when 1, 2, 3, 10
+        false
+      when 4, 5, 6, 11
+        true
+      else
+        nil
+      end
+    end
+    
+    def is_32?
+      !is_64?
+    end
   end
 
   # _STRUCT_X86_THREAD_STATE32
@@ -186,7 +208,7 @@ EOM
            :rflags, :uint64,
            :cs, :uint64,
            :fs, :uint64,
-           :gs, :uint64,
+           :gs, :uint64
 
     module Flags
       CARRY =         0x1
@@ -220,16 +242,16 @@ EOM
       string =<<EOM
       -----------------------------------------------------------------------
       CONTEXT:
-      RIP: #{self.rip.to_s(16).rjust(16, "0")} #{maybe_dis.call(self.eip)}
-
-      RAX: #{self.rax.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.eax)}
-      RBX: #{self.rbx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.ebx)}
-      RCX: #{self.rcx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.ecx)}
-      RDX: #{self.rdx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.edx)}
-      RDI: #{self.rdi.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.edi)}
-      RSI: #{self.rsi.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.esi)}
-      RBP: #{self.rbp.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.ebp)}
-      RSP: #{self.rsp.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.esp)}
+      RIP: #{self.rip.to_s(16).rjust(16, "0")} #{maybe_dis.call(self.rip)}
+
+      RAX: #{self.rax.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rax)}
+      RBX: #{self.rbx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rbx)}
+      RCX: #{self.rcx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rcx)}
+      RDX: #{self.rdx.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rdx)}
+      RDI: #{self.rdi.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rdi)}
+      RSI: #{self.rsi.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rsi)}
+      RBP: #{self.rbp.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rbp)}
+      RSP: #{self.rsp.to_s(16).rjust(16, "0")} #{maybe_hex.call(self.rsp)}
       RFL: #{(self.rflags & 0xffffffff).to_s(2).rjust(32, "0")} #{Flags.flag_dump(self.rflags & 0xffffffff)}
 EOM
     end
@@ -256,6 +278,10 @@ EOM
     layout :tsh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :uts, Ragweed::Wraposx::ThreadContext::UnionThreadState
 
+    def is_64?; self[:tsh].is_64?; end
+    def is_32?; !is_64?; end
+    def header; self[:fsh]; end
+    
     # We have rubified this FFI structure by creating a bunch of proxy
     # methods that are normally only accessible via self.v.x.y which is
     # a lot to type. You can still use that method however these proxy
@@ -264,11 +290,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
         ret += self[:tsh].members.map{|x| [x.to_s, x.to_s + "="]}
-        ret + case self[:tsh][:flavor]
+        ret += case self[:tsh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
-          self[:uts].ts32.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:uts][:ts32].members.map{|x| [x.to_s, x.to_s + "="]}
         when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
-          self[:uts].ts64.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:uts][:ts64].members.map{|x| [x.to_s, x.to_s + "="]}
         else
           []
         end
@@ -278,11 +304,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
         ret += self[:tsh].members.map{|x| [x, (x.to_s + "=").intern]}
-        ret + case self[:tsh][:flavor]
+        ret += case self[:tsh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
-          self[:uts].ts32.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:uts][:ts32].members.map{|x| [x, (x.to_s + "=").intern]}
         when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
-          self[:uts].ts64.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:uts][:ts64].members.map{|x| [x, (x.to_s + "=").intern]}
         else
           []
         end
@@ -302,9 +328,9 @@ EOM
         else
           case self[:tsh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
-            self[:uts].ts32.__send__(:[]=, mth, *args)
+            self[:uts][:ts32].__send__(:[]=, mth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
-            self[:uts].ts64.__send__(:[]=, mth, *args)
+            self[:uts][:ts64].__send__(:[]=, mth, *args)
           end
         end
       else
@@ -316,9 +342,9 @@ EOM
         else
           case self[:tsh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
-            self[:uts].ts32.__send__(:[], meth, *args)
+            self[:uts][:ts32].__send__(:[], meth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
-            self[:uts].ts64.__send__(:[], meth, *args)
+            self[:uts][:ts64].__send__(:[], meth, *args)
           end
         end
       end
@@ -427,6 +453,10 @@ EOM
     layout :dsh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :uds, Ragweed::Wraposx::ThreadContext::UnionDebugState
 
+     def is_64?; self[:dsh].is_64?; end
+     def is_32?; !is_64?; end
+     def header; self[:dsh]; end
+
     # We have rubified this FFI structure by creating a bunch of proxy
     # methods that are normally only accessible via self.v.x.y which is
     # a lot to type. You can still use that method however these proxy
@@ -435,11 +465,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
         ret += self[:dsh].members.map{|x| [x.to_s, x.to_s + "="]}
-        ret + case self[:dsh][:flavor]
+        ret += case self[:dsh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
-          self[:uds].ds32.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:uds][:ds32].members.map{|x| [x.to_s, x.to_s + "="]}
         when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
-          self[:uds].ds64.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:uds][:ds64].members.map{|x| [x.to_s, x.to_s + "="]}
         else
           []
         end
@@ -449,11 +479,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
         ret += self[:dsh].members.map{|x| [x, (x.to_s + "=").intern]}
-        ret + case self[:dsh][:flavor]
+        ret += case self[:dsh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
-          self[:uds].ds32.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:uds][:ds32].members.map{|x| [x, (x.to_s + "=").intern]}
         when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
-          self[:uds].ds64.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:uds][:ds64].members.map{|x| [x, (x.to_s + "=").intern]}
         else
           []
         end
@@ -473,9 +503,9 @@ EOM
         else
           case self[:dsh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
-            self[:uds].ds32.__send__(:[]=, mth, *args)
+            self[:uds][:ds32].__send__(:[]=, mth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
-            self[:uds].ds64.__send__(:[]=, mth, *args)
+            self[:uds][:ds64].__send__(:[]=, mth, *args)
           end
         end
       else
@@ -487,9 +517,9 @@ EOM
         else
           case self[:dsh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE32
-            self[:uds].ds32.__send__(:[], meth, *args)
+            self[:uds][:ds32].__send__(:[], meth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_DEBUG_STATE64
-            self[:uds].ds64.__send__(:[], meth, *args)
+            self[:uds][:ds64].__send__(:[], meth, *args)
           end
         end
       end
@@ -567,7 +597,11 @@ EOM
     layout :esh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :ues, Ragweed::Wraposx::ThreadContext::UnionExceptionState
 
-    #comment
+
+    def is_64?; self[:esh].is_64?; end
+    def is_32?; !is_64?; end
+    def header; self[:esh]; end
+
     # We have rubified this FFI structure by creating a bunch of proxy
     # methods that are normally only accessible via self.v.x.y which is
     # a lot to type. You can still use that method however these proxy
@@ -576,11 +610,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
         ret += self[:esh].members.map{|x| [x.to_s, x.to_s + "="]}
-        ret + case self[:esh][:flavor]
+        ret += case self[:esh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
-          self[:ues].es32.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:ues][:es32].members.map{|x| [x.to_s, x.to_s + "="]}
         when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
-          self[:ues].es64.members.map{|x| [x.to_s, x.to_s + "="]}
+          self[:ues][:es64].members.map{|x| [x.to_s, x.to_s + "="]}
         else
           []
         end
@@ -590,11 +624,11 @@ EOM
       def methods regular=true
         ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
         ret += self[:esh].members.map{|x| [x, (x.to_s + "=").intern]}
-        ret + case self[:esh][:flavor]
+        ret += case self[:esh][:flavor]
         when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
-          self[:ues].es32.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:ues][:es32].members.map{|x| [x, (x.to_s + "=").intern]}
         when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
-          self[:ues].es64.members.map{|x| [x, (x.to_s + "=").intern]}
+          self[:ues][:es64].members.map{|x| [x, (x.to_s + "=").intern]}
         else
           []
         end
@@ -614,9 +648,9 @@ EOM
         else
           case self[:esh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
-            self[:ues].es32.__send__(:[]=, mth, *args)
+            self[:ues][:es32].__send__(:[]=, mth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
-            self[:ues].es64.__send__(:[]=, mth, *args)
+            self[:ues][:es64].__send__(:[]=, mth, *args)
           end
         end
       else
@@ -628,9 +662,9 @@ EOM
         else
           case self[:esh][:flavor]
           when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
-            self[:ues].es32.__send__(:[], meth, *args)
+            self[:ues][:es32].__send__(:[], meth, *args)
           when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
-            self[:ues].es64.__send__(:[], meth, *args)
+            self[:ues][:es64].__send__(:[], meth, *args)
           end
         end
       end
@@ -843,6 +877,83 @@ EOM
     FLAVOR = 8
     layout :fsh, Ragweed::Wraposx::ThreadContext::X86StateHdr,
            :ufs, Ragweed::Wraposx::ThreadContext::UnionFloatState
+
+    def is_64?; self[:fsh].is_64?; end
+    def is_32?; !is_64?; end
+    def header; self[:fsh]; end
+
+    # We have rubified this FFI structure by creating a bunch of proxy
+    # methods that are normally only accessible via self.v.x.y which is
+    # a lot to type. You can still use that method however these proxy
+    # methods should allow for considerably clearer code
+    if RUBY_VERSION < "1.9"
+      def methods regular=true
+        ret = super + self.members.map{|x| [x.to_s, x.to_s + "="]}
+        ret += self[:fsh].members.map{|x| [x.to_s, x.to_s + "="]}
+        ret += case self[:fsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_FLOAT_STATE32
+          self[:ufs][:fs32].members.map{|x| [x.to_s, x.to_s + "="]}
+        when Ragweed::Wraposx::ThreadContext::X86_FLOAT_STATE64
+          self[:ufs][:fs64].members.map{|x| [x.to_s, x.to_s + "="]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    else
+      def methods regular=true
+        ret = super + self.members.map{|x| [x, (x.to_s + "=").intern]}
+        ret += self[:fsh].members.map{|x| [x, (x.to_s + "=").intern]}
+        ret += case self[:fsh][:flavor]
+        when Ragweed::Wraposx::ThreadContext::X86_FLOAT_STATE32
+          self[:ufs][:fs32].members.map{|x| [x, (x.to_s + "=").intern]}
+        when Ragweed::Wraposx::ThreadContext::X86_FLOAT_STATE64
+          self[:ufs][:fs64].members.map{|x| [x, (x.to_s + "=").intern]}
+        else
+          []
+        end
+        ret.flatten
+      end
+    end
+
+    def method_missing meth, *args
+      super unless self.respond_to? meth
+      if meth.to_s =~ /=$/
+        mth = meth.to_s.gsub(/=$/,'').intern
+        if self.members.include? mth
+          # don't proxy
+          self.__send__(:[]=, mth, *args)
+        elsif self[:fsh].members.include? meth
+          self[:fsh].__send__(:[]=, mth, *args)
+        else
+          case self[:fsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+            self[:ufs][:fs32].__send__(:[]=, mth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+            self[:ufs][:fs64].__send__(:[]=, mth, *args)
+          end
+        end
+      else
+        if self.members.include? meth
+          # don't proxy
+          self.__send__(:[], meth, *args)
+        elsif self[:fsh].members.include? meth
+          self[:fsh].__send__(:[], meth, *args)
+        else
+          case self[:fsh][:flavor]
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE32
+            self[:ufs][:fs32].__send__(:[], meth, *args)
+          when Ragweed::Wraposx::ThreadContext::X86_EXCEPTION_STATE64
+            self[:ufs][:fs64].__send__(:[], meth, *args)
+          end
+        end
+      end
+    end
+
+    def respond_to? meth, include_priv=false
+      mth = meth.to_s.gsub(/=$/,'') # may not be needed anymore
+      self.methods.include? mth || super
+    end
   end
 
   FLAVORS = {
@@ -866,7 +977,7 @@ module Ragweed::Wraposx
   module Libc
     extend FFI::Library
     ffi_lib FFI::Library::LIBC
-    attach_function :thread_get_state, [:thread_act_t, :thread_state_flavor_t, :pointer, :mach_msg_type_number_t], :kern_return_t
+    attach_function :thread_get_state, [:thread_act_t, :thread_state_flavor_t, :pointer, :pointer], :kern_return_t
     attach_function :thread_set_state, [:thread_act_t, :thread_state_flavor_t, :pointer, :mach_msg_type_number_t], :kern_return_t
   end
 
@@ -877,13 +988,13 @@ module Ragweed::Wraposx
     #                (thread_act_t                     target_thread,
     #                 thread_state_flavor_t                   flavor,
     #                 thread_state_t                       old_state,
-    #                 mach_msg_type_number_t         old_state_count);
+    #                 mach_msg_type_number_t         *old_state_count);
     def thread_get_state(thread,flavor)
-      state = FFI::MemoryPointer.new Ragweed::Wraposx::ThreadContext::FLAVOR[flavor][:class], 1
-      count = FFI::MemoryPointer.new(:int, 1).write_int Ragweed::Wraposx::ThreadContext::FLAVOR[flavor][:count]
+      state = FFI::MemoryPointer.new Ragweed::Wraposx::ThreadContext::FLAVORS[flavor][:class]
+      count = FFI::MemoryPointer.new(:int, 1).write_uint Ragweed::Wraposx::ThreadContext::FLAVORS[flavor][:count]
       r = Libc.thread_get_state(thread, flavor, state, count)
       raise KernelCallError.new(:thread_get_state, r) if r != 0
-      Ragweed::Wraposx::ThreadContext::FLAVOR[flavor][:class].new state
+      Ragweed::Wraposx::ThreadContext::FLAVORS[flavor][:class].new state
     end
 
     # Sets the register state of thread.
@@ -892,11 +1003,11 @@ module Ragweed::Wraposx
     #                (thread_act_t                     target_thread,
     #                 thread_state_flavor_t                   flavor,
     #                 thread_state_t                       new_state,
-    #                 mach_msg_number_t                  new_state_count);
+    #                 mach_msg_type_number_t         new_state_count);
     def thread_set_state(thread, flavor, state)
       r = Libc.thread_set_state(thread, flavor, state.to_ptr, ThreadContext::FLAVORS[flavor][:count])
       raise KernelCallError.new(:thread_set_state, r) if r!= 0
-      Ragweed::Wraposx::ThreadContext::FLAVOR[flavor][:class].new state
+      Ragweed::Wraposx::ThreadContext::FLAVORS[flavor][:class].new state
     end
   end
 end

data/lib/ragweed/wraposx/wraposx.rb

@@ -178,10 +178,10 @@ module Ragweed::Wraposx
     # There is no man page for this call.
     def task_for_pid(pid, target=nil)
       target ||= mach_task_self
-      port = FFI::MemoryPointer.new :int, 1
+      port = FFI::MemoryPointer.new :uint, 1
       r = Libc.task_for_pid(target, pid, port)
       raise KernelCallError.new(:task_for_pid, r) if r != 0
-      port.read_int
+      port.read_uint
     end  
 
     # Returns an Array of thread IDs for the given task
@@ -193,11 +193,11 @@ module Ragweed::Wraposx
     #
     #There is no man page for this funtion.    
     def task_threads(port)
-      threads = FFI::MemoryPointer.new :int, 1
+      threads = FFI::MemoryPointer.new :pointer, 1
       count = FFI::MemoryPointer.new :int, 1
       r = Libc.task_threads(port, threads, count)
       raise KernelCallError.new(:task_threads, r) if r != 0
-      threads.read_array_of_int(count.read_int)
+      threads.read_pointer.read_array_of_uint(count.read_uint)
     end
 
     # Decrement the target tasks suspend count
@@ -215,6 +215,7 @@ module Ragweed::Wraposx
     def task_suspend(task)
       r = Libc.task_suspend(task)
       raise KernelCallError.new(r) if r != 0
+      r
     end
 
     # Sends a signal to a process
@@ -227,6 +228,7 @@ module Ragweed::Wraposx
       FFI::errno = 0
       r = Libc.kill(pid, sig)
       raise SystemCallError.new "kill", FFI::errno if r != 0
+      r
     end
 
     # Reads sz bytes from task's address space starting at addr.
@@ -241,10 +243,10 @@ module Ragweed::Wraposx
     # There is no man page for this function.
     def vm_read(task, addr, sz=256)
       buf = FFI::MemoryPointer.new(sz)
-      len = FFI::MemoryPointer(sz.to_l32)
+      len = FFI::MemoryPointer.new(:uint).write_uint(sz)
       r = Libc.vm_read_overwrite(task, addr, sz, buf, len)
       raise KernelCallError.new(:vm_read, r) if r != 0
-      return buf.to_str(len.to_str(4).to_l32)
+      buf.read_string(len.read_uint)
     end
 
     # Writes val to task's memory space at address addr.
@@ -258,10 +260,10 @@ module Ragweed::Wraposx
     #
     # There is no man page for this function.
     def vm_write(task, addr, val)
-      val = FFI::MemoryPointer.new
+      val = FFI::MemoryPointer.new(val)
       r = Libc.vm_write(task, addr, val, val.size)
       raise KernelCallError.new(:vm_write, r) if r != 0
-      return nil
+      r
     end
 
     # Changes the protection state beginning at addr for size bytes to the mask prot.
@@ -279,7 +281,7 @@ module Ragweed::Wraposx
       setmax = setmax ? 1 : 0
       r = Libc.vm_protect(task, addr, size, setmax, prot)
       raise KernelCallError.new(:vm_protect, r) if r != 0
-      return nil
+      r
     end
 
     # Allocates a page in the memory space of the target task.
@@ -311,6 +313,7 @@ module Ragweed::Wraposx
       addr.write_int(address)
       r = Libc.vm_deallocate(task, addr, size)
       raise KernelCallError.new(r) if r != 0
+      r
     end
 
     # Resumes a suspended thread by id.
@@ -322,6 +325,7 @@ module Ragweed::Wraposx
     def thread_resume(thread)
       r = Libc.thread_resume(thread)
       raise KernelCallError.new(:thread_resume, r) if r != 0
+      r
     end
 
     # Suspends a thread by id.
@@ -333,6 +337,7 @@ module Ragweed::Wraposx
     def thread_suspend(thread)
       r = Libc.thread_suspend(thread)
       raise KernelCallError.new(:thread_suspend, r) if r != 0
+      r
     end
 
     # Changes execution to file in path with *args as though called from command line.

data/ragweed.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{ragweed}
-  s.version = "0.2.1"
+  s.version = "0.2.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["tduehr", "struct", "tqbf"]
-  s.date = %q{2011-04-13}
+  s.date = %q{2011-06-08}
   s.description = %q{General debugging tool written in Ruby for OSX/Win32/Linux}
   s.email = %q{td@matasano.com}
   s.extra_rdoc_files = [
@@ -59,7 +59,6 @@ Gem::Specification.new do |s|
     "lib/ragweed/wraposx/structs.rb",
     "lib/ragweed/wraposx/thread_context.rb",
     "lib/ragweed/wraposx/thread_info.rb",
-    "lib/ragweed/wraposx/thread_info.rb.old",
     "lib/ragweed/wraposx/wraposx.rb",
     "lib/ragweed/wraptux.rb",
     "lib/ragweed/wraptux/constants.rb",
@@ -76,16 +75,6 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.5.2}
   s.summary = %q{Scriptable debugger}
-  s.test_files = [
-    "examples/hittracertux.rb",
-    "examples/hittracerx.rb",
-    "examples/hook_notepad.rb",
-    "examples/snicker.rb",
-    "examples/tux-example.rb",
-    "spec/ragweed_spec.rb",
-    "spec/spec_helper.rb",
-    "test/test_ragweed.rb"
-  ]
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: ragweed
 version: !ruby/object:Gem::Version 
-  hash: 21
+  hash: 19
   prerelease: 
   segments: 
   - 0
   - 2
-  - 1
-  version: 0.2.1
+  - 2
+  version: 0.2.2
 platform: ruby
 authors: 
 - tduehr
@@ -17,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-13 00:00:00 -05:00
+date: 2011-06-08 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -87,7 +87,6 @@ files:
 - lib/ragweed/wraposx/structs.rb
 - lib/ragweed/wraposx/thread_context.rb
 - lib/ragweed/wraposx/thread_info.rb
-- lib/ragweed/wraposx/thread_info.rb.old
 - lib/ragweed/wraposx/wraposx.rb
 - lib/ragweed/wraptux.rb
 - lib/ragweed/wraptux/constants.rb
@@ -135,12 +134,5 @@ rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: Scriptable debugger
-test_files: 
-- examples/hittracertux.rb
-- examples/hittracerx.rb
-- examples/hook_notepad.rb
-- examples/snicker.rb
-- examples/tux-example.rb
-- spec/ragweed_spec.rb
-- spec/spec_helper.rb
-- test/test_ragweed.rb
+test_files: []
+

data/lib/ragweed/wraposx/thread_info.rb.old

@@ -1,121 +0,0 @@
-module Ragweed; end
-module Ragweed::Wraposx::ThreadState
-  #Thread run states
-  RUNNING = 1 #/* thread is running normally */
-  STOPPED = 2 #/* thread is stopped */
-  WAITING = 3 #/* thread is waiting normally */
-  UNINTERRUPTIBLE = 4 #/* thread is in an uninterruptible wait */
-  HALTED = 5 #/* thread is halted at a clean point */
-end
-
-module Ragweed::Wraposx::TFlags
-  #Thread flags (flags field).
-  SWAPPED = 0x1 #/* thread is swapped out */
-  IDLE = 0x2 #/* thread is an idle thread */
-end
-    
-class Ragweed::Wraposx::ThreadInfo
-  include Ragweed
-  attr_accessor :user_time
-  attr_accessor :system_time
-  (FIELDS = [ [:user_time_s, "I"],
-              [:user_time_us, "I"],
-              [:system_time_s, "I"],
-              [:system_time_us, "I"],
-              [:cpu_usage, "I"],
-              [:policy, "I"],
-              [:run_state, "I"],
-              [:flags, "I"],
-              [:suspend_count, "I"],
-              [:sleep_time, "I"]]).each {|x| attr_accessor x[0]}
-
-  def initialize(str=nil)
-    refresh(str) if str
-  end
-
-  #(re)loads the data from str
-  def refresh(str)
-    if str and not str.empty?
-      str.unpack(FIELDS.map {|x| x[1]}.join("")).each_with_index do |val, i|
-        raise "i is nil" if i.nil?
-        instance_variable_set "@#{ FIELDS[i][0] }".intern, val
-      end
-    end
-    @user_time = @user_time_s + (@user_time_us/1000000.0)
-    @system_time = @system_time_s + (@system_time_us/1000000.0)
-  end
-
-  def to_s
-    FIELDS.map {|f| send(f[0])}.pack(FIELDS.map {|x| x[1]}.join(""))
-  end
-
-  def self.get(t)
-    self.new(Wraposx::thread_info_raw(t))
-  end
-
-  def get(t)
-    refresh(Wraposx::thread_info_raw(t))
-  end
-
-  def inspect
-    body = lambda do
-      FIELDS.map do |f|
-        "#{f[0]}=#{send(f[0]).to_s}"
-      end.join(", ")
-    end
-    "#<ThreadInfo #{body.call}>"
-  end
-
-  def dump(&block)
-    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
-    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
-
-    string =<<EOM
-    -----------------------------------------------------------------------
-    INFO:
-    user_time:     #{self.user_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.user_time)}
-    system_time:   #{self.system_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.system_time)}
-    cpu_usage:     #{self.cpu_usage.to_s.rjust(8, "0")} #{maybe_hex.call(self.cpu_usage)}
-    policy:        #{self.policy.to_s.rjust(8, "0")} #{maybe_hex.call(self.policy)}
-    run_state:     #{self.run_state.to_s.rjust(8, "0")} #{maybe_hex.call(self.run_state)}
-    suspend_count: #{self.suspend_count.to_s.rjust(8, "0")} #{maybe_hex.call(self.suspend_count)}
-    sleep_time:    #{self.sleep_time.to_s.rjust(8, "0")} #{maybe_hex.call(self.sleep_time)}
-    flags:         #{self.flags.to_s(2).rjust(32, "0")} #{Wraposx::TFlags.flag_dump(self.flags)}
-EOM
-  end
-end
-
-module Ragweed::Wraposx
-
-  # FIXME - constants should be under separate sub-modules
-  # XXX - implement more thread info flavors (if possible)
-  # XXX - move to class based implementation a la region_info
-  # info interfaces
-  THREAD_BASIC_INFO = 3  #basic information
-
-  # following are obsolete interfaces
-  THREAD_SCHED_TIMESHARE_INFO = 10
-  THREAD_SCHED_RR_INFO = 11
-  THREAD_SCHED_FIFO_INFO = 12
-
-  # define THREAD_BASIC_INFO_COUNT   ((mach_msg_type_number_t)(sizeof(thread_basic_info_data_t) / sizeof(natural_t)))
-  # the two time fields are each two ints
-  THREAD_BASIC_INFO_COUNT = 10
-
-  class << self
-
-    # Returns the packed string representation of the thread_info_t struct for later parsing.
-    # kern_return_t   thread_info
-    #                (thread_act_t                     target_thread,
-    #                 thread_flavor_t                         flavor,
-    #                 thread_info_t                      thread_info,
-    #                 mach_msg_type_number_t       thread_info_count);
-    def thread_info_raw(thread)
-      info = ("\x00"*1024).to_ptr
-      count = ([THREAD_BASIC_INFO_COUNT].pack("I_")).to_ptr
-      r = CALLS["libc!thread_info:IIPP=I"].call(thread,THREAD_BASIC_INFO,info,count).first
-      raise KernelCallError.new(:thread_info, r) if r != 0
-      return info.to_s(SIZEOFINT*THREAD_BASIC_INFO_COUNT)
-    end
-  end
-end