tduehr-ragweed 0.1.5

data/lib/ragweed/wraposx/kernelerrorx.rb

@@ -0,0 +1,147 @@
+# Exception objects for kernel errors likely in Wraposx
+# If this were a C extension I'd use #ifdef on each to only create the required ones.
+
+module Ragweed; end
+module Ragweed::Wraposx; end
+module Ragweed::Wraposx::KernelReturn
+  SUCCESS =               { :value => 0, :message => 'Not an error'}
+  INVALID_ADDRESS =       { :value => 1, :message => 'Specified address is not currently valid.'}
+  PROTECTION_FAILURE =    { :value => 2, :message => 'Specified memory is valid, but does not permit the required forms of access.'}
+  NO_SPACE =              { :value => 3, :message => 'The address range specified is already in use, or no address range of the size specified could be found.'}
+  INVALID_ARGUMENT =      { :value => 4, :message => 'The function requested was not applicable to this type of argument, or an argument is invalid'}
+  FAILURE =               { :value => 5, :message => 'The function could not be performed.  A catch-all.'}
+  RESOURCE_SHORTAGE =     { :value => 6, :message => 'A system resource could not be allocated to fulfill this request.  This failure may not be permanent.'}
+  NOT_RECEIVER =          { :value => 7, :message => 'The task in question does not hold receive rights for the port argument.'}
+  NO_ACCESS =             { :value => 8, :message => 'Bogus access restriction.'}
+  MEMORY_FAILURE =        { :value => 9, :message => 'During a page fault, the target address refers to a memory object that has been destroyed.  This failure is permanent.'}
+  MEMORY_ERROR =          { :value => 10, :message => 'During a page fault, the memory object indicated that the data could not be returned.  This failure may be temporary; future attempts to access this same data may succeed, as defined by the memory object.'}
+  ALREADY_IN_SET =        { :value => 11, :message => 'The receive right is already a member of the portset.'}
+  NOT_IN_SET =            { :value => 12, :message => 'The receive right is not a member of a port set.'}
+  NAME_EXISTS =           { :value => 13, :message => 'The name already denotes a right in the task.'}
+  ABORTED =               { :value => 14, :message => 'The operation was aborted.  Ipc code will catch this and reflect it as a message error.'}
+  INVALID_NAME =          { :value => 15, :message => 'The name doesn\'t denote a right in the task.'}
+  INVALID_TASK =          { :value => 16, :message => 'Target task isn\'t an active task.'}
+  INVALID_RIGHT =         { :value => 17, :message => 'The name denotes a right, but not an appropriate right.'}
+  INVALID_VALUE =         { :value => 18, :message => 'A blatant range error.'}
+  UREFS_OVERFLOW =        { :value => 19, :message => 'Operation would overflow limit on user-references.'}
+  INVALID_CAPABILITY =    { :value => 20, :message => 'The supplied (port) capability is improper.'}
+  RIGHT_EXISTS =          { :value => 21, :message => 'The task already has send or receive rights for the port under another name.'}
+  INVALID_HOST =          { :value => 22, :message => 'Target host isn\'t actually a host.'}
+  MEMORY_PRESENT =        { :value => 23, :message => 'An attempt was made to supply "precious" data for memory that is already present in a memory object.'}
+  MEMORY_DATA_MOVED =     { :value => 24, :message => 'A page was requested of a memory manager via memory_object_data_request for an object using a MEMORY_OBJECT_COPY_CALL strategy, with the VM_PROT_WANTS_COPY flag being used to specify that the page desired is for a copy of the object, and the memory manager has detected the page was pushed into a copy of the object while the kernel was walking the shadow chain from the copy to the object. This error code is delivered via memory_object_data_error and is handled by the kernel (it forces the kernel to restart the fault). It will not be seen by users.'}
+  MEMORY_RESTART_COPY =   { :value => 25, :message => 'A strategic copy was attempted of an object upon which a quicker copy is now possible. The caller should retry the copy using vm_object_copy_quickly. This error code is seen only by the kernel.'}
+  INVALID_PROCESSOR_SET = { :value => 26, :message => 'An argument applied to assert processor set privilege was not a processor set control port.'}
+  POLICY_LIMIT =          { :value => 27, :message => 'The specified scheduling attributes exceed the thread\'s limits.'}
+  INVALID_POLICY =        { :value => 28, :message => 'The specified scheduling policy is not currently enabled for the processor set.'}
+  INVALID_OBJECT =        { :value => 29, :message => 'The external memory manager failed to initialize the memory object.'}
+  ALREADY_WAITING =       { :value => 30, :message => 'A thread is attempting to wait for an event for which  there is already a waiting thread.'}
+  DEFAULT_SET =           { :value => 31, :message => 'An attempt was made to destroy the default processor set.'}
+  EXCEPTION_PROTECTED =   { :value => 32, :message => 'An attempt was made to fetch an exception port that is protected, or to abort a thread while processing a protected exception.'}
+  INVALID_LEDGER =        { :value => 33, :message => 'A ledger was required but not supplied.'}
+  INVALID_MEMORY_CONTROL= { :value => 34, :message => 'The port was not a memory cache control port.'}
+  INVALID_SECURITY =      { :value => 35, :message => 'An argument supplied to assert security privilege was not a host security port.'}
+  NOT_DEPRESSED =         { :value => 36, :message => 'thread_depress_abort was called on a thread which was not currently depressed.'}
+  TERMINATED =            { :value => 37, :message => 'Object has been terminated and is no longer available'}
+  LOCK_SET_DESTROYED =    { :value => 38, :message => 'Lock set has been destroyed and is no longer available.'}
+  LOCK_UNSTABLE =         { :value => 39, :message => 'The thread holding the lock terminated before releasing the lock'}
+  LOCK_OWNED =            { :value => 40, :message => 'The lock is already owned by another thread'}
+  LOCK_OWNED_SELF =       { :value => 41, :message => 'The lock is already owned by the calling thread'}
+  SEMAPHORE_DESTROYED =   { :value => 42, :message => 'Semaphore has been destroyed and is no longer available.'}
+  RPC_SERVER_TERMINATED = { :value => 43, :message => 'Return from RPC indicating the target server was terminated before it successfully replied '}
+  RPC_TERMINATE_ORPHAN =  { :value => 44, :message => 'Terminate an orphaned activation.'}
+  RPC_CONTINUE_ORPHAN =   { :value => 45, :message => 'Allow an orphaned activation to continue executing.'}
+  NOT_SUPPORTED =         { :value => 46, :message => 'Empty thread activation (No thread linked to it)'}
+  NODE_DOWN =             { :value => 47, :message => 'Remote node down or inaccessible.'}
+  NOT_WAITING =           { :value => 48, :message => 'A signalled thread was not actually waiting.'}
+  OPERATION_TIMED_OUT =   { :value => 49, :message => 'Some thread-oriented operation (semaphore_wait) timed out'}
+  RETURN_MAX =            { :value => 0x100, :message => 'Maximum return value allowable'}
+  
+  module_function
+  # Much like Signals.list returns a hash of the possible kernel call return values.
+  def list
+    constants.inject({}){|a, c| a.merge! c => const_get(c)}
+  end
+end
+
+module Ragweed::Wraposx::KErrno; end
+
+# Exception class for mach kernel calls. Works mostly like SystemCallError.
+# Subclasses are individual error conditions and case equality (===) is done by class then error number (KErrno)
+class Ragweed::Wraposx::KernelCallError < StandardError
+  DEFAULT_MESSAGE = "Unknown Error"
+  attr_reader :kerrno
+  
+  # Returns a subclass of KernelCallError based on the KernelReturn value err
+  def self.new(msg = "", err = nil)
+    if msg.kind_of? Fixnum
+      err = msg
+      msg = ""
+    end
+    mesg = ""
+
+    klass = Ragweed::Wraposx::KErrno.constants.detect{|x| Ragweed::Wraposx::KErrno.const_get(x).const_get("KErrno") == err}
+    if (klass.nil? or klass.empty?)
+      o = self.allocate
+      o.instance_variable_set("@kerrno", err)
+      mesg = "Unknown kernel error"
+    else
+      o = Ragweed::Wraposx::KErrno.const_get(klass).allocate
+      mesg = Ragweed::Wraposx::KernelReturn.const_get(klass)[:message]
+    end
+    
+    if o.class.const_defined?("KErrno")
+      o.instance_variable_set("@kerrno", o.class.const_get("KErrno"))
+    else
+      o.instance_variable_set("@kerrno", err)
+      mesg = "#{mesg}: #{err}" if err
+    end
+
+    mesg = "#{mesg} - #{msg}" if !(msg.nil? or msg.to_s.empty?)  
+    o.send(:initialize, mesg)
+    return o
+  end
+
+  # Case equality. Returns true if self and other are KernelCallError or when error numbers match.
+  def self.===(other)
+    return false if not other.kind_of?(Ragweed::Wraposx::KernelCallError)
+    return true if self == Ragweed::Wraposx::KernelCallError
+    
+    begin
+      return self.const_get("KErrno") == other.const_get("KErrno")
+    rescue
+      return false
+    end
+  end
+
+  def initialize(msg)
+    super msg
+  end
+
+  # This block builds the subclasses for KernelCallError
+  Ragweed::Wraposx::KernelReturn.list.each do |k, v|
+    case k.intern
+    when :SUCCESS
+    when :RETURN_MAX
+    else
+      klass = Ragweed::Wraposx::KErrno.const_set(k, Class.new(Ragweed::Wraposx::KernelCallError){
+        def self.new(msg = "")
+          o = self.allocate
+          o.instance_variable_set "@kerrno", self.const_get("KErrno")
+          mesg = ""
+          klass = self.name.split("::").last
+          if Ragweed::Wraposx::KernelReturn.const_defined?(klass)
+            mesg = Ragweed::Wraposx::KernelReturn.const_get(klass)[:message]
+          else
+            mesg = "Unknown kernel error"
+          end
+          mesg = "#{mesg} - #{msg}" if not (msg.nil? or msg.empty?)
+          o.send(:initialize, mesg)
+          puts self
+          return o
+        end
+      })
+      klass.const_set "KErrno", v[:value]
+      klass.const_set "DEFAULT_MESSAGE", v[:message]
+    end
+  end
+end

data/lib/ragweed/wraposx/region_info.rb

@@ -0,0 +1,244 @@
+module Ragweed; end
+module Ragweed::Wraposx; end
+module Ragweed::Wraposx::Vm
+  # these are flavor arguments for vm_region
+  # more to be added as support for 64bit processes gets added
+  REGION_BASIC_INFO = 10
+  REGION_EXTENDED_INFO = 11
+  REGION_TOP_INFO = 12
+
+  # behavior identifiers
+  BEHAVIOR_DEFAULT = 0    # /* default */
+  BEHAVIOR_RANDOM = 1     # /* random */
+  BEHAVIOR_SEQUENTIAL = 2 # /* forward sequential */
+  BEHAVIOR_RSEQNTL = 3    # /* reverse sequential */
+  BEHAVIOR_WILLNEED = 4   # /* will need in near future */
+  BEHAVIOR_DONTNEED = 5   # /* dont need in near future */
+
+  #Virtual memory map inheritance values for vm_inherit_t
+  INHERIT_SHARE = 0       # /* share with child */
+  INHERIT_COPY = 1        # /* copy into child */
+  INHERIT_NONE = 2        # /* absent from child */
+  INHERIT_DONATE_COPY = 3 # /* copy and delete */
+  INHERIT_DEFAULT = 1     # VM_INHERIT_COPY
+  INHERIT_LAST_VALID = 2  # VM_INHERIT_NONE
+
+  #define VM_REGION_BASIC_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_basic_info_data_t)/sizeof(int)))
+  #define VM_REGION_EXTENDED_INFO_COUNT   ((mach_msg_type_number_t) (sizeof(vm_region_extended_info_data_t)/sizeof(int)))
+  #define VM_REGION_TOP_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_top_info_data_t)/sizeof(int)))
+  FLAVORS = { REGION_BASIC_INFO => {:size => 30, :count => 9},
+      REGION_EXTENDED_INFO => {:size => 32, :count => 9},
+      REGION_TOP_INFO => {:size => 17,:count => 9}
+  }
+
+  module Pflags
+    READ = 0x1 #read permission
+    WRITE = 0x2 #write permission
+    EXECUTE = 0x4 #execute permission
+  end
+end
+
+# Memory region info base class.
+# Currently Apple only supports the basic flavor. The other two flavors
+# are included for completeness.
+#
+class Ragweed::Wraposx::RegionInfo
+  def initialize(str=nil)
+    refresh(str) if str
+  end
+
+  # (re)loads the data from str
+  def refresh(str)
+    fields = self.class.const_get :FIELDS
+    # pp self.class
+    if str and not str.empty?
+      str.unpack(fields.map {|x| x[1]}.join("")).each_with_index do |val, i|
+        raise "i is nil" if i.nil?
+        instance_variable_set "@#{ fields[i][0] }".intern, val
+      end            
+    end
+  end
+
+  def to_s
+    fields = self.class.const_get :FIELDS
+    fields.map {|f| send(f[0])}.pack(fields.map {|x| x[1]}.join(""))
+  end
+
+  def self.get(t, a, flavor)
+    self.new(Ragweed::Wraposx::vm_region_raw(t, a, flavor))
+  end
+
+  def get(t, a)
+    refresh(Ragweed::Wraposx::vm_region_raw(t, a, self.class.const_get(:FLAVOR)))
+  end
+
+  def inspect
+    fields = self.class.const_get(:FIELDS)
+    body = lambda do
+      fields.map do |f|
+        "#{f[0]}=#{send(f[0]).to_s}"
+      end.join(", ")
+    end
+    "#<#{self.class.name.split("::").last} #{body.call}>"
+  end
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }      
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    INFO:
+    protection:       #{self.protection.to_s(2).rjust(8, "0")} #{Ragweed::Wraposx::Vm::Pflags.flag_dump(self.protection)}
+    max_protection:   #{self.max_protection.to_s(2).rjust(8, "0")} #{Ragweed::Wraposx::Vm::Pflags.flag_dump(self.max_protection)}
+    inheritance:      #{self.inheritance.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.inheritance)}
+    shared:           #{self.shared.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.shared)}
+    reserved:         #{self.reserved.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.reserved)}
+    offset:           #{self.offset.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.offset)}
+    behavior:         #{self.behavior.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.behavior)}
+    user_wired_count: #{self.user_wired_count.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.user_wired_count)}
+    size:             #{self.size.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.size)}
+EOM
+  end
+end
+
+class Ragweed::Wraposx::RegionBasicInfo < Ragweed::Wraposx::RegionInfo
+
+  FLAVOR = Ragweed::Wraposx::Vm::REGION_BASIC_INFO
+
+  (FIELDS = [ [:protection, "i"],       # The current protection for the region. 
+              [:max_protection, "i"],   # The maximum protection allowed for the region.
+              [:inheritance, "I"],      # The inheritance attribute for the region. 
+              [:shared, "I"],           # Shared indicator. If true, the region is shared by another task. If false, the region is not shared.
+              [:reserved, "I"],         # If true the region is protected from random allocation.
+              [:offset, "L"],           # The region's offset into the memory object. The region begins at this offset. 
+              [:behavior, "i"],         # Expected reference pattern for the memory.
+              [:user_wired_count, "S"],
+              [:size, "I"]              # size of memory region returned
+              ]).each {|x| attr_accessor x[0]}
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }      
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    INFO:
+    protection:       #{self.protection.to_s(2).rjust(8, "0")} #{Ragweed::Wraposx::Vm::Pflags.flag_dump(self.protection)}
+    max_protection:   #{self.max_protection.to_s(2).rjust(8, "0")} #{Ragweed::Wraposx::Vm::Pflags.flag_dump(self.max_protection)}
+    inheritance:      #{self.inheritance.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.inheritance)}
+    shared:           #{self.shared.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.shared)}
+    reserved:         #{self.reserved.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.reserved)}
+    offset:           #{self.offset.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.offset)}
+    behavior:         #{self.behavior.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.behavior)}
+    user_wired_count: #{self.user_wired_count.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.user_wired_count)}
+    size:             #{self.size.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.size)}
+EOM
+  end
+
+  def self.get(t, a)
+    self.new(Ragweed::Wraposx::vm_region_raw(t, a, FLAVOR))
+  end
+end
+
+class Ragweed::Wraposx::RegionExtendedInfo < Ragweed::Wraposx::RegionInfo
+
+  FLAVOR = Ragweed::Wraposx::Vm::REGION_EXTENDED_INFO
+  (FIELDS = [ [:protection, "i"],
+              [:user_tag, "I"],
+              [:pages_resident, "I"],
+              [:pages_shared_now_private, "I"],
+              [:pages_swapped_out, "I"],
+              [:pages_dirtied, "I"],
+              [:ref_count, "I"],
+              [:shadow_depth, "S"],
+              [:external_pager, "C"],
+              [:share_mode, "C"],
+              [:size, "I"] ]).each {|x| attr_accessor x[0]}
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }      
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    INFO:
+    protection:               #{self.protection.to_s(2).rjust(8, "0")} #{Ragweed::Wraposx::Vm::Pflags.flag_dump(self.protection)}
+    user_tag:                 #{self.user_tag.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.user_tag)}
+    pages_resident:           #{self.pages_resident.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.pages_resident)}
+    pages_shared_now_private: #{self.pages_shared_now_private.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.pages_shared_now_private)}
+    pages_swapped_out:        #{self.pages_swapped_out.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.pages_swapped_out)}
+    pages_dirtied:            #{self.pages_dirtied.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.pages_dirtied)}
+    ref_count:                #{self.ref_count.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ref_count)}
+    shadow_depth:             #{self.shadow_depth.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.shadow_depth)}
+    external_pager:           #{self.external_pager.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.external_pager)}
+    share_mode:               #{self.share_mode.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.share_mode)}
+    size:                     #{self.size.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.size)}
+EOM
+  end
+
+  def self.get(t, a)
+    self.new(Ragweed::Wraposx::vm_region_raw(t, a, FLAVOR))
+  end
+end
+
+class Ragweed::Wraposx::RegionTopInfo < Ragweed::Wraposx::RegionInfo
+
+  FLAVOR = Ragweed::Wraposx::Vm::REGION_TOP_INFO
+
+  (FIELDS = [ [:obj_id, "I"],
+              [:ref_count, "I"],
+              [:private_pages_resident, "I"],
+              [:shared_pages_resident, "I"],
+              [:share_mode, "C"],
+              [:size, "I"]]).each {|x| attr_accessor x[0]}
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    INFO:
+    obj_id:                 #{self.obj_id.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.obj_id)}
+    ref_count:              #{self.ref_count.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ref_count)}
+    private_pages_resident: #{self.private_pages_resident.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.private_pages_resident)}
+    shared_pages_resident:  #{self.shared_pages_resident.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.shared_pages_resident)}
+    share_mode:             #{self.share_mode.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.share_mode)}
+    size:                   #{self.size.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.size)}
+EOM
+  end
+
+  def self.get(t, a)
+    self.new(Ragweed::Wraposx::vm_region_raw(t, a, FLAVOR))
+  end
+end
+
+module Ragweed::Wraposx
+  class << self
+
+    # Returns a string containing the memory region information for task
+    # at address.
+    # Currently Apple only supports the basic flavor. The other two flavors
+    # are included for completeness.
+    #
+    # kern_return_t   vm_region
+    #                  (vm_task_t                    target_task,
+    #                   vm_address_t                     address,
+    #                   vm_size_t                           size,
+    #                   vm_region_flavor_t                flavor,
+    #                   vm_region_info_t                    info,
+    #                   mach_msg_type_number_t        info_count,
+    #                   memory_object_name_t         object_name);
+    def vm_region_raw(task, address, flavor)
+      info = ("\x00"*64).to_ptr
+      count = ([Vm::FLAVORS[flavor][:count]].pack("I_")).to_ptr
+      address = ([address].pack("I_")).to_ptr
+      objn = ([0].pack("I_")).to_ptr
+      sz = ("\x00"*SIZEOFINT).to_ptr
+      r = CALLS["libc!vm_region:IPPIPPP=I"].call(task, address, sz, Vm::FLAVORS[flavor][:count], info, count, objn).first
+      raise KernelCallError.new(:vm_region, r) if r != 0
+      return "#{info.to_s(Vm::FLAVORS[flavor][:size])}#{sz.to_s(SIZEOFINT)}"
+    end
+  end
+end

data/lib/ragweed/wraposx/thread_context.rb

@@ -0,0 +1,203 @@
+module Ragweed; end
+module Ragweed::Wraposx
+  module EFlags
+    CARRY =         0x1
+    X0 =            0x2
+    PARITY =        0x4
+    X1 =            0x8
+    ADJUST =        0x10
+    X2 =            0x20
+    ZERO =          0x40
+    SIGN =          0x80
+    TRAP =          0x100
+    INTERRUPT =     0x200
+    DIRECTION =     0x400
+    OVERFLOW =      0x800
+    IOPL1 =         0x1000
+    IOPL2 =         0x2000
+    NESTEDTASK =    0x4000
+    X3 =            0x8000
+    RESUME =        0x10000
+    V86MODE =       0x20000
+    ALIGNCHECK =    0x40000
+    VINT =          0x80000
+    VINTPENDING =   0x100000
+    CPUID =         0x200000
+  end
+end
+
+class Ragweed::Wraposx::ThreadContext
+  include Ragweed
+  (FIELDS = [ [:eax, "I"],
+              [:ebx, "I"],
+              [:ecx, "I"],
+              [:edx, "I"],
+              [:edi, "I"],
+              [:esi, "I"],
+              [:ebp, "I"],
+              [:esp, "I"],
+              [:ss, "I"],
+              [:eflags, "I"],
+              [:eip, "I"],
+              [:cs, "I"],
+              [:ds, "I"],
+              [:es, "I"],
+              [:fs, "I"],
+              [:gs, "I"]]).each {|x| attr_accessor x[0]}
+  FIELDTYPES = FIELDS.map {|x| x[1]}.join("")
+
+  def initialize(str=nil)
+    refresh(str) if str
+  end
+
+  #(re)loads the data fields from str
+  def refresh(str)
+    if str
+      str.unpack(FIELDTYPES).each_with_index do |val, i|
+        instance_variable_set "@#{ FIELDS[i][0] }".intern, val
+      end            
+    end
+  end
+
+  def to_s
+    FIELDS.map {|f| send(f[0])}.pack(FIELDTYPES)
+  end
+
+  def self.get(h)
+    Wraposx::thread_suspend(h)
+    r = self.new(Wraposx::thread_get_state_raw(h))
+    Wraposx::thread_resume(h)
+    return r
+  end
+
+  def get(h)
+    Wraposx::thread_suspend(h)
+    r = refresh(Wraposx::thread_get_state_raw(h))
+    Wraposx::thread_resume(h)
+    return r
+  end
+
+  def set(h)
+    Wraposx::thread_suspend(h)
+    r = Wraposx::thread_set_state_raw(h, self.to_s)
+    Wraposx::thread_resume(h)
+    return 
+  end
+
+  def inspect
+    body = lambda do
+      FIELDS.map do |f|
+        "#{f[0]}=#{send(f[0]).to_s(16)}"
+      end.join(", ")
+    end
+    "#<ThreadContext #{body.call}>"
+  end
+
+  def dump(&block)
+    maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }      
+    maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| "         " + i.mnem}.join("\n"); rescue; ""; end }
+
+    string =<<EOM
+    -----------------------------------------------------------------------
+    CONTEXT:
+    EIP: #{self.eip.to_s(16).rjust(8, "0")} #{maybe_dis.call(self.eip)}
+
+    EAX: #{self.eax.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.eax)}
+    EBX: #{self.ebx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ebx)}
+    ECX: #{self.ecx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ecx)}
+    EDX: #{self.edx.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.edx)}
+    EDI: #{self.edi.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.edi)}
+    ESI: #{self.esi.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esi)}
+    EBP: #{self.ebp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ebp)}
+    ESP: #{self.esp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esp)}
+    EFL: #{self.eflags.to_s(2).rjust(32, "0")} #{Wraposx::EFlags.flag_dump(self.eflags)}
+EOM
+  end
+
+  # sets/clears the TRAP flag
+  def single_step(v=true)
+    if v
+      @eflags |= Wraposx::EFlags::TRAP
+    else
+      @eflags &= ~(Wraposx::EFlags::TRAP)
+    end
+  end
+end
+
+module Ragweed::Wraposx
+
+  # FIXME - constants need to be in separate sub modules
+  # XXX - move to class based implementation a la region_info
+  # define i386_THREAD_STATE_COUNT   ((mach_msg_type_number_t)( sizeof (i386_thread_state_t) / sizeof (int) ))
+  # i386_thread_state_t is a struct w/ 16 uint
+  I386_THREAD_STATE_COUNT = 16
+  I386_THREAD_STATE = 1
+  REGISTER_SYMS = [:eax,:ebx,:ecx,:edx,:edi,:esi,:ebp,:esp,:ss,:eflags,:eip,:cs,:ds,:es,:fs,:gs]
+
+  class << self
+
+    # Returns a Hash of the thread's registers given a thread id.
+    #
+    # kern_return_t   thread_get_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       old_state,
+    #                 mach_msg_type_number_t         old_state_count);
+    def thread_get_state(thread)
+      state_arr = ("\x00"*SIZEOFINT*I386_THREAD_STATE_COUNT).to_ptr
+      count = ([I386_THREAD_STATE_COUNT].pack("I_")).to_ptr
+      r = CALLS["libc!thread_get_state:IIPP=I"].call(thread, I386_THREAD_STATE, state_arr, count).first
+      raise KernelCallError.new(:thread_get_state, r) if r != 0
+      r = state_arr.to_s(I386_THREAD_STATE_COUNT*SIZEOFINT).unpack("I_"*I386_THREAD_STATE_COUNT)
+      regs = Hash.new
+      I386_THREAD_STATE_COUNT.times do |i|
+        regs[REGISTER_SYMS[i]] = r[i]
+      end
+      return regs
+    end
+
+    # Returns string representation of a thread's registers for unpacking given a thread id
+    #
+    # kern_return_t   thread_get_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       old_state,
+    #                 mach_msg_type_number_t         old_state_count);
+    def thread_get_state_raw(thread)
+      state_arr = ("\x00"*SIZEOFINT*I386_THREAD_STATE_COUNT).to_ptr
+      count = ([I386_THREAD_STATE_COUNT].pack("I_")).to_ptr
+      r = CALLS["libc!thread_get_state:IIPP=I"].call(thread, I386_THREAD_STATE, state_arr, count).first
+      raise KernelCallError.new(:thread_get_state, r) if r != 0
+      return state_arr.to_s(I386_THREAD_STATE_COUNT*SIZEOFINT)
+    end
+
+    # Sets the register state of thread from a Hash containing it's values.
+    #
+    # kern_return_t   thread_set_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       new_state,
+    #                 target_thread                  new_state_count);
+    def thread_set_state(thread, state)
+      s = Array.new
+      I386_THREAD_STATE_COUNT.times do |i|
+        s << state[REGISTER_SYMS[i]]
+      end
+      s = s.pack("I_"*I386_THREAD_STATE_COUNT).to_ptr
+      r = CALLS["libc!thread_set_state:IIPI=I"].call(thread, I386_THREAD_STATE, s, I386_THREAD_STATE_COUNT).first
+      raise KernelCallError.new(:thread_set_state, r) if r!= 0
+    end
+
+    # Sets the register state of thread from a packed string containing it's values.
+    #
+    # kern_return_t   thread_set_state
+    #                (thread_act_t                     target_thread,
+    #                 thread_state_flavor_t                   flavor,
+    #                 thread_state_t                       new_state,
+    #                 target_thread                  new_state_count);
+    def thread_set_state_raw(thread, state)
+      r = CALLS["libc!thread_set_state:IIPI=I"].call(thread, I386_THREAD_STATE, state.to_ptr, I386_THREAD_STATE_COUNT).first
+      raise KernelCallError.new(:thread_set_state, r) if r!= 0
+    end
+  end
+end