tduehr-ragweed 0.1.7 → 0.1.7.1

data/lib/ragweed/utils.rb

@@ -1,41 +1,59 @@
+class Array
+  module ArrayExtensions
+    # Convert to hash
+    ##
+    def to_hash
+        # too clever.
+        # Hash[*self.flatten]
+
+        h = Hash.new
+        each do |k,v|
+            h[k] = v
+        end
+        h
+    end
+  end
+  include ArrayExtensions
+end
+
 # These should probably be extensions to Module since that's the location of instance_eval and friends.
 class Object
-    module ObjectExtensions
-      # Every object has a "singleton" class, which you can think
-      # of as the class (ie, 1.metaclass =~ Fixnum) --- but that you
-      # can modify and extend without fucking up the actual class.
-      def metaclass; class << self; self; end; end
-      def meta_eval(&blk) metaclass.instance_eval &blk; end
-      def meta_def(name, &blk) meta_eval { define_method name, &blk }; end
-      def try(meth, *args); send(meth, *args) if respond_to? meth; end
-
-      def through(meth, *args)
-          if respond_to? meth
-              send(meth, *args)
-          else
-              self
-          end
-      end
+  module ObjectExtensions
+    # Every object has a "singleton" class, which you can think
+    # of as the class (ie, 1.metaclass =~ Fixnum) --- but that you
+    # can modify and extend without fucking up the actual class.
+    def metaclass; class << self; self; end; end
+    def meta_eval(&blk) metaclass.instance_eval &blk; end
+    def meta_def(name, &blk) meta_eval { define_method name, &blk }; end
+    def try(meth, *args); send(meth, *args) if respond_to? meth; end
 
-      ## This is from Topher Cyll's Stupd IRB tricks
-      def mymethods
-        (self.methods - self.class.superclass.methods).sort
+    def through(meth, *args)
+      if respond_to? meth
+        send(meth, *args)
+      else
+        self
       end
-      # self-evident
-      def callable?; respond_to? :call; end
-      def number?; kind_of? Numeric; end
-
-      # while X remains callable, keep calling it to get its value
-      def derive
-        # also, don't drink and derive
-        x = self
-        while x.callable?
-          x = x()
-        end
-        return x
+    end
+
+    ## This is from Topher Cyll's Stupd IRB tricks
+    def mymethods
+      (self.methods - self.class.superclass.methods).sort
+    end
+    # self-evident
+    def callable?; respond_to? :call; end
+    def number?; kind_of? Numeric; end
+
+    # while X remains callable, keep calling it to get its value
+    def derive
+      # also, don't drink and derive
+      x = self
+      while x.callable?
+        x = x()
       end
+      return x
     end
-    include ObjectExtensions
+  end
+  include ObjectExtensions
 end
 
 class String
@@ -51,21 +69,31 @@ class String
   def shift_u8; shift(1).to_u8; end
   
   def shift(count=1)
-      return self if count == 0
-      slice! 0..(count-1)
+    return self if count == 0
+    slice! 0..(count-1)
+  end
+
+  # Sometimes string buffers passed through Win32 interfaces come with
+  # garbage after the trailing NUL; this method gets rid of that, like
+  # String#trim
+  def asciiz
+    begin
+      self[0..self.index("\x00")-1]
+    rescue
+      self
+    end
   end
+  
+  def asciiz!; replace asciiz; end
 
   # Convert a string into hex characters
   def hexify
-      l = []
-      each_byte{|b| l << "%02x" % b}
-      l.join
+    self.unpack("H*").first
   end
 
   # Convert a string of raw hex characters (no %'s or anything) into binary
   def dehexify
-      (ret||="") << (me||=clone).shift(2).to_i(16).chr while not (me||=clone).empty?
-      return ret
+    [self].pack("H*")
   end
 end
 
@@ -77,11 +105,17 @@ class Integer
     def to_l16; [self].pack "v"; end
     def to_b16; [self].pack "n"; end
     def to_u8; [self].pack "C"; end
+
+    # sign extend
+    def sx8; ([self].pack "c").unpack("C").first; end
+    def sx16; ([self].pack "s").unpack("S").first; end
+    def sx32; ([self].pack "l").unpack("L").first; end
+
     def ffs
       i = 0
       v = self
       while((v >>= 1) != 0)
-          i += 1
+        i += 1
       end
       return i
     end
@@ -90,6 +124,14 @@ class Integer
 end
 
 class Module
+  def to_name_hash
+    @name_hash ||= constants.map {|k| [k.intern, const_get(k.intern)]}.to_hash
+  end
+
+  def to_key_hash
+    @key_hash ||= constants.map {|k| [const_get(k.intern), k.intern]}.to_hash
+  end
+
   def flag_dump(i)
     @bit_map ||= constants.map do |k|
       [k, const_get(k.intern).ffs]
@@ -111,4 +153,4 @@ class Module
     end
     return r.reverse
   end
-end
+end

data/lib/ragweed/wrap32/debugging.rb

@@ -63,14 +63,14 @@ class Ragweed::Wrap32::DebugEvent
     @code, @pid, @tid = str.unpack("LLL")
     str.shift 12
     case @code
-    when Wrap32::DebugCodes::CREATE_PROCESS 
+    when Ragweed::Wrap32::DebugCodes::CREATE_PROCESS 
       @file_handle, @process_handle, @thread_handle,
       @base, @offset,
       @info_size, @thread_base, @start_address,
       @image_name, @unicode = str.unpack("LLLLLLLLLH")
-    when Wrap32::DebugCodes::CREATE_THREAD 
+    when Ragweed::Wrap32::DebugCodes::CREATE_THREAD 
       @thread_handle, @thread_base, @start_address = str.unpack("LLL")
-    when Wrap32::DebugCodes::EXCEPTION 
+    when Ragweed::Wrap32::DebugCodes::EXCEPTION 
       @exception_code, @exception_flags,
       @exception_record, @exception_address, @parameter_count = str.unpack("LLLLL")
       str = str[20..-1]
@@ -81,17 +81,17 @@ class Ragweed::Wrap32::DebugEvent
           str = str[4..-1]
         rescue;end
       end
-    when Wrap32::DebugCodes::EXIT_PROCESS 
+    when Ragweed::Wrap32::DebugCodes::EXIT_PROCESS 
       @exit_code = str.unpack("L").first
-    when Wrap32::DebugCodes::EXIT_THREAD 
+    when Ragweed::Wrap32::DebugCodes::EXIT_THREAD 
       @exit_code = str.unpack("L").first
-    when Wrap32::DebugCodes::LOAD_DLL 
+    when Ragweed::Wrap32::DebugCodes::LOAD_DLL 
       @file_handle, @dll_base, @offset,
       @info_size, @image_name, @unicode = str.unpack("LLLLLH")
-    when Wrap32::DebugCodes::OUTPUT_DEBUG_STRING 
-    when Wrap32::DebugCodes::RIP 
+    when Ragweed::Wrap32::DebugCodes::OUTPUT_DEBUG_STRING 
+    when Ragweed::Wrap32::DebugCodes::RIP 
       @rip_error, @rip_type = str.unpack("LL")
-    when Wrap32::DebugCodes::UNLOAD_DLL 
+    when Ragweed::Wrap32::DebugCodes::UNLOAD_DLL 
       @dll_base = str.unpack("L").first
     else
       raise WinX.new(:wait_for_debug_event)
@@ -99,11 +99,11 @@ class Ragweed::Wrap32::DebugEvent
   end
 
   def inspect_code(c)
-    Wrap32::DebugCodes.to_key_hash[c].to_s || c.to_i
+    Ragweed::Wrap32::DebugCodes.to_key_hash[c].to_s || c.to_i
   end
   
   def inspect_exception_code(c)
-    Wrap32::ExceptionCodes.to_key_hash[c].to_s || c.to_i.to_s(16)
+    Ragweed::Wrap32::ExceptionCodes.to_key_hash[c].to_s || c.to_i.to_s(16)
   end
 
   def inspect_parameters(p)
@@ -129,7 +129,7 @@ module Ragweed::Wrap32
       buf = "\x00" * 1024
       r = CALLS["kernel32!WaitForDebugEvent:PL=L"].call(buf, ms)
       raise WinX.new(:wait_for_debug_event) if r == 0 and get_last_error != 121
-      return Wrap32::DebugEvent.new(buf) if r != 0
+      return Ragweed::Wrap32::DebugEvent.new(buf) if r != 0
       return nil
     end
 

data/lib/ragweed/wrap32/device.rb

@@ -3,12 +3,12 @@ module Ragweed
     def initialize(path, options={})
       @path = path
       @options = options
-      @h = Wrap32::create_file(@path, :flags => Wrap32::FileAttributes::OVERLAPPED|Wrap32::FileAttributes::NORMAL)
+      @h = Ragweed::Wrap32::create_file(@path, :flags => Ragweed::Wrap32::FileAttributes::OVERLAPPED|Ragweed::Wrap32::FileAttributes::NORMAL)
     end
 
     def ioctl(code, inbuf, outbuf)
       overlap(lambda do |o|
-        Wrap32::device_io_control(@h, code, inbuf, outbuf, o)
+        Ragweed::Wrap32::device_io_control(@h, code, inbuf, outbuf, o)
       end) do |ret, count|
         outbuf[0..count]
       end  
@@ -16,7 +16,7 @@ module Ragweed
     
     def read(sz)
       overlap(lambda do |o|
-        Wrap32::read_file(@h, sz, o)
+        Ragweed::Wrap32::read_file(@h, sz, o)
       end) do |ret, count|
         ret[0..count]
       end
@@ -24,21 +24,21 @@ module Ragweed
     
     def write(buf)
       overlap(lambda do |o|
-        Wrap32::write_file(@h, buf, o)
+        Ragweed::Wrap32::write_file(@h, buf, o)
       end) do |ret, count|
         count
       end
     end 
     
     def release
-      Wrap32::close_handle(@h)
+      Ragweed::Wrap32::close_handle(@h)
       @h = nil
     end
 
     private
 
     def overlap(proc)
-      o = Wrap32::Overlapped.get
+      o = Ragweed::Wrap32::Overlapped.get
       ret = proc.call(o)
       count = o.wait(@h)
       r = yield ret, count

data/lib/ragweed/wrap32/event.rb

@@ -27,17 +27,17 @@ class Ragweed::Event
   # Don't return until the event is signalled. Note that you
   # can't break this with timeouts or CTR-C.
   def wait
-    Wrap32::wait_for_single_object @h
+    Ragweed::Wrap32::wait_for_single_object @h
   end
 
   # Signal the event; anyone waiting on it is now released.
   def signal
-    Wrap32::set_event(@h)
+    Ragweed::Wrap32::set_event(@h)
   end
 
   # Force the event back to unsignalled state.
   def reset
-    Wrap32::reset_event(@h)
+    Ragweed::Wrap32::reset_event(@h)
   end
 
   # A wait loop.

data/lib/ragweed/wrap32/process.rb

@@ -6,7 +6,7 @@ class Ragweed::Process
   include Ragweed
 
   def self.find_by_regex(name)
-    Wrap32::all_processes do |p|
+    Ragweed::Wrap32::all_processes do |p|
       if p.szExeFile =~ name
         return self.new(p.th32ProcessID)
       end
@@ -23,7 +23,7 @@ class Ragweed::Process
 
   # clone a handle from the remote process to here (to here? tf?)
   def dup_handle(h)
-    Wrap32::duplicate_handle(@h, h)
+    Ragweed::Wrap32::duplicate_handle(@h, h)
   end
 
   # look up a process by its name --- but this is in the local process,
@@ -31,7 +31,7 @@ class Ragweed::Process
   # but probably never otherwise.
   def get_proc(name)
     return Ptr.new(name) if name.kind_of? Numeric or name.kind_of? Ptr
-    ptr(Wrap32::get_proc_address(name))
+    ptr(Ragweed::Wrap32::get_proc_address(name))
   end
 
   def get_proc_remote(name)
@@ -58,14 +58,14 @@ class Ragweed::Process
   # Just need a PID to get started.
   def initialize(pid) 
     @pid = pid
-    @h = Wrap32::open_process(pid)
+    @h = Ragweed::Wrap32::open_process(pid)
     @a = arena()
   end
 
   # Return the EXE name of the process.
   def image
     buf = "\x00" * 256
-    if Wrap32::nt_query_information_process(@h, 27, buf)
+    if Ragweed::Wrap32::nt_query_information_process(@h, 27, buf)
       buf = buf.from_utf16
       buf = buf[(buf.index("\\"))..-1]
       return buf.asciiz
@@ -76,9 +76,9 @@ class Ragweed::Process
   # Return a list of all the threads in the process; relatively
   # expensive, so cache the result.
   def threads(full=false, &block)
-    return Wrap32::threads(@pid, &block) if block_given?
+    return Ragweed::Wrap32::threads(@pid, &block) if block_given?
     ret = []
-    Wrap32::threads(@pid) {|x| ((full) ? ret << x : ret << x.th32ThreadID) }
+    Ragweed::Wrap32::threads(@pid) {|x| ((full) ? ret << x : ret << x.th32ThreadID) }
     return ret
   end
 
@@ -91,26 +91,26 @@ class Ragweed::Process
 
   # Suspend a thread by tid. Technically, this doesn't need to be
   # a method; you can suspend a thread anywhere without a process handle.
-  def suspend(tid); Wrap32::open_thread(tid) {|x| Wrap32::suspend_thread(x)}; end
+  def suspend(tid); Ragweed::Wrap32::open_thread(tid) {|x| Ragweed::Wrap32::suspend_thread(x)}; end
 
   # Resume a thread by tid.
-  def resume(tid); Wrap32::open_thread(tid) {|x| Wrap32::resume_thread(x)}; end
+  def resume(tid); Ragweed::Wrap32::open_thread(tid) {|x| Ragweed::Wrap32::resume_thread(x)}; end
 
   # List the modules for the process, either yielding a struct for
   # each to a block, or returning a list.
   def modules(&block)
     if block_given?
-      Wrap32::list_modules(@pid, &block)
+      Ragweed::Wrap32::list_modules(@pid, &block)
     else
       ret = []
-      Wrap32::list_modules(@pid) {|x| ret << x}
+      Ragweed::Wrap32::list_modules(@pid) {|x| ret << x}
       return ret
     end
   end
 
   # Read/write ranges of data or fixnums to/from the process by address.
-  def read(off, sz=4096); Wrap32::read_process_memory(@h, off, sz); end
-  def write(off, data); Wrap32::write_process_memory(@h, off, data); end
+  def read(off, sz=4096); Ragweed::Wrap32::read_process_memory(@h, off, sz); end
+  def write(off, data); Ragweed::Wrap32::write_process_memory(@h, off, data); end
   def read32(off); read(off, 4).unpack("L").first; end
   def read16(off); read(off, 2).unpack("v").first; end
   def read8(off); read(off, 1)[0]; end      
@@ -130,11 +130,11 @@ class Ragweed::Process
   end
 
   # Can I write to this address in the process?
-  def writeable?(off); Wrap32::writeable? @h, off; end
+  def writeable?(off); Ragweed::Wrap32::writeable? @h, off; end
 
   # Use VirtualAllocEx to grab a block of memory in the process. This
   # is expensive, the equivalent of mmap()'ing for each allocation. 
-  def syscall_alloc(sz); ptr(Wrap32::virtual_alloc_ex(@h, sz)); end
+  def syscall_alloc(sz); ptr(Ragweed::Wrap32::virtual_alloc_ex(@h, sz)); end
 
   # Use arenas, when possible, to quickly allocate memory. The upside
   # is this is very fast. The downside is you can't free the memory
@@ -150,7 +150,7 @@ class Ragweed::Process
   # Free the return value of syscall_alloc. Do NOT use for the return
   # value of alloc.
   def free(off)
-    Wrap32::virtual_free_ex(@h, off)
+    Ragweed::Wrap32::virtual_free_ex(@h, off)
   end
 
   # Convert an address to "module+10h" notation, when possible.
@@ -199,7 +199,7 @@ class Ragweed::Process
   def list_memory(&block)
     ret = []
     i = 0
-    while (mbi = Wrap32::virtual_query_ex(@h, i))
+    while (mbi = Ragweed::Wrap32::virtual_query_ex(@h, i))
       break if (not ret.empty? and mbi.BaseAddress == 0)
       if block_given?
         yield mbi
@@ -250,8 +250,8 @@ class Ragweed::Process
   # Dump thread context, returning a struct that contains things like
   # .Eip and .Eax.
   def thread_context(tid)
-    Wrap32::open_thread(tid) do |h|
-      Wrap32::get_thread_context(h)
+    Ragweed::Wrap32::open_thread(tid) do |h|
+      Ragweed::Wrap32::get_thread_context(h)
     end
   end
 
@@ -457,7 +457,7 @@ class Ragweed::Process
   # Do something with a thread while its suspended
   def with_suspended_thread(tid)
     ret = nil
-    Wrap32::with_suspended_thread(tid) {|x| ret = yield}
+    Ragweed::Wrap32::with_suspended_thread(tid) {|x| ret = yield}
     return ret
   end
 

data/lib/ragweed/wrap32/process_token.rb

@@ -21,7 +21,7 @@ module Ragweed::Wrap32
   end
 
   class << self
-    def open_process_token(h, access=Wrap32::TokenAccess::ADJUST_PRIVILEGES)
+    def open_process_token(h, access=Ragweed::Wrap32::TokenAccess::ADJUST_PRIVILEGES)
       outw = "\x00" * 4
       r = CALLS["advapi32!OpenProcessToken:LLP=L"].call(h, access, outw)
       raise WinX.new(:open_process_token) if r == 0
@@ -48,12 +48,12 @@ end
 
 class Ragweed::Wrap32::ProcessToken
   def initialize(p=nil)
-    p ||= Wrap32::open_process(Wrap32::get_current_process_id)
-    @h = Wrap32::open_process_token(p)
+    p ||= Ragweed::Wrap32::open_process(Ragweed::Wrap32::get_current_process_id)
+    @h = Ragweed::Wrap32::open_process_token(p)
   end
 
   def grant(name)
-    luid = Wrap32::lookup_privilege_value(name)
-    Wrap32::adjust_token_privileges(@h, 0, [luid, Wrap32::PrivilegeAttribute::ENABLED])
+    luid = Ragweed::Wrap32::lookup_privilege_value(name)
+    Ragweed::Wrap32::adjust_token_privileges(@h, 0, [luid, Ragweed::Wrap32::PrivilegeAttribute::ENABLED])
   end
 end

data/lib/ragweed/wrap32/thread_context.rb

@@ -81,22 +81,22 @@ class Ragweed::Wrap32::ThreadContext
   end
 
   def self.get(h)
-    self.new(Wrap32::get_thread_context_raw(h))
+    self.new(Ragweed::Wrap32::get_thread_context_raw(h))
   end
 
   def get(h)
-    refresh(Wrap32::get_thread_context_raw(h))
+    refresh(Ragweed::Wrap32::get_thread_context_raw(h))
   end
 
   def set(h)
-    Wrap32::set_thread_context_raw(h, self.to_s)
+    Ragweed::Wrap32::set_thread_context_raw(h, self.to_s)
   end
 
   def inspect
     body = lambda do
       FIELDS.map do |f|
         val = send(f[0])
-        "#{f[0]}=#{val.to_s(16) rescue val.to_s}"
+        "#{f[0]}=#{val.to_s(16) rescue val.to_s.hexify}"
       end.join(", ")
     end
     "#<ThreadContext #{body.call}>"
@@ -119,15 +119,15 @@ CONTEXT:
     ESI: #{self.esi.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esi)}
     EBP: #{self.ebp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.ebp)}
     ESP: #{self.esp.to_s(16).rjust(8, "0")} #{maybe_hex.call(self.esp)}
-    EFL: #{self.eflags.to_s(2).rjust(32, "0")} #{Wrap32::EFlags.flag_dump(self.eflags)}
+    EFL: #{self.eflags.to_s(2).rjust(32, "0")} #{Ragweed::Wrap32::EFlags.flag_dump(self.eflags)}
 EOM
   end
 
   def single_step(v=true)
     if v
-      @eflags |= Wrap32::EFlags::TRAP
+      @eflags |= Ragweed::Wrap32::EFlags::TRAP
     else
-      @eflags &= ~(Wrap32::EFlags::TRAP)
+      @eflags &= ~(Ragweed::Wrap32::EFlags::TRAP)
     end
   end
 end
@@ -135,7 +135,7 @@ end
 module Ragweed::Wrap32
   class << self
     def get_thread_context_raw(h)
-      ctx = [Wrap32::ContextFlags::DEBUG,0,0,0,0,0,0,"\x00"*112,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"\x00"*1024].pack("LLLLLLLa112LLLLLLLLLLLLLLLLa1024")
+      ctx = [Ragweed::Wrap32::ContextFlags::DEBUG,0,0,0,0,0,0,"\x00"*112,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"\x00"*1024].pack("LLLLLLLa112LLLLLLLLLLLLLLLLa1024")
       ret = CALLS["kernel32!GetThreadContext:LP=L"].call(h, ctx)
       if ret != 0
         return ctx
@@ -194,7 +194,7 @@ module Ragweed::Wrap32
     # and then resume the thread. Useful (among many other things) to sample
     # EIP values to see what the code is doing.
     def get_thread_context(h)
-      ctx = [Wrap32::ContextFlags::DEBUG,0,0,0,0,0,0,"\x00"*112,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"\x00"*1024].pack("LLLLLLLa112LLLLLLLLLLLLLLLLa1024")
+      ctx = [Ragweed::Wrap32::ContextFlags::DEBUG,0,0,0,0,0,0,"\x00"*112,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"\x00"*1024].pack("LLLLLLLa112LLLLLLLLLLLLLLLLa1024")
       suspend_thread(h)
       ret = CALLS["kernel32!GetThreadContext:LP=L"].call(h, ctx)
       resume_thread(h)

data/lib/ragweed/wrap32/wrap32.rb

@@ -302,9 +302,9 @@ module Ragweed::Wrap32
       h = CALLS["kernel32!CreateToolhelp32Snapshot:LL=L"].call(0x8, pid)
       if h != -1
         mi = [260+256+(8*4),0,0,0,0,0,0,0,"\x00"*256,"\x00"*260].pack("LLLLLLLLa256a260")
-        if w32("kernel32!Module32First:LP=L").call(h, mi) != 0
+        if CALLS["kernel32!Module32First:LP=L"].call(h, mi) != 0
           yield str2module_info(mi)
-          while w32("kernel32!Module32Next:LP=L").call(h, mi) != 0
+          while CALLS["kernel32!Module32Next:LP=L"].call(h, mi) != 0
             yield str2module_info(mi)
           end
         end
@@ -352,10 +352,10 @@ module Ragweed::Wrap32
       h = CALLS["kernel32!CreateToolhelp32Snapshot:LL=L"].call(0x4, pid)
       if h != -1
         mi = [(7*4),0,0,0,0,0,0].pack("LLLLLLL")
-        if w32("kernel32!Thread32First:LP=L").call(h, mi) != 0
+        if CALLS["kernel32!Thread32First:LP=L"].call(h, mi) != 0
           ti = str2thread_info(mi)
           yield str2thread_info(mi) if ti.th32OwnerProcessID == pid
-          while w32("kernel32!Thread32Next:LP=L").call(h, mi) != 0
+          while CALLS["kernel32!Thread32Next:LP=L"].call(h, mi) != 0
             ti = str2thread_info(mi)
             yield str2thread_info(mi) if ti.th32OwnerProcessID == pid
           end

data/lib/ragweed/wrap32.rb

@@ -5,7 +5,7 @@ module Ragweed; end
 module Ragweed::Wrap32
 
   # :stopdoc:
-  VERSION = '0.1.7'
+  VERSION = '0.1.7.1'
   LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
   PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
   # :startdoc:

data/lib/ragweed/wraposx/kernelerrorx.rb

@@ -59,7 +59,7 @@ module Ragweed::Wraposx::KernelReturn
   module_function
   # Much like Signals.list returns a hash of the possible kernel call return values.
   def list
-    constants.inject({}){|a, c| a.merge! c => const_get(c)}
+    @@list ||= constants.inject({}){|a, c| a.merge! c => const_get(c)}
   end
 end
 

data/lib/ragweed/wraposx/thread_info.rb

@@ -2,7 +2,7 @@ module Ragweed; end
 module Ragweed::Wraposx::ThreadInfo
   class << self
     #factory method to get a ThreadInfo variant
-    def self.get(flavor,tid)
+    def get(flavor,tid)
       found = false
       klass = self.constants.detect{|c| con = self.const_get(c); con.kind_of?(Class) && (flavor == con.const_get(:FLAVOR))}
       if klass.nil?

data/lib/ragweed/wraposx/wraposx.rb

@@ -150,6 +150,22 @@ module Ragweed::Wraposx
       return t.to_a("I", count.to_s(SIZEOFINT).unpack('I_').first)
     end
 
+    # Decrement the target tasks suspend count
+    # kern_return_t   task_resume
+    #                 (task_t          task);
+    def task_resume(task)
+      r = CALLC["libc!task_resume:I=I"].call(task).first
+      raise KernelCallError.new(r) if r != 0
+    end
+
+    # Increment the target tasks suspend count
+    # kern_return_t   task_suspend
+    #                 (task_t          task);
+    def task_suspend(task)
+      r = CALLC["libc!task_suspend:I=I"].call(task).first
+      raise KernelCallError.new(r) if r != 0
+    end
+
     # Sends a signal to a process
     #
     # int
@@ -237,6 +253,36 @@ module Ragweed::Wraposx
       return nil
     end
 
+    
+    # Allocates a page in the memory space of the target task.
+    #
+    # kern_return_t   vm_allocate
+    #                 (vm_task_t                          target_task,
+    #                  vm_address_t                           address,
+    #                  vm_size_t                                 size,
+    #                  boolean_t                             anywhere);
+    #
+    def vm_allocate(task, address, size, anywhere)
+      addr = int_to_intptr(address)
+      anywhere = anywhere ? 1 : 0
+      r = CALLS["libc!vm_allocate:IPII=I"].call(task,addr,size,anywhere).first
+      raise KernelCallError.new(r) if r != 0
+      addr.ptr
+    end
+    
+    # deallocates a page in the memoryspace of target task.
+    #
+    # kern_return_t   vm_deallocate
+    #                     (vm_task_t                          target_task,
+    #                      vm_address_t                           address,
+    #                      vm_size_t                                 size);
+    #
+    def vm_deallocate(task,address,size)
+      addr = int_to_intptr(address)
+      r = CALLS["libc!vm_deallocate:IPI=I"].call(task, addr, size).first
+      raise KernelCallError.new(r) if r != 0
+    end
+    
     # Resumes a suspended thread by id.
     #
     # kern_return_t   thread_resume
@@ -334,6 +380,12 @@ module Ragweed::Wraposx
       raise SystemCallError.new("sysctl", DL.last_error) if (r != 0 and DL.last_error != Errno::ENOMEM::Errno)
       return [ret,oldlenp.to_str(SIZEOFINT).unpack("I_").first]
     end
+    
+    # int
+    # nlist(const char *filename, struct nlist *nl)
+    def nlist(filename)
+      
+    end
 
     # Changes execution to file in path with *args as though called from command line.
     #
@@ -348,6 +400,17 @@ module Ragweed::Wraposx
       raise SystemCallError.new("execv", DL.last_error) if r == -1
       return r
     end
+    
+    def int_to_intptr(i)
+      case i
+      when Integer
+        return [i].pack("I").to_ptr
+      when DL::PtrData
+        return i
+      else
+        raise ArgumentError, "Not an Integer"
+      end
+    end
   end
 end