Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

derek.bruening/2010/i138-module-path.diff #245

Closed
derekbruening opened this issue Nov 27, 2014 · 1 comment
Closed

derek.bruening/2010/i138-module-path.diff #245

derekbruening opened this issue Nov 27, 2014 · 1 comment
Labels
Migrated Priority-Medium Status-Fixed Type-Review

Comments

@derekbruening
Copy link
Contributor

From [email protected] on January 03, 2010 21:24:30

issue #138: provide full path to module separately from name

  • module_data_t.full_path field was already present, just not set.
  • for linux, taking non-short version of /proc/maps comment.
    module_names_t.file_name is the short name version of full_path.
  • for windows, NtQueryVirtualMemory with MemorySectionName
    does work for image sections on XP+, and there it always gives absolute
    (NT-style) paths, so we use it when available.
  • as Nebbett points it, MemorySectionName queries fail for image sections
    on 2K and NT. there we expand the code written for ASLR that
    records the file used to open the last section to use a global hashtable,
    which avoids issues with handles shared among threads and with
    non-sequential section-mapping sequences (PR 213463/case 9028).
    • I added a generic hashtable wrapper around the hashtablex.h macros,
      which had never been used outside of fragment.c and required some
      updates to work properly
    • DR now watches NtClose and NtDuplicateObject to update the
      section-to-file hashtable
  • we don't see the map for modules present at init time: there we use
    the potentially unsafe get_module_name() but there should only be one
    thread
  • I kept the name-tracking code under -track_module_filenames
  • on a MemorySectionName query by the app to DR memory, we return
    STATUS_INVALID_ADDRESS (C0000141) to hide our dlls
  • when using either MemorySectionName or NtQueryInformationFile we get an
    NT path, and clients will want Dos paths. I added
    convert_NT_to_Dos_path(), which converts /Device/LanmanRedirector to //
    and queries the ProcessDeviceMap to convert /Device/HarddiskVolumeN to x:/
  • on 2K/NT for image sections, we can only use NtQueryInformationFile,
    which sometimes returns a relative path: for those cases I map in the
    file as a non-image and then call MemorySectionName.
    sort of expensive, but limited to legacy platforms. note that can't do
    this mapping trick w/ just section handle since section is already image
    or not so still need hashtable.

Testing done:

  • modified suite/tests/client-interface/modules.dll.c module_load_event to
    print the full path and ran calc on xp and 2K: we successfully retrieved
    the full path for already-loaded app modules, client libs, DR lib, and
    dynamically-loaded libs
  • ditto on linux, with events.dll.c

NOCHECKIN: add real test? have modules.dll.c ensure path starts w/ drive letter?

stats: 2260 diff lines
CMakeLists.txt | 2
api/docs/release.dox | 4
core/dynamo.c | 8
core/fragment.h | 6
core/hashtable.c | 139 +++++++++++++
core/hashtable.h | 55 +++++
core/heap.h | 3
core/lib/statsx.h | 1
core/linux/module.c | 13 !
core/linux/os.c | 6
core/module_list.c | 16 !
core/module_shared.h | 9
core/monitor.h | 1
core/utils.h | 1
core/win32/aslr.c | 30 -!
core/win32/aslr.h | 13 !
core/win32/module.c | 154 ++++++++++!!!!!
core/win32/ntdll.c | 71 +++-!
core/win32/ntdll.h | 28 ++
core/win32/os.c | 87 ++++++!!
core/win32/os_private.h | 19 +
core/win32/syscall.c | 296 +++++!!!!!!!!!!!!!!!!!!!!!!
core/win32/syscallx.h | 2
core/x86/instrument.c | 25 +!
core/x86/instrument.h | 4
suite/tests/client-interface/events.dll.c | 4
suite/tests/client-interface/modules.dll.c | 1
27 files changed, 559 insertions(+), 37 deletions(-), 402 modifications(!)

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=245
@derekbruening
Copy link
Contributor Author

From [email protected] on April 20, 2010 10:44:27

Status: Verified

derekbruening added a commit that referenced this issue Jul 5, 2023
@derekbruening
i#5383 mac a64, part 6: Get OSX-labeled tests to succeed
5537d2c 
8 of the 13 tests on Mac AArch64 labeled "OSX" fail prior to this PR.
Here we fix the following:

+ Syscall success is indicated by the carry flag just like x86 Mac
+ Handle sigreturn with its extra parameters just like x86 Mac
+ Fix signal handler parameters
+ Fix stolen register support in signal contexts
+ Use MAP_JIT and pthread_jit_write_protect_np for +rwx gencode in tests
+ Use DYLD_LIBRARY_PATH on Mac in tests

Now all 13 tests pass:
---------------------------------------------------------------------------------------
ctest -j 5 -L OSX
 1/13 Test  #13: code_api|common.fib ................................  Passed  0.59 sec
 2/13 Test #243: code_api|libutil.frontend_test .....................  Passed  0.63 sec
 3/13 Test #231: code_api|api.ir ....................................  Passed  0.67 sec
 4/13 Test   #9: code_api|linux.sigaction.native ....................  Passed  0.25 sec
 5/13 Test  #31: code_api|linux.signal0000 ..........................  Passed  0.10 sec
 6/13 Test #240: code_api|api.ir-static .............................  Passed  0.34 sec
 7/13 Test #241: code_api|api.drdecode ..............................  Passed  0.38 sec
 8/13 Test #245: code_api|api.dis-a64 ...............................  Passed  1.15 sec
 9/13 Test #264: no_code_api,no_intercept_all_signals|linux.sigaction  Passed  0.08 sec
10/13 Test  #33: code_api|linux.signal0010 ..........................  Passed  0.34 sec
11/13 Test  #35: code_api|linux.signal0100 ..........................  Passed  0.42 sec
12/13 Test  #37: code_api|linux.signal0110 ..........................  Passed  0.45 sec
13/13 Test   #7: samples_proj .......................................  Passed  1.89 sec
100% tests passed, 0 tests failed out of 13
---------------------------------------------------------------------------------------

Issue: #5383
@derekbruening derekbruening mentioned this issue Jul 5, 2023
Merged
github-merge-queue bot pushed a commit that referenced this issue Jul 7, 2023
@derekbruening
i#5383 mac a64, part 6: Get OSX-labeled tests to succeed (#6186)
85f1376 
8 of the 13 tests on Mac AArch64 labeled "OSX" fail prior to this PR.
Here we fix the following:

+ Syscall success is indicated by the carry flag just like x86 Mac
+ Handle sigreturn with its extra parameters just like x86 Mac
+ Fix signal handler parameters
+ Fix stolen register support in signal contexts
+ Use MAP_JIT and pthread_jit_write_protect_np for +rwx gencode in tests
+ Use DYLD_LIBRARY_PATH on Mac in tests

Now all 13 tests pass:
```
---------------------------------------------------------------------------------------
$ ctest -j 5 -L OSX
 1/13 Test  #13: code_api|common.fib ................................  Passed  0.59 sec
 2/13 Test #243: code_api|libutil.frontend_test .....................  Passed  0.63 sec
 3/13 Test #231: code_api|api.ir ....................................  Passed  0.67 sec
 4/13 Test   #9: code_api|linux.sigaction.native ....................  Passed  0.25 sec
 5/13 Test  #31: code_api|linux.signal0000 ..........................  Passed  0.10 sec
 6/13 Test #240: code_api|api.ir-static .............................  Passed  0.34 sec
 7/13 Test #241: code_api|api.drdecode ..............................  Passed  0.38 sec
 8/13 Test #245: code_api|api.dis-a64 ...............................  Passed  1.15 sec
 9/13 Test #264: no_code_api,no_intercept_all_signals|linux.sigaction  Passed  0.08 sec
10/13 Test  #33: code_api|linux.signal0010 ..........................  Passed  0.34 sec
11/13 Test  #35: code_api|linux.signal0100 ..........................  Passed  0.42 sec
12/13 Test  #37: code_api|linux.signal0110 ..........................  Passed  0.45 sec
13/13 Test   #7: samples_proj .......................................  Passed  1.89 sec
100% tests passed, 0 tests failed out of 13
---------------------------------------------------------------------------------------
```
Issue: #5383
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Migrated Priority-Medium Status-Fixed Type-Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening