Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update iOS JIT hack #12421

Merged
merged 2 commits into from
Oct 15, 2019
Merged

Update iOS JIT hack #12421

merged 2 commits into from
Oct 15, 2019

Conversation

sbingner
Copy link
Contributor

The current hack being used to get read/write/execute memory on iOS leaves the process in a very bad state where it can never exit. I fixed the hack for another project and somebody pointed out that I should let you guys know about it. The attached hack will get the same RWX memory state but without leaving the process in a bad state that does not allow it to be killed or exit.

@rweichler
Copy link

🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥

rweichler
rweichler reviewed Oct 15, 2019
View reviewed changes
ios/main.mm Outdated Show resolved Hide resolved
@hrydgard
Copy link
Owner

Can't say I completely understand what's going on here, but if it fixes it, it fixes it...

@hrydgard hrydgard merged commit 73bf609 into hrydgard:master Oct 15, 2019
@sbingner
Copy link
Contributor Author

sbingner commented Oct 15, 2019
edited
Loading

Can't say I completely understand what's going on here, but if it fixes it, it fixes it...
For posterity and edification:

The problem with the original hack was that it says it expects to be debugged but nothing ever debugs it. I fixed this by having something actually debug it.

  1. It spawns a child, and waits for that child to exit
  2. That child connects to its parent and debugs it.
  3. Once the child is attached to the parent, it just detaches and exits. This permanently marks the parent as having been debugged.
  4. The parent can then continue normal execution and pages that are not CS valid or are later created not valid do not cause problems because the kernel knows that a debugger may have modified code in the parent.

@hrydgard
Copy link
Owner

Ah, that explains it! Very cool!

@sbingner sbingner deleted the jitfix branch October 15, 2019 08:09
@Halo-Michael
Copy link
Contributor

Thanks!

This was referenced Oct 15, 2019
Closed
Closed
@imxieyi imxieyi mentioned this pull request Oct 16, 2019
Closed
@unknownbrackets unknownbrackets added this to the v1.10.0 milestone Oct 30, 2019
@OatmealDome OatmealDome mentioned this pull request Nov 26, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rweichler rweichler rweichler left review comments

Assignees
No one assigned
Labels
Platform-specific (iOS)
Projects
None yet
Milestone
v1.10.0
Development

Successfully merging this pull request may close these issues.
5 participants
@sbingner @rweichler @hrydgard @Halo-Michael @unknownbrackets