feat: Implement Hardware breakpoints and refactoring software breakpo…

…ints code. fix :dbc to allow running a r2cmd when a breakpoint is hit
nowsecure · Jan 2, 2025 · 3dde3da · 3dde3da
1 parent f617c49
commit 3dde3da
Show file tree

Hide file tree

Showing 9 changed files with 743 additions and 1,876 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/agent/config.ts b/src/agent/config.ts
@@ -42,7 +42,8 @@ const config: any[string] = {
     'hook.usecmd': '',
     'file.log': '',
     'symbols.module': '',
-    'symbols.unredact': Process.platform === 'darwin'
+    'symbols.unredact': Process.platform === 'darwin',
+    'dbg.hwbp': 'true'
 };
 
 const configHelp: any[string] = {

diff --git a/src/agent/index.ts b/src/agent/index.ts
@@ -5,6 +5,7 @@ import * as android from './lib/java/android.js';
 import * as classes from './lib/info/classes.js';
 import * as darwin from './lib/darwin/index.js';
 import * as debug from './lib/debug/index.js';
+import * as breakpoints from './lib/debug/breakpoints.js';
 import * as system from './lib/debug/system.js';
 import disasm from './lib/disasm.js';
 import expr from './lib/expr.js';
@@ -80,13 +81,14 @@ const commandHandlers = {
     e: [config.evalConfig, 'configure the agent with these eval vars'],
     'e*': [config.evalConfigR2, 'display eval config vars in r2 format'],
     'e/': [config.evalConfigSearch, 'eval config search (?)'],
-    db: [debug.breakpointNative, 'list or add a native breakpoint', '[addr]'],
-    dbj: debug.breakpointJson,
-    dbc: [debug.breakpointNativeCommand, 'associate an r2 command when the native breakpoint is hit', '[addr] [cmd]'],
-    'db-': [debug.breakpointUnset, 'unset the native breakpoint in the given address', '[addr]'],
-    'db-*': [debug.breakpointUnsetAll, 'unset all the breakpoints'],
-    dc: [debug.breakpointContinue, 'continue execution of the interrupted child'],
-    dcu: [debug.breakpointContinueUntil, 'continue execution until given address', '[addr]'],
+    db: [breakpoints.setBreakpoint, 'list or add a native breakpoint', '[addr]'],
+    dbj: breakpoints.breakpointJson,
+    dbc: [breakpoints.setBreakpointCommand, 'associate an r2 command when the native breakpoint is hit', '[addr] [cmd]'],
+    dbs: [breakpoints.toggleBreakpoint, 'Enable/Disable a breakpoint', '[addr] [cmd]'],
+    'db-': [breakpoints.unsetBreakpoint, 'unset the native breakpoint in the given address', '[addr]'],
+    'db-*': [breakpoints.breakpointUnsetAll, 'unset all the breakpoints'],
+    dc: [breakpoints.breakpointContinue, 'continue execution of the interrupted child'],
+    dcu: [breakpoints.setBreakpointContinueUntil, 'continue execution until given address', '[addr]'],
     dk: [debug.sendSignal, 'send signal to process in the target process', '[signal]|([pid] [signum])'],
     s: [r2.seek, 'seek, change the current offset reference inside the agent', '[addr]'],
     r: [r2.cmd, 'run an r2 command inside the agent (requires dlopen r_core, creates new instance)', '[cmd]'],
@@ -313,7 +315,7 @@ const requestHandlers = {
 
 function state(params: any, data: any) {
     r2frida.offset = params.offset;
-    debug.setSuspended(params.suspended);
+    breakpoints.setSuspended(params.suspended);
     return [{}, null];
 }
 

diff --git a/src/agent/lib/darwin/index.ts b/src/agent/lib/darwin/index.ts
@@ -291,6 +291,7 @@ export function unloadFrameworkBundle(args: string[]): boolean {
     return bundle.unload();
 }
 
+
 export class IOSPathTransform extends PathTransform {
     _api: any | null;
-Original file line number
+Diff line change
@@ Expand Up @@
         return bundle.unload();
     }
     export class IOSPathTransform extends PathTransform {
         _api: any | null;
@@ Expand Down @@