Начало Каталог Помощ
Регистрация Вход
FangSoftSoft
/
Hypervisor
огледало от https://github.com/utmapp/Hypervisor.git
2
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: d368b281e4
Клонове Маркери
Hypervisor
/
userclient_hv_trap.m

userclient_hv_trap.m 2.2 KB
История Директен файл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. @import Darwin;
    2. 

  2. @import Foundation;
    3. 

  3. 

  4. typedef io_object_t io_connect_t;
    5. 

  5. 

  6. kern_return_t IOConnectTrap6(io_connect_t connect, uint32_t index, uintptr_t p1, uintptr_t p2,
    7. 

  7.                              uintptr_t p3, uintptr_t p4, uintptr_t p5, uintptr_t p6);
    8. 

  8. 

  9. static mach_port_t gUserClient;
    10. 

  10. static uint64_t gCodePtrs[14];
    11. 

  11. static uint64_t gDiscriminant;
    12. 

  12. 

  13. static int init_hv_trap() {
    14. 

  14.   NSError* nserror = nil;
    15. 

  15.   NSString* inStr = [NSString stringWithContentsOfFile:@"/tmp/zhuowei_portinfo"
    16. 

  16.                                               encoding:NSUTF8StringEncoding
    17. 

  17.                                                  error:&nserror];
    18. 

  18.   if (!inStr) {
    19. 

  19.     NSLog(@"Error opening portinfo: %@", nserror);
    20. 

  20.     return 1;
    21. 

  21.   }
    22. 

  22.   NSArray<NSString*>* parts = [inStr componentsSeparatedByString:@"\n"];
    23. 

  23.   int target_pid = parts[0].intValue;
    24. 

  24.   mach_port_t target_task = 0;
    25. 

  25.   kern_return_t err;
    26. 

  26.   err = task_for_pid(mach_task_self_, target_pid, &target_task);
    27. 

  27.   if (err) {
    28. 

  28.     fprintf(stderr, "Failed to get task port: %s\n", mach_error_string(err));
    29. 

  29.     return 1;
    30. 

  30.   }
    31. 

  31.   if (target_task == MACH_PORT_NULL) {
    32. 

  32.     fprintf(stderr, "Can't get task port for pid %d\n", target_pid);
    33. 

  33.     return 1;
    34. 

  34.   }
    35. 

  35.   mach_port_name_t remote_port_id = parts[1].intValue;
    36. 

  36.   mach_port_t user_client = 0;
    37. 

  37.   mach_msg_type_name_t user_client_type = 0;
    38. 

  38.   err = mach_port_extract_right(target_task, remote_port_id, MACH_MSG_TYPE_COPY_SEND, &user_client,
    39. 

  39.                                 &user_client_type);
    40. 

  40.   if (err) {
    41. 

  41.     fprintf(stderr, "Failed to extract user client port: %s\n", mach_error_string(err));
    42. 

  42.     return 1;
    43. 

  43.   }
    44. 

  44.   NSLog(@"ok port = %u", user_client);
    45. 

  45.   gDiscriminant = strtoull(parts[2].UTF8String, nil, 0x10);
    46. 

  46.   for (int i = 0; i < 14; i++) {
    47. 

  47.     gCodePtrs[i] = strtoull(parts[3 + i].UTF8String, nil, 0x10);
    48. 

  48.   }
    49. 

  49.   gUserClient = user_client;
    50. 

  50.   return 0;
    51. 

  51. }
    52. 

  52. 

  53. kern_return_t hv_trap(unsigned int hv_call, void* hv_arg) {
    54. 

  54.   static dispatch_once_t init_token;
    55. 

  55.   dispatch_once(&init_token, ^{
    56. 

  56.     init_hv_trap();
    57. 

  57.   });
    58. 

  58.   if (gUserClient == 0) {
    59. 

  59.     // TODO(zhuowei): make an error code??
    60. 

  60.     return 0x1337;
    61. 

  61.   }
    62. 

  62.   uint64_t signed_code_ptr = gCodePtrs[hv_call];
    63. 

  63.   return IOConnectTrap6(gUserClient, /*index=*/0, /*arg1*/ hv_arg, /*arg2*/ 0, signed_code_ptr,
    64. 

  64.                         gDiscriminant, 0, 0);
    65. 

  65. }
    66.