Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some instructions unknown #15

Open
visuall opened this issue May 7, 2014 · 5 comments
Open

Some instructions unknown #15

visuall opened this issue May 7, 2014 · 5 comments

Comments

@visuall
Copy link

visuall commented May 7, 2014

Hi there ... I am using mach_override for one of my projects. It hooks successfully some functions and works great but fails for others.

One example for failure is CFBundleCreate. I am developing with Xcode 5.1.1 running on Maverick .

@rodionovd
Copy link

@visuall are you sure you're using the latest version of mach_override available? It comes with a built-in disassembler which should help with this error, I guess.

The size of CFBundleCreate() is enough: 17 bytes, so we must be OK there.

@tyilo
Copy link

tyilo commented Oct 21, 2014

When trying to override SecCodeCheckValidityWithErrors I get the same error.
The disassembly for the function is:

base("/Security") + 0xCF59C push rbp    55
base("/Security") + 0xCF59D mov rbp, rsp    48 89 E5
base("/Security") + 0xCF5A0 push r15    41 57
base("/Security") + 0xCF5A2 push r14    41 56
base("/Security") + 0xCF5A4 push rbx    53
base("/Security") + 0xCF5A5 push rax    50
base("/Security") + 0xCF5A6 mov r14, rcx    49 89 CE
base("/Security") + 0xCF5A9 mov r15, rdx    49 89 D7
base("/Security") + 0xCF5AC mov ebx, esi    89 F3
base("/Security") + 0xCF5AE test ebx, 0x3fffffff    F7 C3 FF FF FF 3F
base("/Security") + 0xCF5B4 jz short 0x90fe25f4 74 3E
base("/Security") + 0xCF5B6 mov edi, 0xfffefa02 BF 02 FA FE FF
base("/Security") + 0xCF5BB call 0x7fff910ca05e E8 9E 7A 0E 00

Note: this comment talked about SecCodeCheckValidity before, but it has now been corrected to talk about SecCodeCheckValidityWithErrors.

@rodionovd
Copy link

@tyilo what git revision are you using?

I'm on 919148f and It hooks SecCodeCheckValidityWithErrors just fine.

I use the following test_SecCode_hooking.c file for tests:

#include <stdio.h>
#include <assert.h>
#include <Security/Security.h>
#include "mach_override.h"

OSStatus my_SecCodeCheckValidityWithErrors(SecCodeRef a, SecCSFlags b, SecRequirementRef c, CFErrorRef* d)
{
    printf( "SEEMS LEGIT\n" );
    return KERN_SUCCESS;
}

int main( int argc, const char *argv[] ) {

    OSStatus (*orig_SecCodeCheckValidityWithErrors)(SecCodeRef, SecCSFlags, SecRequirementRef, CFErrorRef*) = NULL;
    int err = mach_override_ptr((void *)SecCodeCheckValidityWithErrors,
                                (void *)my_SecCodeCheckValidityWithErrors,
                                (void **)&orig_SecCodeCheckValidityWithErrors);

    assert(KERN_SUCCESS == err);

    int orig_return     = orig_SecCodeCheckValidityWithErrors(0, 0, 0 ,0);
    int my_return       = my_SecCodeCheckValidityWithErrors(0, 0, 0, 0);
    int straight_return = SecCodeCheckValidityWithErrors(0, 0, 0, 0);

    assert(orig_return != my_return);
    assert(my_return == straight_return);

    printf("success\n");
    return 0;
}

and the build command:

$ gcc -o build/test_gcc_x86_64 -m64 -framework Security *.c libudis86/*.c
$ build/test_gcc_x86_64

@tyilo
Copy link

tyilo commented Oct 21, 2014

I was using the unstable branch as I thought that was the newest version, as both test binaries created with rake build segfaults.
Using the semver-1.x branch works with your example however.

@rodionovd
Copy link

Yeah, unstable has lots of bugfixes and improvements, but semver-1.x uses a disassembly engine (libudis86), so it fixes all (or almost all) «Some instructions unknown» issues.

Weird situation.

There's a pull request for merging unstable into the main branch, but it's been around since last May…

/cc @rentzsch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants