forked from apple/darwin-xnu
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kdp.py
executable file
·285 lines (258 loc) · 11.6 KB
/
kdp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
from xnu import *
from utils import *
import sys
def GetKDPPacketHeaderInt(request=0, is_reply=False, seq=0, length=0, key=0):
""" create a 64 bit number that could be saved as pkt_hdr_t
params:
request:int - 7 bit kdp_req_t request type
is_reply:bool - False => request, True => reply
seq: int - 8 sequence number within session
length: int - 16 bit length of entire pkt including hdr
key: int - session key
returns:
int - 64 bit number to be saved in memory
"""
retval = request
if is_reply:
retval = 1<<7 |retval
retval = (seq << 8) | retval
retval = (length << 16) | retval
#retval = (retval << 32) | key
retval = (key << 32) | retval
return retval
def KDPDumpInfo(subcmd, file_name="", dest_ip="", router_ip="", port=0):
""" Setup the state for DUMP INFO commands for sending coredump etc
"""
if "kdp" != GetConnectionProtocol():
print "Target is not connected over kdp. Nothing to do here."
return False
input_address = unsigned(addressof(kern.globals.manual_pkt.input))
len_address = unsigned(addressof(kern.globals.manual_pkt.len))
data_address = unsigned(addressof(kern.globals.manual_pkt.data))
if not WriteInt32ToMemoryAddress(0, input_address):
return False
kdp_pkt_size = GetType('kdp_dumpinfo_req_t').GetByteSize()
if not WriteInt32ToMemoryAddress(kdp_pkt_size, len_address):
return False
data_addr = int(addressof(kern.globals.manual_pkt))
pkt = kern.GetValueFromAddress(data_addr, 'kdp_dumpinfo_req_t *')
if len(file_name) > 49:
file_name = file_name[:49]
if len(dest_ip) > 15:
dest_ip = dest_ip[:15]
if len(router_ip) > 15:
router_ip = router_ip[:15]
header_value =GetKDPPacketHeaderInt(request=GetEnumValue('kdp_req_t::KDP_DUMPINFO'), length=kdp_pkt_size)
# 0x1f is same as KDP_DUMPINFO
if ( WriteInt64ToMemoryAddress((header_value), int(addressof(pkt.hdr))) and
WriteInt32ToMemoryAddress(subcmd, int(addressof(pkt.type))) and
WriteStringToMemoryAddress(file_name, int(addressof(pkt.name))) and
WriteStringToMemoryAddress(dest_ip, int(addressof(pkt.destip))) and
WriteStringToMemoryAddress(router_ip, int(addressof(pkt.routerip)))
):
#We have saved important data successfully
if port > 0:
if not WriteInt32ToMemoryAddress(port, int(addressof(pkt.port))):
return False
if WriteInt32ToMemoryAddress(1, input_address):
return True
return False
@lldb_command('sendcore')
def KDPSendCore(cmd_args=None):
""" Configure kernel to send a coredump to the specified IP
Syntax: sendcore <IP address> [filename]
Configure the kernel to transmit a kernel coredump to a server (kdumpd)
at the specified IP address. This is useful when the remote target has
not been previously configured to transmit coredumps, and you wish to
preserve kernel state for later examination. NOTE: You must issue a "continue"
command after using this macro to trigger the kernel coredump. The kernel
will resume waiting in the debugger after completion of the coredump. You
may disable coredumps by executing the "disablecore" macro. You can
optionally specify the filename to be used for the generated core file.
"""
if cmd_args == None or len(cmd_args) < 1:
print KDPSendCore.__doc__
return False
ip_address = cmd_args[0]
filename=""
if len(cmd_args) >=2:
filename = cmd_args[1].strip()
retval = KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_CORE'), file_name=filename, dest_ip=ip_address)
if retval:
print "Remote system has been setup for coredump. Please detach/continue the system. "
return True
else:
print "Something went wrong. Failed to setup the coredump on the target."
return False
@lldb_command('sendsyslog')
def KDPSendSyslog(cmd_args=None):
""" Configure kernel to send a system log to the specified IP
Syntax: sendsyslog <IP address> [filename]
Configure the kernel to transmit a kernel system log to a server (kdumpd)
at the specified IP address. NOTE: You must issue a "continue"
command after using this macro to trigger the kernel system log. The kernel
will resume waiting in the debugger after completion. You can optionally
specify the name to be used for the generated system log.
"""
if cmd_args == None or len(cmd_args) < 1:
print KDPSendSyslog.__doc__
return False
ip_address = cmd_args[0]
filename =""
if len(cmd_args) >=2:
filename = cmd_args[1].strip()
retval = KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_SYSTEMLOG'), file_name = filename, dest_ip = ip_address)
if retval:
print "Remote system has been setup to send system log. please detach/continue the system."
return True
else:
print "Something went wrong. Failed to setup the systemlog on the target."
return False
@lldb_command('sendpaniclog')
def KDPSendPaniclog(cmd_args=None):
""" Configure kernel to send a panic log to the specified IP
Syntax: sendpaniclog <IP address> [filename]
Configure the kernel to transmit a kernel paniclog to a server (kdumpd)
at the specified IP address. NOTE: You must issue a "continue"
command after using this macro to trigger the kernel panic log. The kernel
will resume waiting in the debugger after completion. You can optionally
specify the name to be used for the generated panic log.
"""
if cmd_args == None or len(cmd_args) < 1:
print KDPSendPaniclog.__doc__
return False
ip_address = cmd_args[0]
filename =""
if len(cmd_args) >=2:
filename = cmd_args[1].strip()
retval = KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_PANICLOG'), file_name = filename, dest_ip = ip_address)
if retval:
print "Remote system has been setup to send panic log. please detach/continue the system."
return True
else:
print "Something went wrong. Failed to setup the paniclog on the target."
return False
@lldb_command('disablecore')
def KDPDisableCore(cmd_args=None):
""" Configure the kernel to disable coredump transmission
Reconfigures the kernel so that it no longer transmits kernel coredumps. This
complements the "sendcore" macro, but it may be used if the kernel has been
configured to transmit coredumps through boot-args as well.
"""
retval = KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_DISABLE'))
if retval :
print "Disabled coredump functionality on remote system."
else:
print "Failed to disable coredump functionality."
return retval
@lldb_command('resume_on')
def KDPResumeON(cmd_args=None):
""" The target system will resume when detaching or exiting from lldb.
This is the default behavior.
"""
subcmd = GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_SETINFO') | GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_RESUME')
retval = KDPDumpInfo(subcmd)
if retval :
print "Target system will resume on detaching from lldb."
else:
print "Failed to enable resume functionality."
return retval
@lldb_command('resume_off')
def KDPResumeOFF(cmd_args=None):
""" The target system will not resume when detaching or exiting from lldb.
"""
subcmd = GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_SETINFO') | GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_NORESUME')
retval = KDPDumpInfo(subcmd)
if retval :
print "Target system will not resume on detaching from lldb."
else:
print "Failed to disable resume functionality."
return retval
@lldb_command('getdumpinfo')
def KDPGetDumpInfo(cmd_args=None):
""" Retrieve the current remote dump settings.
"""
if not KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_GETINFO')):
print "Failed to get dump settings."
return False
dumpinfo = Cast(addressof(kern.globals.manual_pkt.data), 'kdp_dumpinfo_reply_t *')
target_dump_type = int(dumpinfo.type)
if target_dump_type & GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_REBOOT'):
print "System will reboot after kernel info gets dumped."
else:
print "System will not reboot after kernel info gets dumped."
if target_dump_type & GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_RESUME'):
print "System will allow a re-attach after KDP disconnect."
else:
print "System will not allow a re-attach after KDP disconnect."
target_dump_type = target_dump_type & GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_MASK')
if target_dump_type == GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_DISABLE'):
print "Kernel not setup for remote dumps."
else:
kern_dump_type = ''
if target_dump_type == GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_CORE'):
kern_dump_type = "Core File"
elif target_dump_type == GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_PANICLOG'):
kern_dump_type = "Panic Log"
elif target_dump_type == GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_SYSTEMLOG'):
kern_dump_type = "System Log"
print "Kernel dump type:" + kern_dump_type
fname = "(autogenerated)"
if int(dumpinfo.name[0]) != 0:
fname = str(dumpinfo.name)
print "Filename: " + fname
print "Network Info: {:s} [{:d}] , Router: {:s}".format(dumpinfo.destip, dumpinfo.port, dumpinfo.routerip)
# end of get dump info
@lldb_command('kdp-reenter')
def KDPReenter(cmd_args=None):
""" Schedules reentry into the debugger
after <seconds> seconds, and resumes the target.
usage: kdp-reenter <seconds>
"""
if len(cmd_args) < 1:
print "Please provide valid time in seconds"
print KDPReenter.__doc__
return False
if "kdp" != GetConnectionProtocol():
print "Target is not connected over kdp. Nothing to do here."
return False
num_seconds = ArgumentStringToInt(cmd_args[0])
milliseconds_to_sleep = num_seconds * 1000
if WriteInt32ToMemoryAddress(milliseconds_to_sleep, addressof(kern.globals.kdp_reentry_deadline)):
lldb.debugger.HandleCommand('process continue')
return True
print "Failed to setup kdp-reentry."
return False
@lldb_command('kdp-reboot')
def KDPReboot(cmd_args=None):
""" Restart the remote target
"""
if "kdp" != GetConnectionProtocol():
print "Target is not connected over kdp. Nothing to do here."
return False
print "Rebooting the remote machine."
lldb.debugger.HandleCommand('process plugin packet send --command 0x13')
lldb.debugger.HandleCommand('detach')
return True
@lldb_command('setdumpinfo')
def KDPSetDumpInfo(cmd_args=None):
""" Configure the current remote dump settings.
Specify "" if you want to use the defaults (filename) or previously configured
settings (ip/router). Specify 0 for the port if you wish to
use the previously configured/default setting for that.
Syntax: setdumpinfo <filename> <ip> <router> <port>
"""
if not cmd_args:
print KDPSetDumpInfo.__doc__
return False
if len(cmd_args) < 4:
print "Not enough arguments."
print KDPSetDumpInfo.__doc__
return False
portnum = ArgumentStringToInt(cmd_args[3])
retval = KDPDumpInfo(GetEnumValue('kdp_dumpinfo_t::KDP_DUMPINFO_SETINFO'), cmd_args[0], cmd_args[1], cmd_args[2], portnum)
if retval:
print "Successfully saved the dumpinfo."
else:
print "Failed to save the dumpinfo."
return retval