wip

Author: emesare

view/sharedcache/core/Dyld.h

@@ -117,6 +117,8 @@ struct PACKED_STRUCT dyld_cache_image_info
 	uint64_t inode;
 	uint32_t pathFileOffset;
 	uint32_t pad;
+
+	bool operator==(const dyld_cache_image_info & image) const;
 };
 
 union dyld_cache_slide_pointer5

view/sharedcache/core/MachO.cpp

@@ -4,6 +4,7 @@
 #include <utility>
 
 #include "SharedCache.h"
+#include "SlideInfo.h"
 #include "VirtualMemory.h"
 
 using namespace BinaryNinja;
@@ -25,7 +26,7 @@ std::optional<SharedCacheMachOHeader> SharedCacheMachOProcessor::ParseHeaderForA
 	header.textBase = address;
 	header.installName = imagePath;
 	// The identifierPrefix is used for the display of the image name in the sections and segments.
-	header.identifierPrefix = ImageName(imagePath);
+	header.identifierPrefix = FileName(imagePath);
 
 	std::string errorMsg;
 	VirtualMemoryReader reader(m_vm);
@@ -510,22 +511,8 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 uint64_t SharedCacheMachOHeader::ApplyHeaderSections(Ref<BinaryView> view)
 {
 	auto initSection = [&](const section_64& section, const std::string& sectionName) {
-		bool skip = false;
-		// TODO: The memory region for the header needs to be available.
-		// Find out if we even need to add the section, i.e. is the region available?
-		// TODO: What does this _actually_ do???
-		// for (const auto& region : regionsToLoad)
-		// {
-		// 	if (section.addr >= region->start && section.addr < region->start + region->size)
-		// 	{
-		// 		if (MemoryRegionIsHeaderInitialized(lock, *region))
-		// 			skip = true;
-		// 		break;
-		// 	}
-		// }
-
 		auto existingSections = view->GetSectionsAt(section.addr);
-		if (!section.size || skip || !existingSections.empty())
+		if (!section.size || !existingSections.empty())
 			return false;
 
 		std::string type;

view/sharedcache/core/MappedFileAccessor.cpp

@@ -15,6 +15,7 @@ std::shared_ptr<MappedFileAccessor> MappedFileAccessor::Open(const std::string&
 
 void MappedFileAccessor::WritePointer(size_t address, size_t pointer)
 {
+    m_dirty = true;
     *reinterpret_cast<size_t *>(&m_file._mmap[address]) = pointer;
 }
 

view/sharedcache/core/MappedFileAccessor.h

@@ -15,6 +15,7 @@ class UnmappedAccessException : public std::exception  {
 // std::enable_shared_from_this allows weak pointers to "revive" the shared pointer in the FileAccessorCache.
 class MappedFileAccessor : public std::enable_shared_from_this<MappedFileAccessor> {
 	MappedFile m_file;
+	bool m_dirty = false;
 
 public:
 	explicit MappedFileAccessor(MappedFile file) : m_file(std::move(file)) {}
@@ -33,6 +34,8 @@ class MappedFileAccessor : public std::enable_shared_from_this<MappedFileAccesso
 
     void *Data() const { return m_file._mmap; };
 
+	bool IsDirty() const { return m_dirty; }
+
 	/**
 	 * Writes to files are implemented for performance reasons and should be treated with utmost care
 	 *

view/sharedcache/core/ObjC.cpp

@@ -122,7 +122,6 @@ std::optional<ObjCOptimizationHeader> DSCObjCProcessor::GetObjCOptimizationHeade
 
 	ObjCOptimizationHeader header = {};
 	// Ignoring `objcOptsSize` in favor of `sizeof(ObjCOptimizationHeader)` matches dyld's behavior.
-	// TODO: base address is wild... why does that work?????
 	reader.Read(&header, m_cache->GetBaseAddress() + primaryCacheHeader->objcOptsOffset, sizeof(ObjCOptimizationHeader));
 
 	return header;

view/sharedcache/core/SharedCache.cpp

@@ -2,9 +2,9 @@
 
 #include <regex>
 #include <__filesystem/directory_iterator.h>
-#include <__filesystem/operations.h>
 
 #include "MachO.h"
+#include "SlideInfo.h"
 
 using namespace BinaryNinja;
 
@@ -99,6 +99,11 @@ std::optional<CacheEntry> CacheEntry::FromFile(const std::string& filePath, Cach
     return CacheEntry(filePath, type, header, mappings, images);
 }
 
+WeakFileAccessor CacheEntry::GetAccessor() const
+{
+    return FileAccessorCache::Global().Open(m_filePath);
+}
+
 SharedCache::SharedCache()
 {
     m_vm = std::make_shared<VirtualMemory>();
@@ -171,8 +176,14 @@ CacheEntryId SharedCache::AddEntry(CacheEntry entry)
     // read the memory of the mapped regions of the cache entry file.
     const auto& mappings = entry.GetMappings();
     for (const auto& mapping: mappings)
+    {
         m_vm->MapRegion(fileAccessor, {mapping.address, mapping.address + mapping.size}, mapping.fileOffset);
 
+        // Recalculate the base address.
+        if (mapping.address < m_baseAddress)
+            m_baseAddress = mapping.address;
+    }
+
     // We are done and can make the entry visible to the entire cache.
     m_entries.insert({id, std::move(entry)});
     return id;
@@ -192,6 +203,13 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
     auto machoProcessor = SharedCacheMachOProcessor(m_vm);
 
     auto entryHeader = entry.GetHeader();
+
+    // Apply slide info while we are processing.
+    // TODO: If this file gets evicted our writes go away, move this to some place visible to the weak file accessor.
+    auto fileLock = entry.GetAccessor().lock();
+    auto slideInfoProcessor = SlideInfoProcessor(GetBaseAddress());
+    slideInfoProcessor.ProcessEntryInfo(entry);
+
     // Collect pool addresses as non image memory regions.
     for (size_t i = 0; i < entryHeader.branchPoolsCount; i++)
     {
@@ -222,8 +240,6 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
 
     // Get the mapping.
     const auto& entryMappings = entry.GetMappings();
-    // TODO: We probably just want to get the file _name_
-    const auto& entryFilePath = entry.GetFilePath();
 
     // DyldData, we should take all the mappings and make some regions for them!
     if (entry.GetType() == CacheEntryType::DyldData)
@@ -234,10 +250,7 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
             CacheRegion mappingRegion;
             mappingRegion.start = mapping.address;
             mappingRegion.size = mapping.size;
-            // auto pathBasename = subCachePath.substr(subCachePath.find_last_of("/\\") + 1);
-            // TODO: Is the filepath here the entire disk path?
-            // TODO: We probably just want something else...
-            mappingRegion.name = fmt::format("{}::_data{}", entryFilePath, i);
+            mappingRegion.name = fmt::format("{}::_data{}", entry.GetFileName(), i);
             mappingRegion.flags = SegmentReadable;
             mappingRegion.type = CacheRegionType::DyldData;
 
@@ -253,9 +266,7 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
         CacheRegion stubIslandRegion;
         stubIslandRegion.start = stubMapping.address;
         stubIslandRegion.size = stubMapping.size;
-        // auto pathBasename = subCachePath.substr(subCachePath.find_last_of("/\\") + 1);
-        // TODO: Is the filepath here the entire disk path?
-        stubIslandRegion.name = fmt::format("{}::_stubs", entryFilePath);
+        stubIslandRegion.name = fmt::format("{}::_stubs", entry.GetFileName());
         stubIslandRegion.flags = static_cast<BNSegmentFlag>(SegmentReadable | SegmentExecutable);
         stubIslandRegion.type = CacheRegionType::StubIsland;
 
@@ -329,16 +340,37 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
 
         AddImage(std::move(image));
     }
+
+    // TODO: See note above about slide info writes.
+    fileLock.get();
 }
 
-uint64_t SharedCache::GetBaseAddress() const
+std::optional<CacheEntry> SharedCache::GetEntryContaining(const uint64_t address) const
 {
-    uint64_t lowestAddress = std::numeric_limits<uint64_t>::max();
-    for (const auto &[_, entry]: m_entries)
-        for (const auto &mapping: entry.GetMappings())
-            if (mapping.address < lowestAddress)
-                lowestAddress = mapping.address;
-    return lowestAddress != std::numeric_limits<uint64_t>::max() ? lowestAddress : 0;
+    for (const auto& entry : m_entries)
+    {
+        for (const auto& mapping : entry.second.GetMappings())
+        {
+            if (address >= mapping.address && address < mapping.address + mapping.size)
+                return entry.second;
+        }
+    }
+
+    return std::nullopt;
+}
+
+std::optional<CacheEntry> SharedCache::GetEntryWithImage(const CacheImage &image) const
+{
+    for (const auto& entry : m_entries)
+    {
+        for (const auto& [_, currentImage] : entry.second.GetImages())
+        {
+            if (currentImage.address == image.headerAddress)
+                return entry.second;
+        }
+    }
+
+    return std::nullopt;
 }
 
 std::optional<CacheRegion> SharedCache::GetRegionAt(const uint64_t address) const
@@ -415,41 +447,6 @@ bool CacheProcessor::ProcessCache(SharedCache& cache)
     if (!baseEntry.has_value())
         return false;
 
-    // Identify if we are dealing with multiple files or just this one.
-    auto baseHeader = baseEntry->GetHeader();
-
-    enum CacheFormat
-    {
-        RegularCacheFormat = 0,
-        // TODO: Why do these need to be separate ugh.
-        LargeCacheFormat,
-        SplitCacheFormat,
-        iOS16CacheFormat,
-    };
-
-    // TODO: The only real difference we need is if imagesCountOld is not zero dont search for other files I think?
-    CacheFormat cacheFormat = RegularCacheFormat;
-    if (baseHeader.imagesCountOld != 0)
-        cacheFormat = RegularCacheFormat;
-
-    size_t subCacheOff = offsetof(struct dyld_cache_header, subCacheArrayOffset);
-    size_t headerEnd = baseHeader.mappingOffset;
-    if (headerEnd > subCacheOff)
-    {
-        if (baseHeader.cacheType != 2)
-        {
-            if (std::filesystem::exists(ResolveFilePath(m_view, baseFilePath + ".01")))
-                cacheFormat = LargeCacheFormat;
-            else
-                cacheFormat = SplitCacheFormat;
-        }
-        else
-            cacheFormat = iOS16CacheFormat;
-    }
-
-    // TODO: Make this debug.
-    LogInfo("Cache Format: %d\n", cacheFormat);
-
     // Before we do anything else, add this to the cache so it's available to other entries.
     cache.AddEntry(std::move(*baseEntry));
 
@@ -459,19 +456,20 @@ bool CacheProcessor::ProcessCache(SharedCache& cache)
     // NOTE: This is extremely error-prone!
     // We are going to start trying to find files next to this one on disk!
     std::filesystem::path basePath = std::filesystem::path(baseFilePath).parent_path();
+    std::string pattern = fmt::format(".*{}\\.([0-9]+|symbols|dylddata)$", FileName(baseFilePath));
+    auto subCachePattern = std::regex(pattern);
     for (const auto &entry : std::filesystem::directory_iterator(basePath))
     {
         if (!entry.is_regular_file())
             continue;
 
+        // Skip the base file itself
         auto currentFilePath = entry.path().string();
         if (currentFilePath == baseFilePath)
-            continue; // Skip the base file itself
+            continue;
 
         // Filter files that dont end with .NUMBER or .symbols or .dylddata
-        // TODO: Running this regex on a directory with 10000 files aint gonna go well.
-        // TODO: Remove this LMAO
-        if (!std::regex_match(currentFilePath, std::regex(".*\\.([0-9]+|symbols|dylddata)$")))
+        if (!std::regex_match(currentFilePath, subCachePattern))
             continue;
 
         auto additionalEntry = CacheEntry::FromFile(currentFilePath, CacheEntryType::Secondary);

view/sharedcache/core/SharedCache.h

@@ -99,7 +99,7 @@ struct CacheImage
 	CacheImage& operator=(CacheImage&& other) noexcept = default;
 
 	// Get the file name from the path.
-	std::string GetName() const { return ImageName(path); }
+	std::string GetName() const { return FileName(path); }
 };
 
 enum class CacheEntryType
@@ -143,8 +143,13 @@ class CacheEntry
 	static std::optional<CacheEntry> FromFile(const std::string& filePath, CacheEntryType type);
 	// TODO: From Project file?
 
+	WeakFileAccessor GetAccessor() const;
+
 	CacheEntryType GetType() const { return m_type; }
+	// Ex. "/myuser/mypath/dyld_shared_cache_arm64e"
 	const std::string& GetFilePath() const { return m_filePath; }
+	// Ex. "dyld_shared_cache_arm64e"
+	const std::string GetFileName() const { return FileName(m_filePath); }
 	const dyld_cache_header& GetHeader() const { return m_header; }
 	const std::vector<dyld_cache_mapping_info>& GetMappings() const { return m_mappings; }
 	const std::unordered_map<std::string, dyld_cache_image_info>& GetImages() const { return m_images; }
@@ -161,6 +166,7 @@ typedef uint32_t CacheEntryId;
 // Creating this is expensive, both in actual processing and just copying, so we only generate this
 // once every time the database is open.
 class SharedCache {
+	uint64_t m_baseAddress = 0;
 	// TODO: Figure out when to lock the mutex on this shit lmfao
 	// The shared cache can own the virtual memory, this is fine...
 	std::shared_ptr<VirtualMemory> m_vm;
@@ -177,6 +183,7 @@ class SharedCache {
 public:
 	explicit SharedCache();
 
+	uint64_t GetBaseAddress() const { return m_baseAddress; }
 	std::shared_ptr<VirtualMemory> GetVirtualMemory() { return m_vm; }
 	const std::unordered_map<CacheEntryId, CacheEntry>& GetEntries() const { return m_entries; }
 	const AddressRangeMap<CacheRegion>& GetRegions() const { return m_regions; }
@@ -208,8 +215,8 @@ class SharedCache {
 	// TODO: We need a separate "get all objc sections" and then just a ProcessObjCSection
 	void ProcessAllObjCSections();
 
-	// Get the lowest mapped address, this is useful for some reason?
-	uint64_t GetBaseAddress() const;
+	std::optional<CacheEntry> GetEntryContaining(uint64_t address) const;
+	std::optional<CacheEntry> GetEntryWithImage(const CacheImage& image) const;
 
 	std::optional<CacheRegion> GetRegionAt(uint64_t address) const;
 	std::optional<CacheRegion> GetRegionContaining(uint64_t address) const;