| #!/usr/bin/python |
| |
| import lldb |
| import struct |
| |
| |
| class OperatingSystemPlugIn(object): |
| """Class that provides data for an instance of a LLDB 'OperatingSystemPython' plug-in class""" |
| |
| def __init__(self, process): |
| '''Initialization needs a valid.SBProcess object. |
| |
| This plug-in will get created after a live process is valid and has stopped for the |
| first time.''' |
| self.process = None |
| self.registers = None |
| self.threads = None |
| if isinstance(process, lldb.SBProcess) and process.IsValid(): |
| self.process = process |
| self.threads = None # Will be an dictionary containing info for each thread |
| |
| def get_target(self): |
| # NOTE: Don't use "lldb.target" when trying to get your target as the "lldb.target" |
| # tracks the current target in the LLDB command interpreter which isn't the |
| # correct thing to use for this plug-in. |
| return self.process.target |
| |
| def create_thread(self, tid, context): |
| if tid == 0x444444444: |
| thread_info = { |
| 'tid': tid, |
| 'name': 'four', |
| 'queue': 'queue4', |
| 'state': 'stopped', |
| 'stop_reason': 'none'} |
| self.threads.append(thread_info) |
| return thread_info |
| return None |
| |
| def get_thread_info(self): |
| if not self.threads: |
| # The sample dictionary below shows the values that can be returned for a thread |
| # tid => thread ID (mandatory) |
| # name => thread name (optional key/value pair) |
| # queue => thread dispatch queue name (optional key/value pair) |
| # state => thred state (mandatory, set to 'stopped' for now) |
| # stop_reason => thread stop reason. (mandatory, usually set to 'none') |
| # Possible values include: |
| # 'breakpoint' if the thread is stopped at a breakpoint |
| # 'none' thread is just stopped because the process is stopped |
| # 'trace' the thread just single stepped |
| # The usual value for this while threads are in memory is 'none' |
| # register_data_addr => the address of the register data in memory (optional key/value pair) |
| # Specifying this key/value pair for a thread will avoid a call to get_register_data() |
| # and can be used when your registers are in a thread context structure that is contiguous |
| # in memory. Don't specify this if your register layout in memory doesn't match the layout |
| # described by the dictionary returned from a call to the |
| # get_register_info() method. |
| self.threads = [{'tid': 0x111111111, |
| 'name': 'one', |
| 'queue': 'queue1', |
| 'state': 'stopped', |
| 'stop_reason': 'breakpoint'}, |
| {'tid': 0x222222222, |
| 'name': 'two', |
| 'queue': 'queue2', |
| 'state': 'stopped', |
| 'stop_reason': 'none'}, |
| {'tid': 0x333333333, |
| 'name': 'three', |
| 'queue': 'queue3', |
| 'state': 'stopped', |
| 'stop_reason': 'trace', |
| 'register_data_addr': 0x100000000}] |
| return self.threads |
| |
| def get_register_info(self): |
| if self.registers is None: |
| self.registers = dict() |
| triple = self.process.target.triple |
| if triple: |
| arch = triple.split('-')[0] |
| if arch == 'x86_64': |
| self.registers['sets'] = ['GPR', 'FPU', 'EXC'] |
| self.registers['registers'] = [ |
| {'name': 'rax', 'bitsize': 64, 'offset': 0, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 0, 'dwarf': 0}, |
| {'name': 'rbx', 'bitsize': 64, 'offset': 8, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 3, 'dwarf': 3}, |
| {'name': 'rcx', 'bitsize': 64, 'offset': 16, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 2, 'dwarf': 2, 'generic': 'arg4', 'alt-name': 'arg4', }, |
| {'name': 'rdx', 'bitsize': 64, 'offset': 24, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 1, 'dwarf': 1, 'generic': 'arg3', 'alt-name': 'arg3', }, |
| {'name': 'rdi', 'bitsize': 64, 'offset': 32, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 5, 'dwarf': 5, 'generic': 'arg1', 'alt-name': 'arg1', }, |
| {'name': 'rsi', 'bitsize': 64, 'offset': 40, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 4, 'dwarf': 4, 'generic': 'arg2', 'alt-name': 'arg2', }, |
| {'name': 'rbp', 'bitsize': 64, 'offset': 48, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 6, 'dwarf': 6, 'generic': 'fp', 'alt-name': 'fp', }, |
| {'name': 'rsp', 'bitsize': 64, 'offset': 56, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 7, 'dwarf': 7, 'generic': 'sp', 'alt-name': 'sp', }, |
| {'name': 'r8', 'bitsize': 64, 'offset': 64, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 8, 'dwarf': 8, 'generic': 'arg5', 'alt-name': 'arg5', }, |
| {'name': 'r9', 'bitsize': 64, 'offset': 72, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 9, 'dwarf': 9, 'generic': 'arg6', 'alt-name': 'arg6', }, |
| {'name': 'r10', 'bitsize': 64, 'offset': 80, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 10, 'dwarf': 10}, |
| {'name': 'r11', 'bitsize': 64, 'offset': 88, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 11, 'dwarf': 11}, |
| {'name': 'r12', 'bitsize': 64, 'offset': 96, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 12, 'dwarf': 12}, |
| {'name': 'r13', 'bitsize': 64, 'offset': 104, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 13, 'dwarf': 13}, |
| {'name': 'r14', 'bitsize': 64, 'offset': 112, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 14, 'dwarf': 14}, |
| {'name': 'r15', 'bitsize': 64, 'offset': 120, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 15, 'dwarf': 15}, |
| {'name': 'rip', 'bitsize': 64, 'offset': 128, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'gcc': 16, 'dwarf': 16, 'generic': 'pc', 'alt-name': 'pc'}, |
| {'name': 'rflags', 'bitsize': 64, 'offset': 136, 'encoding': 'uint', 'format': 'hex', 'set': 0, 'generic': 'flags', 'alt-name': 'flags'}, |
| {'name': 'cs', 'bitsize': 64, 'offset': 144, 'encoding': 'uint', 'format': 'hex', 'set': 0}, |
| {'name': 'fs', 'bitsize': 64, 'offset': 152, 'encoding': 'uint', 'format': 'hex', 'set': 0}, |
| {'name': 'gs', 'bitsize': 64, 'offset': 160, 'encoding': 'uint', 'format': 'hex', 'set': 0}, |
| ] |
| return self.registers |
| |
| def get_register_data(self, tid): |
| if tid == 0x111111111: |
| return struct.pack( |
| '21Q', |
| 1, |
| 2, |
| 3, |
| 4, |
| 5, |
| 6, |
| 7, |
| 8, |
| 9, |
| 10, |
| 11, |
| 12, |
| 13, |
| 14, |
| 15, |
| 16, |
| 17, |
| 18, |
| 19, |
| 20, |
| 21) |
| elif tid == 0x222222222: |
| return struct.pack( |
| '21Q', |
| 11, |
| 12, |
| 13, |
| 14, |
| 15, |
| 16, |
| 17, |
| 18, |
| 19, |
| 110, |
| 111, |
| 112, |
| 113, |
| 114, |
| 115, |
| 116, |
| 117, |
| 118, |
| 119, |
| 120, |
| 121) |
| elif tid == 0x333333333: |
| return struct.pack( |
| '21Q', |
| 21, |
| 22, |
| 23, |
| 24, |
| 25, |
| 26, |
| 27, |
| 28, |
| 29, |
| 210, |
| 211, |
| 212, |
| 213, |
| 214, |
| 215, |
| 216, |
| 217, |
| 218, |
| 219, |
| 220, |
| 221) |
| elif tid == 0x444444444: |
| return struct.pack( |
| '21Q', |
| 31, |
| 32, |
| 33, |
| 34, |
| 35, |
| 36, |
| 37, |
| 38, |
| 39, |
| 310, |
| 311, |
| 312, |
| 313, |
| 314, |
| 315, |
| 316, |
| 317, |
| 318, |
| 319, |
| 320, |
| 321) |
| else: |
| return struct.pack( |
| '21Q', |
| 41, |
| 42, |
| 43, |
| 44, |
| 45, |
| 46, |
| 47, |
| 48, |
| 49, |
| 410, |
| 411, |
| 412, |
| 413, |
| 414, |
| 415, |
| 416, |
| 417, |
| 418, |
| 419, |
| 420, |
| 421) |
| return None |