| #!/usr/bin/env python |
| |
| import lldb |
| import struct |
| |
| |
| class OperatingSystemPlugIn(object): |
| """Class that provides data for an instance of a LLDB 'OperatingSystemPython' plug-in class""" |
| |
| def __init__(self, process): |
| """Initialization needs a valid.SBProcess object. |
| |
| This plug-in will get created after a live process is valid and has stopped for the |
| first time.""" |
| self.process = None |
| self.registers = None |
| self.threads = None |
| if isinstance(process, lldb.SBProcess) and process.IsValid(): |
| self.process = process |
| self.threads = None # Will be an dictionary containing info for each thread |
| |
| def get_target(self): |
| # NOTE: Don't use "lldb.target" when trying to get your target as the "lldb.target" |
| # tracks the current target in the LLDB command interpreter which isn't the |
| # correct thing to use for this plug-in. |
| return self.process.target |
| |
| def create_thread(self, tid, context): |
| if tid == 0x444444444: |
| thread_info = { |
| "tid": tid, |
| "name": "four", |
| "queue": "queue4", |
| "state": "stopped", |
| "stop_reason": "none", |
| } |
| self.threads.append(thread_info) |
| return thread_info |
| return None |
| |
| def get_thread_info(self): |
| if not self.threads: |
| # The sample dictionary below shows the values that can be returned for a thread |
| # tid => thread ID (mandatory) |
| # name => thread name (optional key/value pair) |
| # queue => thread dispatch queue name (optional key/value pair) |
| # state => thred state (mandatory, set to 'stopped' for now) |
| # stop_reason => thread stop reason. (mandatory, usually set to 'none') |
| # Possible values include: |
| # 'breakpoint' if the thread is stopped at a breakpoint |
| # 'none' thread is just stopped because the process is stopped |
| # 'trace' the thread just single stepped |
| # The usual value for this while threads are in memory is 'none' |
| # register_data_addr => the address of the register data in memory (optional key/value pair) |
| # Specifying this key/value pair for a thread will avoid a call to get_register_data() |
| # and can be used when your registers are in a thread context structure that is contiguous |
| # in memory. Don't specify this if your register layout in memory doesn't match the layout |
| # described by the dictionary returned from a call to the |
| # get_register_info() method. |
| self.threads = [ |
| { |
| "tid": 0x111111111, |
| "name": "one", |
| "queue": "queue1", |
| "state": "stopped", |
| "stop_reason": "breakpoint", |
| }, |
| { |
| "tid": 0x222222222, |
| "name": "two", |
| "queue": "queue2", |
| "state": "stopped", |
| "stop_reason": "none", |
| }, |
| { |
| "tid": 0x333333333, |
| "name": "three", |
| "queue": "queue3", |
| "state": "stopped", |
| "stop_reason": "trace", |
| }, |
| ] |
| return self.threads |
| |
| def get_register_info(self): |
| if self.registers is None: |
| self.registers = dict() |
| self.registers["sets"] = ["GPR"] |
| self.registers["registers"] = [ |
| { |
| "name": "rax", |
| "bitsize": 64, |
| "offset": 0, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 0, |
| "dwarf": 0, |
| }, |
| { |
| "name": "rbx", |
| "bitsize": 64, |
| "offset": 8, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 3, |
| "dwarf": 3, |
| }, |
| { |
| "name": "rcx", |
| "bitsize": 64, |
| "offset": 16, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 2, |
| "dwarf": 2, |
| "generic": "arg4", |
| "alt-name": "arg4", |
| }, |
| { |
| "name": "rdx", |
| "bitsize": 64, |
| "offset": 24, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 1, |
| "dwarf": 1, |
| "generic": "arg3", |
| "alt-name": "arg3", |
| }, |
| { |
| "name": "rdi", |
| "bitsize": 64, |
| "offset": 32, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 5, |
| "dwarf": 5, |
| "generic": "arg1", |
| "alt-name": "arg1", |
| }, |
| { |
| "name": "rsi", |
| "bitsize": 64, |
| "offset": 40, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 4, |
| "dwarf": 4, |
| "generic": "arg2", |
| "alt-name": "arg2", |
| }, |
| { |
| "name": "rbp", |
| "bitsize": 64, |
| "offset": 48, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 6, |
| "dwarf": 6, |
| "generic": "fp", |
| "alt-name": "fp", |
| }, |
| { |
| "name": "rsp", |
| "bitsize": 64, |
| "offset": 56, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 7, |
| "dwarf": 7, |
| "generic": "sp", |
| "alt-name": "sp", |
| }, |
| { |
| "name": "r8", |
| "bitsize": 64, |
| "offset": 64, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 8, |
| "dwarf": 8, |
| "generic": "arg5", |
| "alt-name": "arg5", |
| }, |
| { |
| "name": "r9", |
| "bitsize": 64, |
| "offset": 72, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 9, |
| "dwarf": 9, |
| "generic": "arg6", |
| "alt-name": "arg6", |
| }, |
| { |
| "name": "r10", |
| "bitsize": 64, |
| "offset": 80, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 10, |
| "dwarf": 10, |
| }, |
| { |
| "name": "r11", |
| "bitsize": 64, |
| "offset": 88, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 11, |
| "dwarf": 11, |
| }, |
| { |
| "name": "r12", |
| "bitsize": 64, |
| "offset": 96, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 12, |
| "dwarf": 12, |
| }, |
| { |
| "name": "r13", |
| "bitsize": 64, |
| "offset": 104, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 13, |
| "dwarf": 13, |
| }, |
| { |
| "name": "r14", |
| "bitsize": 64, |
| "offset": 112, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 14, |
| "dwarf": 14, |
| }, |
| { |
| "name": "r15", |
| "bitsize": 64, |
| "offset": 120, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 15, |
| "dwarf": 15, |
| }, |
| { |
| "name": "rip", |
| "bitsize": 64, |
| "offset": 128, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "gcc": 16, |
| "dwarf": 16, |
| "generic": "pc", |
| "alt-name": "pc", |
| }, |
| { |
| "name": "rflags", |
| "bitsize": 64, |
| "offset": 136, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| "generic": "flags", |
| "alt-name": "flags", |
| }, |
| { |
| "name": "cs", |
| "bitsize": 64, |
| "offset": 144, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| }, |
| { |
| "name": "fs", |
| "bitsize": 64, |
| "offset": 152, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| }, |
| { |
| "name": "gs", |
| "bitsize": 64, |
| "offset": 160, |
| "encoding": "uint", |
| "format": "hex", |
| "set": 0, |
| }, |
| ] |
| return self.registers |
| |
| def get_register_data(self, tid): |
| return struct.pack( |
| "21Q", |
| tid + 1, |
| tid + 2, |
| tid + 3, |
| tid + 4, |
| tid + 5, |
| tid + 6, |
| tid + 7, |
| tid + 8, |
| tid + 9, |
| tid + 10, |
| tid + 11, |
| tid + 12, |
| tid + 13, |
| tid + 14, |
| tid + 15, |
| tid + 16, |
| tid + 17, |
| tid + 18, |
| tid + 19, |
| tid + 20, |
| tid + 21, |
| ) |