NoteZ
NoteZ copied to clipboard
jmpews
notebook base on github issue
#### Prologue #### Refer ``` https://wikileaks.org/ciav7p1/cms/page_14588660.html #kext debug https://rednaga.io/2017/04/09/remote_kext_debugging/ ``` #### _Start ``` debugStub.listen.guest64 = "TRUE" #enable the gdb remote listener (so we can debug from another VM or machine)...
## Prologue ``` op NOT vixl NOT Android NOT V8 filename:arm64 extension:cc ``` ## Read !!! ``` https://github.com/tspink/vrt https://github.com/xvisor/xvisor ``` ## Manual!! ``` https://github.com/mozilla/gecko-dev.git ```
## Prologue 最近希望能从 llvm 抽出来一个定制的精简 disassembler, 通过研究发现指令的信息放在 `AArch64InstrInfo.td` 但是如何从 `AArch64InstrInfo.td` 生成我们需要格式需要参考 TableGen 的使用. 这里可以参考 `llvm/cmake/modules/TableGen.cmake` 以及 `https://llvm.org/docs/TableGen/index.html#id5` ## Somniloquy 对于指令的TableGen源码/文档参考 ``` llvm/utils/TableGen/TableGen.cpp llvm/lib/Target/AArch64/AArch64InstrInfo.td llvm/lib/Target/AArch64/AArch64InstrFormats.td llvm/docs/TableGen/LangIntro.rst ``` 简单 `llvm-tblgen` 的使用演示 `/Users/jmpews/project/llvm/build/Debug/bin/llvm-tblgen...
## Prologue [google TEE](https://source.android.com/security/trusty/), [Android Bootloader]() 都是基于 LK(little kernel). ## Somniloquy ##
## Prologue ## Architecture Manual #### x86_64 & Intel https://software.intel.com/zh-cn/articles/intel-sdm #### x86_64 & AMD https://support.amd.com/en-us/search/tech-docs#k= http://support.amd.com/TechDocs/24592.pdf #### ARMv8 # all manual is here https://developer.arm.com/products/architecture/cpu-architecture/a-profile/docs/den0024/a https://developer.arm.com/products/architecture/cpu-architecture/a-profile/docs
## Prologue ## Somniloquy UEFI 是在烧在 firmware 里的, 由 firmware 里的 UEFI 查找/加载 `ESP` 分区里的 `efi bootloader`. 但是对于 Legacy BIOS 需要借助 `tianocore duet` 实现 emulate UEFI 才能 加载运行 `efi bootloader`...
## Prologue **Saitama aka 琦玉老师** 在阅读 , , 构造了一个 kernel. 两本书/视频, 都是非常好的教材. 更偏向基础, 更偏向基础和实用的结合, 是非常非常好的一本书, 讲的非常详细. ## Kernel 处理流程 #### bootloader 处理 BIOS 仅仅从磁盘中加载 1st sector 到 0x7c00, 在这 512...
``` https://github.com/jindaw/game_sources/blob/b88e74a728d87d6d5e50f82b6c509ce03bace37d/KOF/GameBox/GameBox/GameEngine/MemoryAllocator.h https://github.com/Martinsos/dna-assembly https://github.com/nicerepo/maniacj/blob/master/jni/vendor/llvm-libc%2B%2B/directory_iterator.cc https://github.com/Bassstring/llvm_mpi_checks/blob/a42b1a4d0c750cd54272f0745d1fa07814e92bac/tools/clang/lib/CodeGen/ItaniumCXXABI.cpp https://gist.github.com/tonosaman/8607802de06d5bb74e9ee5fb35d46ed4 https://wiki.aalto.fi/display/EmbeddedLinux/Debugging+Raspberry+Pi+Linux+kernel+with+JTAG+and+GDB https://github.com/mgottschlag/rpi-swd https://github.com/phire/pimon # debug uboot http://www.gabrielgonzalezgarcia.com/2012/10/28/debugging-u-boot-after-relocating-to-ram-on-arm/ # debug uefi https://github.com/tianocore/tianocore.github.io/wiki/How-to-debug-OVMF-with-QEMU-using-GDB # linux kernel debug https://www.youtube.com/watch?v=pqn5hIrz3A8 # windows kernel debug https://www.youtube.com/watch?v=8sVZsxoCpSc # qemu kernel...
## Prologue **RTFM!!!** ## abbr. VMSA == Virtual Memory System Architecture MMU == Memory Management Unit VAs == virtual addresses PAs == physical addresses TLB == Translation Lookaside Buffer ##...
## Prologue ## Somniloquy ## Kernel Protection ``` http://newosxbook.com/files/LendMeYourTaskPort.pdf ``` #### Entitlements 有些 ent 是不允许签上, 不能通过 `AMDeviceSecureInstallApplication` 校验. 比如: ``` run-unsigned-code dynamic-codesigning com.apple.private.skip-library-validation ``` 具体可以参考 `Security-58286.41.2/OSX/include/security_codesigning/signer.cpp` 等 `Security` 目录下的一些代码. 这里有篇文章讲解,...