r2frida icon indicating copy to clipboard operation
r2frida copied to clipboard

Published 20 hours ago verified publisher icon nowsecure

Implement "hw" watchpoints as in Dwarf

Open enovella opened this issue 4 years ago • 7 comments

https://github.com/iGio90/Dwarf/blob/master/dwarf_debugger/lib/core.js#L4839

enovella avatar Apr 21 '20 12:04 enovella

are those watchpoints based on hooking getters/setters for the class fields or its like a real hw? any PoC implementation instead of this one that is very tied to the dwarf internals? i think both kind of watchpoints would be interesting to have in r2frida. any hints here @oleavr @mrmacete ?

trufae avatar Apr 22 '20 14:04 trufae

cc @iGio90

trufae avatar May 01 '20 18:05 trufae

Well the logic is pretty simple. I think @PinkiePieStyle reworked them to use MemoryAccessMonitor (at least on windows). For what concerne unix, it's a matter of altering the permissions:

  • Memory.protect(address, 1, perm_needed(remove perm for read/write for the needed))
  • analyze the stack trace provided by Process.setExceptionHandler
  • restore correct permissions
  • return true on the exception handler
  • notify the ui

if needed we are also adding an interceptor to the address which attempt to r/w the given watchpoint address and break it to give runtime instrumentation

iGio90 avatar May 01 '20 18:05 iGio90

@iGio90 Cool! MemoryAccessMonitor is now also supported on the other platforms in recent versions of Frida.

oleavr avatar May 02 '20 00:05 oleavr

Thanks @iGio90 for the explanation :) having such primitive stable in Frida will make implementing that much easily. Hope to get that ready before 4.5. i'll start using milestones in r2frida

trufae avatar May 02 '20 09:05 trufae