Created
August 27, 2023 21:29
-
-
Save miticollo/9163608142f1cdf5e495366344b60581 to your computer and use it in GitHub Desktop.
posix_spawn for Frida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const LIBSYSTEM_KERNEL_PATH: string = '/usr/lib/system/libsystem_kernel.dylib'; | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L2820-L2945 | |
| const posix_spawn = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawn'), | |
| 'int', | |
| ['pointer', 'pointer', 'pointer', 'pointer', 'pointer', 'pointer'], | |
| ); | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L1415-L1455 | |
| const posix_spawn_file_actions_init = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawn_file_actions_init'), | |
| 'int', | |
| ['pointer'] | |
| ); | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L190-L228 | |
| const posix_spawnattr_init = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawnattr_init'), | |
| 'int', | |
| ['pointer'] | |
| ); | |
| const sigemptyset = new NativeFunction( | |
| Module.getExportByName('libSystem.B.dylib', "sigemptyset"), | |
| 'int', | |
| ['pointer'] | |
| ); | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L686-L715 | |
| const posix_spawnattr_setsigmask = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawnattr_setsigmask'), | |
| 'int', | |
| ['pointer', 'pointer'] | |
| ); | |
| // https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/spawn.h#L46C41-L46C80 | |
| const POSIX_SPAWN_SETPGROUP: number = 0x0002 /* [SPN] set non-parent PGID */ | |
| // https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/spawn.h#L48C49-L48C76 | |
| const POSIX_SPAWN_SETSIGMASK: number = 0x0008 /* [SPN] set signal mask */ | |
| // https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/spawn.h#L60 | |
| const POSIX_SPAWN_START_SUSPENDED: number = 0x0080 /* Darwin-specific flag */ | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L282-L311 | |
| const posix_spawnattr_setflags = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawnattr_setflags'), | |
| 'int', | |
| ['pointer', 'int'] | |
| ); | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L231-L279 | |
| const posix_spawnattr_destroy = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawnattr_destroy'), | |
| 'int', | |
| ['pointer'] | |
| ); | |
| // https://github.com/apple-oss-distributions/xnu/blob/aca3beaa3dfbd42498b42c5e5ce20a938e6554e5/libsyscall/wrappers/spawn/posix_spawn.c#L1458C3-L1492 | |
| const posix_spawn_file_actions_destroy = new NativeFunction( | |
| Module.getExportByName(LIBSYSTEM_KERNEL_PATH, 'posix_spawn_file_actions_destroy'), | |
| 'int', | |
| ['pointer'] | |
| ); | |
| rpc.exports = { | |
| spawn(path: string): number { | |
| const pid: NativePointer = Memory.alloc(Process.pointerSize); | |
| pid.writePointer(NULL); | |
| const fileActions: NativePointer = Memory.alloc(Process.pointerSize); | |
| fileActions.writePointer(NULL); | |
| if (posix_spawn_file_actions_init(fileActions)) throw new Error(`posix_spawn_file_actions_init failed!`); | |
| const attributes: NativePointer = Memory.alloc(Process.pointerSize); | |
| attributes.writePointer(NULL); | |
| if (posix_spawnattr_init(attributes)) throw new Error("posix_spawnattr_init failed!"); | |
| const signalMaskSet: NativePointer = Memory.alloc(Process.pointerSize); | |
| sigemptyset(signalMaskSet); | |
| if (posix_spawnattr_setsigmask(attributes, signalMaskSet)) throw new Error("posix_spawnattr_setsigmask failed!"); | |
| const flags: number = POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_START_SUSPENDED; | |
| if (posix_spawnattr_setflags(attributes, flags)) throw new Error("posix_spawnattr_setflags failed!"); | |
| const rc: number = posix_spawn( | |
| pid, | |
| Memory.allocUtf8String(path), | |
| fileActions, | |
| attributes, | |
| NULL, | |
| NULL | |
| ); | |
| if (rc || pid.isNull()) throw new Error(`posix_spawn failed: ${rc}!`); | |
| if (posix_spawnattr_destroy(attributes)) throw new Error("posix_spawnattr_destroy failed!"); | |
| if (posix_spawn_file_actions_destroy(fileActions)) throw new Error("posix_spawn_file_actions_destroy failed!"); | |
| return pid.readInt(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment