[OS X][XNU] kext strnstr link fail

KEXT 내부에서 strnstr 을 사용했는데 컴파일은 잘되는데, 로딩할때 바인딩 에러가 난다..

왜그런지 인터넷을 찾아보아도 답이 없길래 직접 확인해보았다.

사건의 발단은 Kernel/string.h 에 strnstr 이 선언되어 있다.

extern int strcasecmp(const char *s1, const char *s2);

extern int strncasecmp(const char *s1, const char *s2, size_t n);

extern char *strnstr(char *s, const char *find, size_t slen);

extern char *strchr(const char *s, int c);

extern char *STRDUP(const char *, int);

extern int strprefix(const char *s1, const char *s2);

그런데 로딩시도를 하면 자꾸 아래 같은 에러가 발생한다.

(kernel) kxld[com.dplab.driver.xxxxio]: The following symbols are unresolved for this kext:

(kernel) kxld[com.dplab.driver.xxxxio]: _strnstr

그래서 System.kext/Plugins 에 존재하는 라이브러리 심볼을 덤프 해봤다.

(nm 명령어는 display name list 명령어로 심볼정보를 출력해줌)

nm /System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern | grep str

                 U __ZN12OSSymbolPool18reconstructSymbolsEv

                 U __ZNK11OSMetaClass18instanceDestructedEv

                 U __ZNK11OSMetaClass19instanceConstructedEv

                 U _copyinstr

                 U _copyoutstr

                 U _lck_mtx_destroy

                 U _lck_rw_destroy

                 U _lck_spin_destroy

                 U _strcasecmp

                 U _strcat

                 U _strchr

                 U _strcmp

                 U _strcpy

                 U _strlcat

                 U _strlcpy

                 U _strlen

                 U _strncasecmp

                 U _strncat

                 U _strncmp

                 U _strncpy

                 U _strnlen

                 U _strprefix

                 U _strtol

                 U _strtoq

                 U _strtoul

                 U _strtouq

음.. Libkern 에 _strnstr 이 진짜 없다. ....

어디있는지 다 찾아보니..

nm /System/Library/Extensions/System.kext/PlugIns/Private.kext/Private | grep strnstr

                 U _strnstr

Private.kext 에 있다.

그래서 Private.kext 를 링크해보니..

Diagnostics for /tmp/xxxxxio.kext:

Dependency Resolution Failures: 

    Only Apple kexts may link against com.apple.kpi.private.

쓰지 말란다. ....

머 이런...

암튼 다른 분들은 삽질하지 마시길..

[OS X] [lldb][kernel debugging 위주] 중요 명령어 정리

LLDB command

lldb 명령어는 windbg 명령어보다 복잡하다. 하지만 먼가 체계가 잘 잡혀있는
스크립트같은 느낌을 주는 명령어이다. 익숙해지는데 시간이 걸리겠지만 ..
익숙해지면 windbg 보다 더 능숙하게 디버깅할 수 있을 것 같다.


일단 몇개만 나열하고 나머지는 업데이트 할 예정.



target modules

  target modules lookup -n symbol modulename
  ex> target mod loo -n sysent mach_kernel

target modules list ( == image list )

target variable

  global values

  target variable <variable name>

memory read

   memory read -f A <address>  - display value with symbol - same as dds command in windbg
   ex> memory read -f A fffffff87000000 -c1

   memory read -t type <address> - same as dt command in windbg - very important !

thread backtrace all

thread select #num

process attach -p pid

process detach

bt

[Windows NT] NtCreateUserProcess

NtCreateUserProcess 과정과 Process & Thread & Image Callback 과정을 종합적으로 보여주는 그림.

궁금한 부분있으면 댓글로 남겨주세요.

If you have a question about this, leave a message ^^

(NtCreateUserProcess, NtCreateThreadEx)

[windows] Process & Thread Object Generic Mapping Info

You can find the information with windbg command in Windows XP

Don't miss generic desired access ^^


kd> ?? (*((nt!_OBJECT_TYPE**)@@(nt!PsProcessType)))->TypeInfo.GenericMapping
struct _GENERIC_MAPPING
+0x000 GenericRead : 0x20410
+0x004 GenericWrite : 0x20beb
+0x008 GenericExecute : 0x120000
+0x00c GenericAll : 0x1f0fff


kd> ?? (*((nt!_OBJECT_TYPE**)@@(nt!PsThreadType)))->TypeInfo.GenericMapping
struct _GENERIC_MAPPING
+0x000 GenericRead : 0x20048
+0x004 GenericWrite : 0x20037
+0x008 GenericExecute : 0x120000
+0x00c GenericAll : 0x1f03fjustlif


?? -> Evaluate C++ Expression

Process
GenericRead STANDARD_RIGHTS_READ | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,

GenericWrite STANDARD_RIGHTS_WRITE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_DUP_HANDLE |
PROCESS_TERMINATE | PROCESS_SET_QUOTA |
PROCESS_SET_INFORMATION | PROCESS_SET_PORT,

GenericExecute STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,

GenericAll PROCESS_ALL_ACCESS

Thread
GenericRead STANDARD_RIGHTS_READ | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION,

GenericWrite STANDARD_RIGHTS_WRITE | THREAD_TERMINATE | THREAD_SUSPEND_RESUME | THREAD_ALERT |
THREAD_SET_INFORMATION | THREAD_SET_CONTEXT,

GenericExecute STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,

GenericAll THREAD_ALL_ACCESS

linux - cscope

Linux

find ./ \( -name "*.c" -o -name "*.h" -o -name "*.asm" \) -print > cscope.files
cscope -i cscope.files

windows format syntax

http://msdn.microsoft.com/en-us/library/56e442dc.aspx

c++-String manipulation

함수 리스트

strtod, _strtod_l, wcstod, _wcstod_l
strtol, wcstol, _strtol_l, _wcstol_l
strtoul, _strtoul_l, wcstoul, _wcstoul_l
_strtoi64, _wcstoi64, _strtoi64_l, _wcstoi64_l
_strtoui64, _wcstoui64, _strtoui64_l, _wcstoui64_l

http://msdn.microsoft.com/ko-kr/library/53b7b72e.aspx

vim make project - vs in windows

Using vim in windows


" filename(line) : error|warning|fatal error C0000: message
" cope
set errorformat=\ %#%f(%l)\ :\ %#%t%[A-z]%#\ %[A-Z\ ]%#%n:\ %m

set makeprj=Drvbuild.bat


view error window
:cl

:cw
:copen

:cn
:cp
:cfirst
:clast

map cn :cn
map cp :cp

GetDiskFreeSpaceEx Function Internal call path

GetDiskFreeSpaceEx

ntdll!ZwQueryVolumeInformationFile


sysenter ----------------------------------------------------------------------

nt!NtQueryVolumeInformationFile

IRP_MJ_QUERY_VOLUME_INFORMATION | FileFsVolumeInformation

NtfsFsdDispatch

NtfsFsdDispatchSwitch

NtfsCommonQueryVolumeInfo

NtfsQueryFsSizeInfo

linux - ctags

Ctags 사용법




- Ctags 사용시 Prototype 과 extern 정의도 tag 로 포함시키는 명령어.


ctags -R --c-kinds=+px


-R recursive


−−−kinds=[+|−]kinds
Specifies a list of language-specific kinds of tags (or kinds) to include in the output file for a particular language, where is case-insensitive and is one of the built-in language names (see the −−list−languages option for a complete list). The parameter kinds is a group of one-letter flags designating kinds of tags (particular to the language) to either include or exclude from the output. The specific sets of flags recognized for each language, their meanings and defaults may be list using the −−list−kinds option. Each letter or group of letters may be preceded by either ’+’ to add it to, or ’−’ to remove it from, the default set. In the absence of any preceding ’+’ or ’−’ sign, only those kinds explicitly listed in kinds will be included in the output (i.e. overriding the default for the specified language).
As an example for the C language, in order to add prototypes and external variable declarations to the default set of tag kinds, but exclude macros, use −−c−kinds=+px−d; to include only tags for functions, use −−c−kinds=f.