Skip to content

Commit

Permalink
gumjs: Migrate to Interceptor.get_live_replacement_invocation()
Browse files Browse the repository at this point in the history
To simplify things, and also guarantee that the specific replacement
function has a live call.
  • Loading branch information
oleavr committed May 10, 2024
1 parent 8af54ef commit 958ca6a
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 73 deletions.
4 changes: 2 additions & 2 deletions bindings/gumjs/gumquickcore.c
Original file line number Diff line number Diff line change
Expand Up @@ -4502,8 +4502,8 @@ gum_quick_native_callback_invoke (ffi_cif * cif,
}

if (core->interceptor != NULL &&
(ic = gum_interceptor_get_current_invocation ()) != NULL &&
self->interceptor_replacement_count > 0)
(ic = gum_interceptor_get_live_replacement_invocation (
self->native_pointer.value)) != NULL)
{
jic = _gum_quick_interceptor_obtain_invocation_context (core->interceptor);
_gum_quick_invocation_context_reset (jic, ic);
Expand Down
2 changes: 0 additions & 2 deletions bindings/gumjs/gumquickcore.h
Original file line number Diff line number Diff line change
Expand Up @@ -266,8 +266,6 @@ struct _GumQuickNativeCallback
ffi_type ** atypes;
GSList * data;

gint interceptor_replacement_count;

GumQuickCore * core;
};

Expand Down
17 changes: 1 addition & 16 deletions bindings/gumjs/gumquickinterceptor.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2020 Ole André Vadla Ravnås <oleavr@nowsecure.com>
* Copyright (C) 2020-2024 Ole André Vadla Ravnås <oleavr@nowsecure.com>
*
* Licence: wxWindows Library Licence, Version 3.1
*/
Expand Down Expand Up @@ -706,18 +706,13 @@ gum_quick_add_replace_entry (GumQuickInterceptor * self,
GumQuickCore * core = self->core;
JSContext * ctx = core->ctx;
GumQuickReplaceEntry * entry;
GumQuickNativeCallback * c;

entry = g_slice_new (GumQuickReplaceEntry);
entry->interceptor = self->interceptor;
entry->target = target;
entry->replacement = JS_DupValue (ctx, replacement_value);
entry->ctx = ctx;

c = JS_GetOpaque (entry->replacement, core->native_callback_class);
if (c != NULL)
c->interceptor_replacement_count++;

g_hash_table_insert (self->replacement_by_address, target, entry);
}

Expand Down Expand Up @@ -771,22 +766,12 @@ GUMJS_DEFINE_FUNCTION (gumjs_interceptor_revert)
{
GumQuickInterceptor * self;
gpointer target;
GumQuickReplaceEntry * entry;

self = gumjs_get_parent_module (core);

if (!_gum_quick_args_parse (args, "p", &target))
return JS_EXCEPTION;

entry = g_hash_table_lookup (self->replacement_by_address, target);
if (entry != NULL)
{
GumQuickNativeCallback * c =
JS_GetOpaque (entry->replacement, core->native_callback_class);
if (c != NULL)
c->interceptor_replacement_count--;
}

g_hash_table_remove (self->replacement_by_address, target);

return JS_UNDEFINED;
Expand Down
27 changes: 20 additions & 7 deletions bindings/gumjs/gumv8core.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
# include "gumv8script-java.h"
#endif

#include <ffi.h>
#include <glib/gprintf.h>
#ifdef _MSC_VER
# include <intrin.h>
Expand Down Expand Up @@ -139,6 +140,22 @@ struct GumV8NativeFunction
GumV8Core * core;
};

struct GumV8NativeCallback
{
gint ref_count;

v8::Global<v8::Object> * wrapper;
gpointer ptr_value;

v8::Global<v8::Function> * func;
ffi_closure * closure;
ffi_cif cif;
ffi_type ** atypes;
GSList * data;

GumV8Core * core;
};

struct GumV8CallbackContext
{
Global<Object> * wrapper;
Expand Down Expand Up @@ -613,8 +630,6 @@ _gum_v8_core_init (GumV8Core * self,
gumjs_native_callback_construct, scope, module, isolate);
native_callback->Inherit (native_pointer);
native_callback->InstanceTemplate ()->SetInternalFieldCount (2);
self->native_callback =
new Global<FunctionTemplate> (isolate, native_callback);

auto cc = _gum_v8_create_class ("CallbackContext", nullptr, scope,
module, isolate);
Expand Down Expand Up @@ -1307,9 +1322,6 @@ _gum_v8_core_finalize (GumV8Core * self)
delete self->callback_context;
self->callback_context = nullptr;

delete self->native_callback;
self->native_callback = nullptr;

delete self->native_function;
self->native_function = nullptr;

Expand Down Expand Up @@ -3388,6 +3400,7 @@ GUMJS_DEFINE_CONSTRUCTOR (gumjs_native_callback_construct)
callback->wrapper = new Global<Object> (isolate, wrapper);
callback->wrapper->SetWeak (callback,
gum_v8_native_callback_on_weak_notify, WeakCallbackType::kParameter);
callback->ptr_value = func;

g_hash_table_add (core->native_callbacks, callback);

Expand Down Expand Up @@ -3522,8 +3535,8 @@ gum_v8_native_callback_invoke (ffi_cif * cif,
auto interceptor = &self->core->script->interceptor;
GumV8InvocationContext * jic = NULL;
GumV8CallbackContext * jcc = NULL;
auto ic = gum_interceptor_get_current_invocation ();
if (ic != NULL && self->interceptor_replacement_count > 0)
auto ic = gum_interceptor_get_live_replacement_invocation (self->ptr_value);
if (ic != NULL)
{
jic = _gum_v8_interceptor_obtain_invocation_context (interceptor);
_gum_v8_invocation_context_reset (jic, ic);
Expand Down
21 changes: 1 addition & 20 deletions bindings/gumjs/gumv8core.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2022 Ole André Vadla Ravnås <oleavr@nowsecure.com>
* Copyright (C) 2010-2024 Ole André Vadla Ravnås <oleavr@nowsecure.com>
* Copyright (C) 2020-2021 Francesco Tamagni <mrmacete@protonmail.ch>
* Copyright (C) 2021 Abdelrahman Eid <hot3eed@gmail.com>
*
Expand All @@ -14,7 +14,6 @@
#include "gumv8script.h"
#include "gumv8scriptbackend.h"

#include <ffi.h>
#include <gum/gumexceptor.h>
#include <gum/gumprocess.h>
#include <v8.h>
Expand Down Expand Up @@ -104,7 +103,6 @@ struct GumV8Core
v8::Global<v8::String> * value_key;
v8::Global<v8::String> * system_error_key;

v8::Global<v8::FunctionTemplate> * native_callback;
v8::Global<v8::FunctionTemplate> * callback_context;
v8::Global<v8::Object> * callback_context_value;

Expand Down Expand Up @@ -142,23 +140,6 @@ struct GumV8ByteArray
GumV8Core * core;
};

struct GumV8NativeCallback
{
gint ref_count;

v8::Global<v8::Object> * wrapper;

v8::Global<v8::Function> * func;
ffi_closure * closure;
ffi_cif cif;
ffi_type ** atypes;
GSList * data;

gint interceptor_replacement_count;

GumV8Core * core;
};

class GumV8SystemErrorPreservationScope
{
public:
Expand Down
27 changes: 1 addition & 26 deletions bindings/gumjs/gumv8interceptor.cpp
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2022 Ole André Vadla Ravnås <oleavr@nowsecure.com>
* Copyright (C) 2010-2024 Ole André Vadla Ravnås <oleavr@nowsecure.com>
*
* Licence: wxWindows Library Licence, Version 3.1
*/
Expand Down Expand Up @@ -746,15 +746,6 @@ gum_v8_handle_replace_ret (GumV8Interceptor * self,

g_hash_table_insert (self->replacement_by_address, target, entry);

auto native_callback = Local<FunctionTemplate>::New (isolate,
*core->native_callback);
auto instance = replacement_value.As<Object> ();
if (native_callback->HasInstance (instance))
{
auto callback = (GumV8NativeCallback *)
instance->GetInternalField (1).As<External> ()->Value ();
callback->interceptor_replacement_count++;
}
break;
}
case GUM_REPLACE_WRONG_SIGNATURE:
Expand Down Expand Up @@ -794,22 +785,6 @@ GUMJS_DEFINE_FUNCTION (gumjs_interceptor_revert)
if (!_gum_v8_args_parse (args, "p", &target))
return;

auto entry = (GumV8ReplaceEntry *)
g_hash_table_lookup (module->replacement_by_address, target);
if (entry != NULL)
{
auto native_callback = Local<FunctionTemplate>::New (isolate,
*core->native_callback);
auto replacement_value (Local<Value>::New (isolate, *entry->replacement));
auto instance = replacement_value.As<Object> ();
if (native_callback->HasInstance (instance))
{
auto callback = (GumV8NativeCallback *)
instance->GetInternalField (1).As<External> ()->Value ();
callback->interceptor_replacement_count--;
}
}

g_hash_table_remove (module->replacement_by_address, target);
}

Expand Down

0 comments on commit 958ca6a

Please sign in to comment.