在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):quarkslab/LLDBagility开源软件地址(OpenSource Url):https://github.com/quarkslab/LLDBagility开源编程语言(OpenSource Language):C 56.7%开源软件介绍(OpenSource Introduction):LLDBagilityLLDBagility is a tool for macOS kernel debugging that allows to connect LLDB to any macOS virtual machine running on a patched version of the VirtualBox hypervisor, thanks to the capabilities of virtual machine introspection offered by the Fast Debugging Protocol (FDP). For more information, read the accompanying blog posts: FeaturesLLDBagility implements a set of new LLDB commands that allows the debugger to:
These commands are intended to be used alongside the ones already available in LLDB, like Files
Requisites
Note that both packages PyFDP and kdputils must be installed for the Python interpreter used by LLDB. InstallationAssuming all requisites are satisfied, simply add Usage
The new LLDB commands implemented by LLDBagility are:
In the debugger, use (lldb) help fdp-attach
For more information run 'help fdp-attach' Expects 'raw' input (see 'help raw-input'.)
Syntax: fdp-attach
Connect to a macOS VM via FDP.
The VM must have already been started.
Existing breakpoints are deleted on attaching.
Re-execute this command every time the VM is rebooted.
(lldb) fdp-attach -h
usage: fdp-attach [-h] vm_name
positional arguments:
vm_name
optional arguments:
-h, --help show this help message and exit Notes to users
Example session$ env PATH="/usr/bin:/bin:/usr/sbin:/sbin" lldb
(lldb) fdp-attach macos-mojave-18E226
LLDBagility
Kernel load address: 0xffffff800d200000
Kernel slide: 0xd000000
Kernel version: Darwin Kernel Version 18.5.0: Mon Mar 11 20:40:32 PDT 2019; root:xnu-4903.251.3~3/RELEASE_X86_64
Version: Darwin Kernel Version 18.5.0: Mon Mar 11 20:40:32 PDT 2019; root:xnu-4903.251.3~3/RELEASE_X86_64; stext=0xffffff800d200000
Kernel UUID: 4170BF94-38B6-364F-A1B0-2F7C2C30F9A9
Load Address: 0xffffff800d200000
warning: 'kernel' contains a debug script. To run this script in this debug session:
command script import "/Library/Developer/KDKs/KDK_10.14.4_18E226.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/../Python/kernel.py"
To run all discovered debug scripts in this session:
settings set target.load-script-from-symbol-file true
Kernel slid 0xd000000 in memory.
Loaded kernel file /Library/Developer/KDKs/KDK_10.14.4_18E226.kdk/System/Library/Kernels/kernel
Loading 62 kext modules .............................................................. done.
kernel was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 1 stopped
* thread #1, stop reason = signal SIGSTOP
frame #0: 0xffffff800d4c2fb6 kernel`pmap_pcid_activate(tpmap=0xffffff800dcc17e0, ccpu=<unavailable>, nopagezero=<unavailable>, copyio=<unavailable>) at pmap_pcid.c:343 [opt]
Target 0: (kernel) stopped.
(lldb) command script import "/Library/Developer/KDKs/KDK_10.14.4_18E226.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/../Python/kernel.py"
Loading kernel debugging from /Library/Developer/KDKs/KDK_10.14.4_18E226.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/../Python/kernel.py
. . .
xnu debug macros loaded successfully. Run showlldbtypesummaries to enable type summaries.
settings set target.process.optimization-warnings false
(lldb) showversion
Darwin Kernel Version 18.5.0: Mon Mar 11 20:40:32 PDT 2019; root:xnu-4903.251.3~3/RELEASE_X86_64
(lldb) showbootargs
"fs4:\System\Library\CoreServices\boot.efi" usb=0x800 keepsyms=1 -v -serial=0x1
(lldb) showproctree
PID PROCESS POINTER
=== ======= =======
0 kernel_task [ 0xffffff800de15968 ]
|--1 launchd [ 0xffffff801456df10 ]
| |--11 kextcache [ 0xffffff801456daa0 ]
(lldb) c
Process 1 resuming
(lldb) fdp-interrupt
Process 1 stopped
* thread #3, name = '0xffffff8013da71d0', queue = '0x0', stop reason = signal SIGINT
frame #0: 0xffffff800d4def80 kernel`machine_idle at pmCPU.c:181 [opt]
Target 0: (kernel) stopped.
(lldb) showproctree
PID PROCESS POINTER
=== ======= =======
0 kernel_task [ 0xffffff800de15968 ]
|--1 launchd [ 0xffffff801456df10 ]
| |--220 com.apple.Ambien [ 0xffffff80179d1d50 ]
| |--219 sharedfilelistd [ 0xffffff80179d21c0 ]
| |--218 CVMCompiler [ 0xffffff80179d2630 ]
| |--217 CVMServer [ 0xffffff80179d2aa0 ]
. . .
| |--40 uninstalld [ 0xffffff801456d1c0 ]
| |--39 wifiFirmwareLoad [ 0xffffff801456d630 ]
| |--37 UserEventAgent [ 0xffffff801456daa0 ]
| |--36 syslogd [ 0xffffff801456e380 ]
(lldb) showipcsummary
task pid #acts tablesize command
0xffffff8013d89cc0 0 94 21 kernel_task
0xffffff8013d8a840 1 4 1194 launchd
0xffffff8014e42b80 86 6 341 loginwindow
0xffffff8014e45980 37 5 512 UserEventAgent
0xffffff8014e425c0 39 2 42 wifiFirmwareLoad
. . .
0xffffff80179d6000 218 2 42 CVMCompiler
0xffffff80179d8e00 219 4 85 sharedfilelistd
0xffffff80179d93c0 220 4 85 com.apple.Ambien
Total Table size: 13619 LicenseAll the material in this repository is released under the Apache License version 2.0, with the exception of the VirtualBox sources patched for FDP which are released under the GNU General Public License version 2 in accordance with the VirtualBox license. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论