Merge trunk r97497 and its many dependents to the 14.0.835 branch.

third_party/mach_override/mach_override.c

 /*******************************************************************************
         mach_override.c
                 Copyright (c) 2003-2009 Jonathan 'Wolf' Rentzsch: <http://rentzsch.com>
                 Some rights reserved: <http://opensource.org/licenses/mit-license.php>
 
         ***************************************************************************/
 
 #include "mach_override.h"
 
 #include <mach-o/dyld.h>
@@ skipping 152 matching lines @@
 
     mach_error_t
 mach_override_ptr(
         void *originalFunctionAddress,
     const void *overrideFunctionAddress,
     void **originalFunctionReentryIsland )
 {
         assert( originalFunctionAddress );
         assert( overrideFunctionAddress );
         
+        // this addresses overriding such functions as AudioOutputUnitStart()
+        // test with modified DefaultOutputUnit project
+#if defined(__x86_64__) || defined(__i386__)
+    for(;;){
+        if(*(unsigned char*)originalFunctionAddress==0xE9)      // jmp .+0x????????
+            originalFunctionAddress=(void*)((char*)originalFunctionAddress+5+*(int32_t *)((char*)originalFunctionAddress+1));
+#if defined(__x86_64__)
+        else if(*(uint16_t*)originalFunctionAddress==0x25FF)    // jmp qword near [rip+0x????????]
+            originalFunctionAddress=*(void**)((char*)originalFunctionAddress+6+*(int32_t *)((uint16_t*)originalFunctionAddress+1));
+#elif defined(__i386__)
+        else if(*(uint16_t*)originalFunctionAddress==0x25FF)    // jmp *0x????????
+            originalFunctionAddress=**(void***)((uint16_t*)originalFunctionAddress+1);
+#endif
+        else break;
+    }
+#endif
+
         long    *originalFunctionPtr = (long*) originalFunctionAddress;
         mach_error_t    err = err_none;
         
 #if defined(__ppc__) || defined(__POWERPC__)
         //      Ensure first instruction isn't 'mfctr'.
         #define kMFCTRMask                      0xfc1fffff
         #define kMFCTRInstruction       0x7c0903a6
         
         long    originalInstruction = *originalFunctionPtr;
         if( !err && ((originalInstruction & kMFCTRMask) == kMFCTRInstruction) )
                 err = err_cannot_override;
 #elif defined(__i386__) || defined(__x86_64__)
         int eatenCount = 0;
         char originalInstructions[kOriginalInstructionsSize];
         uint64_t jumpRelativeInstruction = 0; // JMP
 
         Boolean overridePossible = eatKnownInstructions ((unsigned char *)originalFunctionPtr, 
                                                                                 &jumpRelativeInstruction, &eatenCount, originalInstructions);
         if (eatenCount > kOriginalInstructionsSize) {
                 //printf ("Too many instructions eaten\n");
                 overridePossible = false;
         }
         if (!overridePossible) err = err_cannot_override;
-        if (err) printf("err = %x %d\n", err, __LINE__);
+        if (err) fprintf(stderr, "err = %x %s:%d\n", err, __FILE__, __LINE__);
 #endif
         
         //      Make the original function implementation writable.
         if( !err ) {
                 err = vm_protect( mach_task_self(),
-                                (vm_address_t) originalFunctionPtr,
-                                sizeof(long), false, (VM_PROT_ALL | VM_PROT_COPY) );
+                                (vm_address_t) originalFunctionPtr, 8, false,
+                                (VM_PROT_ALL | VM_PROT_COPY) );
                 if( err )
                         err = vm_protect( mach_task_self(),
-                                        (vm_address_t) originalFunctionPtr, sizeof(long), false,
+                                        (vm_address_t) originalFunctionPtr, 8, false,
                                         (VM_PROT_DEFAULT | VM_PROT_COPY) );
         }
-        if (err) printf("err = %x %d\n", err, __LINE__);
+        if (err) fprintf(stderr, "err = %x %s:%d\n", err, __FILE__, __LINE__);
         
         //      Allocate and target the escape island to the overriding function.
         BranchIsland    *escapeIsland = NULL;
         if( !err )      
                 err = allocateBranchIsland( &escapeIsland, kAllocateHigh, originalFunctionAddress );
-                if (err) printf("err = %x %d\n", err, __LINE__);
+                if (err) fprintf(stderr, "err = %x %s:%d\n", err, __FILE__, __LINE__);
 
         
 #if defined(__ppc__) || defined(__POWERPC__)
         if( !err )
                 err = setBranchIslandTarget( escapeIsland, overrideFunctionAddress, 0 );
         
         //      Build the branch absolute instruction to the escape island.
         long    branchAbsoluteInstruction = 0; // Set to 0 just to silence warning.
         if( !err ) {
                 long escapeIslandAddress = ((long) escapeIsland) & 0x3FFFFFF;
                 branchAbsoluteInstruction = 0x48000002 | escapeIslandAddress;
         }
 #elif defined(__i386__) || defined(__x86_64__)
-        if (err) printf("err = %x %d\n", err, __LINE__);
+        if (err) fprintf(stderr, "err = %x %s:%d\n", err, __FILE__, __LINE__);
 
         if( !err )
                 err = setBranchIslandTarget_i386( escapeIsland, overrideFunctionAddress, 0 );
  
-        if (err) printf("err = %x %d\n", err, __LINE__);
+        if (err) fprintf(stderr, "err = %x %s:%d\n", err, __FILE__, __LINE__);
         // Build the jump relative instruction to the escape island
 #endif
 
 
 #if defined(__i386__) || defined(__x86_64__)
         if (!err) {
-                uint32_t addressOffset = ((void*)escapeIsland - (void*)originalFunctionPtr - 5);
+                uint32_t addressOffset = ((char*)escapeIsland - (char*)originalFunctionPtr - 5);
                 addressOffset = OSSwapInt32(addressOffset);
                 
                 jumpRelativeInstruction |= 0xE900000000000000LL; 
                 jumpRelativeInstruction |= ((uint64_t)addressOffset & 0xffffffff) << 24;
                 jumpRelativeInstruction = OSSwapInt64(jumpRelativeInstruction);         
         }
 #endif
         
         //      Optionally allocate & return the reentry island.
         BranchIsland    *reentryIsland = NULL;
         if( !err && originalFunctionReentryIsland ) {
-                err = allocateBranchIsland( &reentryIsland, kAllocateNormal, NULL);
+                err = allocateBranchIsland( &reentryIsland, kAllocateHigh, NULL);
                 if( !err )
                         *originalFunctionReentryIsland = reentryIsland;
         }
         
 #if defined(__ppc__) || defined(__POWERPC__)    
         //      Atomically:
         //      o If the reentry island was allocated:
         //              o Insert the original instruction into the reentry island.
         //              o Target the reentry island at the 2nd instruction of the
         //                original function.
@@ skipping 25 matching lines @@
         //              o Insert the original instructions into the reentry island.
         //              o Target the reentry island at the first non-replaced 
         //        instruction of the original function.
         //      o Replace the original first instructions with the jump relative.
         //
         // Note that on i386, we do not support someone else changing the code under our feet
         if ( !err ) {
                 if( reentryIsland )
                         err = setBranchIslandTarget_i386( reentryIsland,
                                                                                  (void*) ((char *)originalFunctionPtr+eatenCount), originalInstructions );
+                // try making islands executable before planting the jmp
+#if defined(__x86_64__) || defined(__i386__)
+        if( !err )
+            err = makeIslandExecutable(escapeIsland);
+        if( !err && reentryIsland )
+            err = makeIslandExecutable(reentryIsland);
+#endif
                 if ( !err )
                         atomic_mov64((uint64_t *)originalFunctionPtr, jumpRelativeInstruction);
         }
 #endif
         
-#if defined(__i386__) || defined(__x86_64__)
-        if ( !err )
-                err = makeIslandExecutable( escapeIsland );
-        if ( !err && reentryIsland )
-                err = makeIslandExecutable( reentryIsland );
-#endif
-        
         //      Clean up on error.
         if( err ) {
                 if( reentryIsland )
                         freeBranchIsland( reentryIsland );
                 if( escapeIsland )
                         freeBranchIsland( escapeIsland );
         }
 
         return err;
 }
@@ skipping 52 matching lines @@
                                 else if( err == KERN_NO_SPACE ) {
 #if defined(__x86_64__)
                                         page -= pageSize;
 #else
                                         page += pageSize;
 #endif
                                         err = err_none;
                                 }
                         }
                         if( allocated )
-                                *island = (void*) page;
+                                *island = (BranchIsland*) page;
                         else if( !allocated && !err )
                                 err = KERN_NO_SPACE;
                 }
         } else {
                 void *block = malloc( sizeof( BranchIsland ) );
                 if( block )
                         *island = block;
                 else
                         err = KERN_NO_SPACE;
         }
@@ skipping 129 matching lines @@
 #if defined(__i386__) || defined(__x86_64__)
 // simplistic instruction matching
 typedef struct {
         unsigned int length; // max 15
         unsigned char mask[15]; // sequence of bytes in memory order
         unsigned char constraint[15]; // sequence of bytes in memory order
 }       AsmInstructionMatch;
 
 #if defined(__i386__)
 static AsmInstructionMatch possibleInstructions[] = {
+        { 0x5, {0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, {0x55, 0x89, 0xe5, 0xc9, 0xc3} },        // push %ebp; mov %esp,%ebp; leave; ret
         { 0x1, {0xFF}, {0x90} },                                                        // nop
         { 0x1, {0xFF}, {0x55} },                                                        // push %esp
         { 0x2, {0xFF, 0xFF}, {0x89, 0xE5} },                                            // mov %esp,%ebp
         { 0x1, {0xFF}, {0x53} },                                                        // push %ebx
         { 0x3, {0xFF, 0xFF, 0x00}, {0x83, 0xEC, 0x00} },                                // sub 0x??, %esp
         { 0x6, {0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00}, {0x81, 0xEC, 0x00, 0x00, 0x00, 0x00} },    // sub 0x??, %esp with 32bit immediate
         { 0x1, {0xFF}, {0x57} },                                                        // push %edi
         { 0x1, {0xFF}, {0x56} },                                                        // push %esi
         { 0x2, {0xFF, 0xFF}, {0x31, 0xC0} },                                            // xor %eax, %eax
+        { 0x3, {0xFF, 0x4F, 0x00}, {0x8B, 0x45, 0x00} },  // mov $imm(%ebp), %reg
+        { 0x3, {0xFF, 0x4C, 0x00}, {0x8B, 0x40, 0x00} },  // mov $imm(%eax-%edx), %reg
+        { 0x4, {0xFF, 0xFF, 0xFF, 0x00}, {0x8B, 0x4C, 0x24, 0x00} },  // mov $imm(%esp), %ecx
         { 0x0 }
 };
 #elif defined(__x86_64__)
 static AsmInstructionMatch possibleInstructions[] = {
         { 0x1, {0xFF}, {0x90} },                                                        // nop
         { 0x1, {0xF8}, {0x50} },                                                        // push %rX
         { 0x3, {0xFF, 0xFF, 0xFF}, {0x48, 0x89, 0xE5} },                                // mov %rsp,%rbp
         { 0x4, {0xFF, 0xFF, 0xFF, 0x00}, {0x48, 0x83, 0xEC, 0x00} },                    // sub 0x??, %rsp
         { 0x4, {0xFB, 0xFF, 0x00, 0x00}, {0x48, 0x89, 0x00, 0x00} },                    // move onto rbp
         { 0x2, {0xFF, 0x00}, {0x41, 0x00} },                                            // push %rXX
         { 0x2, {0xFF, 0x00}, {0x85, 0x00} },                                            // test %rX,%rX
+        { 0x5, {0xF8, 0x00, 0x00, 0x00, 0x00}, {0xB8, 0x00, 0x00, 0x00, 0x00} },   // mov $imm, %reg
+        { 0x3, {0xFF, 0xFF, 0x00}, {0xFF, 0x77, 0x00} },  // pushq $imm(%rdi)
         { 0x0 }
 };
 #endif
 
 static Boolean codeMatchesInstruction(unsigned char *code, AsmInstructionMatch* instruction) 
 {
         Boolean match = true;
         
         size_t i;
         for (i=0; i<instruction->length; i++) {
@@ skipping 28 matching lines @@
                 // See if instruction matches one  we know
                 AsmInstructionMatch* curInstr = possibleInstructions;
                 do { 
                         if ((curInstructionKnown = codeMatchesInstruction(ptr, curInstr))) break;
                         curInstr++;
                 } while (curInstr->length > 0);
                 
                 // if all instruction matches failed, we don't know current instruction then, stop here
                 if (!curInstructionKnown) { 
                         allInstructionsKnown = false;
+                        fprintf(stderr, "mach_override: some instructions unknown! Need to update mach_override.c\n");
                         break;
                 }
                 
                 // At this point, we've matched curInstr
                 int eaten = curInstr->length;
                 ptr += eaten;
                 remainsToEat -= eaten;
                 totalEaten += eaten;
         }
 
@@ skipping 64 matching lines @@
 );
 #elif defined(__x86_64__)
 void atomic_mov64(
                 uint64_t *targetAddress,
                 uint64_t value )
 {
     *targetAddress = value;
 }
 #endif
 #endif