xnu: chained step thumb32 seems to work

libr/debug/p/native/xnu/xnu_excthreads.c

@@ -123,12 +123,18 @@ static int modify_trace_bit(RDebug *dbg, xnu_thread_t *th, int enable) {
 		regs = (R_REG_T*)&th->gpr;
 		if (enable) {
 			int i = 0;
+			static chained_address = 0;
 			RIOBind *bio = &dbg->iob;
 			memcpy ((void *)&th->oldstate, (void *)state, sizeof (arm_debug_state_t));
 			//set a breakpoint that will stop when the PC doesn't
 			//match the current one
 			//set the current PC as the breakpoint address
-			state->__bvr[i] = regs->ts_32.__pc & 0xFFFFFFFCu;
+			if (chained_address) {
+				state->__bvr[i] = chained_address & 0xFFFFFFFCu;
+				chained_address = 0;
+			} else {
+				state->__bvr[i] = regs->ts_32.__pc & 0xFFFFFFFCu;
+			}
 			state->__bcr[i] = BCR_M_IMVA_MISMATCH |  // stop on
 								 // address
 								 // mismatch
@@ -146,8 +152,7 @@ static int modify_trace_bit(RDebug *dbg, xnu_thread_t *th, int enable) {
 					return false;
 				}
 				if (is_thumb_32 (op)) {
-					eprintf ("Thumb32 chain stepping not supported yet\n");
-					return false;
+					chained_address = regs->ts_32.__pc + 2;
 				} else {
 					// Extend the number of bits to ignore for the mismatch
 					state->__bcr[i] |= BAS_IMVA_ALL;
@@ -316,7 +321,6 @@ static int handle_exception_message (RDebug *dbg, exc_msg *msg) {
 		if (kr != KERN_SUCCESS)
 			eprintf ("failed to suspend task breakpoint\n");
 		ret = R_DEBUG_REASON_BREAKPOINT;
-		eprintf ("EXC_BREAKPOINT\n");
 		break;
 	default:
 		eprintf ("UNKNOWN\n");
@@ -364,7 +368,6 @@ static int __xnu_wait (RDebug *dbg, int pid) {
 			eprintf ("message didn't succeded\n");
 			break;
 		}
-		eprintf ("Received exception\n");
 		ret = validate_mach_message (dbg, &msg);
 		if (!ret) {
 			ret = handle_dead_notify (dbg, &msg);
@@ -393,7 +396,6 @@ static int __xnu_wait (RDebug *dbg, int pid) {
 				reply.Head.msgh_size, 0,
 				MACH_PORT_NULL, 0,
 				MACH_PORT_NULL);
-		eprintf ("REPLIED\n");
 		if (reply.Head.msgh_remote_port != 0 && kr != MACH_MSG_SUCCESS) {
 			kr = mach_port_deallocate(mach_task_self (), reply.Head.msgh_remote_port);
 			if (kr != KERN_SUCCESS)

libr/io/p/io_mach.c

@@ -268,18 +268,21 @@ static bool tsk_setperm(RIO *io, task_t task, vm_address_t addr, int len, int pe
 
 static bool tsk_write(task_t task, vm_address_t addr, const ut8 *buf, int len) {
 	kern_return_t kr;
-	mach_msg_type_number_t _len = len;
-	vm_offset_t _buf = (vm_offset_t)buf;
 	unsigned int count = 0;
 	kr = mach_port_get_refs (mach_task_self(), task, MACH_PORT_RIGHT_SEND, &count);
 	if (kr != KERN_SUCCESS)
 		perror ("get refs");
-	if (count == 0)
+	if (count == 0) {
+		eprintf ("REFS drop to 0\n");
 		return false;
-	kr = vm_write (task, addr, _buf, _len);
-	if (kr != KERN_SUCCESS)
+	}
+	eprintf ("address %u\n", addr);
+	kr = vm_write (task, addr, (vm_offset_t)buf, (mach_msg_type_number_t)len);
+	if (kr != KERN_SUCCESS) {
 		//the memory is not mapped
+		eprintf ("error when writing to memory , code: %d\n", kr);
 		return false;
+	}
 	return true;
 }
 
@@ -302,10 +305,13 @@ static int mach_write_at(RIO *io, RIOMach *riom, const void *buf, int len, ut64
 	else
 		total_size = pagesize;
 
+	eprintf ("BASE ADDR %u\n", pageaddr);
+	eprintf ("PAGE SIZE %d\n", pagesize);
+
 	if (tsk_write (task, vaddr, buf, len))
 		return len;
 	operms = tsk_getperm (io, task, pageaddr);
-	if (!tsk_setperm (io, task, pageaddr, total_size, VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE)) {
+	if (!tsk_setperm (io, task, pageaddr, total_size, VM_PROT_WRITE | VM_PROT_COPY)) {
 		eprintf ("io.mach: Cannot set page perms for %d bytes at 0x%08"
 			PFMT64x"\n", (int)pagesize, (ut64)pageaddr);
 		return -1;