To accomplish this, we add a new debug stop reason R_DEBUG_REASON_TRACEPOINT
and return it from r_debug_wait whenever a tracing breakpoint is hit. Then, in
r_debug_continue_kill, we recognize this state and do the old r_debug_step
trick to progress the session. Previous rework of r_debug_recoil takes care of
the heavy lifting and we continue on our way.
The major contribution here is completely re-worked breakpoint hit/recoil
handling. This work fixes#4907 and lays the ground work for future native
debugger improvements (multi-threading, etc).
* Give a human friendly type to enums
* Change many wait functions to return RDebugReasonType
* Better return checking (from r_debug_reg_sync, r_bp_restore)
* Optimized register synchronization
* Lots of comments and whitespace changes
* Improved inferior death detection
Handle EXIT_PID events differently than DEAD process events
* Move breakpoint/recoil handling to wait/cont/step
Rather than handing breakpoint related things inside cmd_debug.c, do that
inside the r_debug API functions. This seems like the most logical place for it
to live since it should apply to just about any platform/architecture. This
also centralizes calling into "cmd.bp" handling via the CoreBind callback.
* Track how the caller wishes to continue
It turns out that handling break point recoils is very complicated. The ptrace
API on Linux returns SIGTRAP for just about every type of operation (not just
breakpoints getting hit). Add the "recoil_mode" flag to indicate whether we are
single-stepping or continuing and whether or not we are inside the recoil.
* Proper handling for swstep=true
Since r_debug_step_soft calls r_debug_continue, it's already hitting the recoil
case there. Move the recoil handling from r_debug_step to r_debug_step_hard
only.
For the swstep=true case, special handling is required inside r_debug_recoil.
By resetting all of the breakpoints except the one we just hit, we ensure we
can step the original instruction and hit the new swstep breakpoint. Add a new
bp function called r_bp_restore_except to do this.
To make matters worse, we cannot use a BreakpointItem pointer because that
leads to a use-after-free condition. Instead, we the breakpoint address
instead.
Now breakpoints should work regardless of the swtep setting.
* Always call the recoil before continuing
Some callers of r_debug_continue might not have ever inserted any breakpoints
before. If we don't restore breakpoints before each call to the underlying
continue we won't hit them.
* Hide software step breakpoint events from the user
When a breakpoint even happens due to a software-step, hide it from the user.
They aren't really breakpoints as far as they are concerned.
* Improve process exit handling on Linux
There are three types of process exiting events on Linux:
1. PTRACE_EVENT_EXIT occurs just before a process exits. It's not possible to
prevent it from exiting, but it can be used to inspect the pre-exit state.
2. The process can exit for a variety of reasons and we can notice when we call
waitpid(2).
3. The process could die randomly on us :-/
On Windows, h->wait will return R_DEBUG_REASON_EXIT_PID, but it's more likely
on Linux to find out the process is already dead.
* Check more bits within waitpid status
We can often make a decision about what happened strictly by looking at the
status returned from waitpid. In other cases, we need to call
r_debug_handle_signals.
If we reach the end of this function without knowing what happened, consider it
an error.
Linux 2.5.46 made changes to the ptrace(2) API to inform a tracer when various
events occur. These are known as PTRACE_EVENTs. Start handling PTRACE_EVENTs
by:
* Handling PTRACE_EVENT_FORK and PTRACE_EVENT_EXIT
* For _FORK, stores the newly created pid in dbg->forked_pid
* Add the "dpc" command to select the most recently forked child process.
* Add the "dpc*" command to show the recently forked process' pid.
Additional minor changes to white space are included.
NOTE: This partially addresses #3549. It does handleLinux before 2.5.46.
When resuming after (during) recoil from a breakpoint, the swstep
implementation would fail to advance. In short, the debugger would immediately
interrupt again because r_bp_restore was re-setting the original breakpoint
just before continue. The following changes fix this issue:
1. Modify r_bp_get_in to stop including the byte after a breakpoint. This was
causing r_bp_recoil to fail because it thought there was already a breakpoint
on the next instruction.
2. Pass the real breakpoint address (pc - dbg->bpsize) to r_bp_recoil so
that r_bp_get_in can work properly. Stop adding the b->size there to keep it
going too.
3. Add a state flag to core->dbg to track that we are in the midst of a recoil.
4. When continuing from recoil (in r_debug_continue_kill), restore all
breakpoints except the one we just hit (with the new r_bp_restore_except) to
avoid hitting it again. Once we move past this instruction, that breakpoint
will be set again.
some rework in order to handle mach message as mach_exc_server and alike does
api change in plugin debug, now the function detach receive a pointer to RDebug
trying to deallocate port when are not needed any more
- Implemented in r_debug_esil_* APIs
- Support for step-into and continue
- Expressions can be regs, numbers, math operations, ranges, comparisons..
- Honor dbg.prestep for stepping before or after analysing
- read-write-exec watchpoints using native debug backend and esil emulation
- OSX/iOS debugger error message is now nicer
- anal/rpnesil renamed to esil
- Add esi,edi in osx regprofile
- Add r_cons_is_breaked() for consistency
