Add thread_id to MemoryAccessMonitor

frida · May 17, 2024 · 5fbd255 · 5fbd255
1 parent 0768e83
commit 5fbd255
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 2 deletions.
diff --git a/bindings/gumjs/gumquickmemory.c b/bindings/gumjs/gumquickmemory.c
@@ -157,6 +157,7 @@ GUMJS_DECLARE_FUNCTION (gumjs_memory_access_monitor_disable)
 static void gum_quick_memory_clear_monitor (GumQuickMemory * self,
     JSContext * ctx);
 
+GUMJS_DECLARE_GETTER (gumjs_memory_access_details_get_thread_id)
 GUMJS_DECLARE_GETTER (gumjs_memory_access_details_get_operation)
 GUMJS_DECLARE_GETTER (gumjs_memory_access_details_get_from)
 GUMJS_DECLARE_GETTER (gumjs_memory_access_details_get_address)
@@ -220,6 +221,7 @@ static const JSClassDef gumjs_memory_access_details_def =
 
 static const JSCFunctionListEntry gumjs_memory_access_details_entries[] =
 {
+  JS_CGETSET_DEF ("threadId", gumjs_memory_access_details_get_thread_id, NULL),
   JS_CGETSET_DEF ("operation", gumjs_memory_access_details_get_operation, NULL),
   JS_CGETSET_DEF ("from", gumjs_memory_access_details_get_from, NULL),
   JS_CGETSET_DEF ("address", gumjs_memory_access_details_get_address, NULL),
@@ -1273,6 +1275,16 @@ gum_quick_memory_access_details_get (JSContext * ctx,
   return TRUE;
 }
 
+GUMJS_DEFINE_GETTER (gumjs_memory_access_details_get_thread_id)
+{
+  const GumMemoryAccessDetails * details;
+
+  if (!gum_quick_memory_access_details_get (ctx, this_val, core, &details))
+    return JS_EXCEPTION;
+
+  return JS_NewInt64 (ctx, details->thread_id);
+}
+
 GUMJS_DEFINE_GETTER (gumjs_memory_access_details_get_operation)
 {
   const GumMemoryAccessDetails * details;
@@ -1352,4 +1364,4 @@ GUMJS_DEFINE_GETTER (gumjs_memory_access_details_get_context)
 
   return _gum_quick_cpu_context_new (ctx, details->context,
       GUM_CPU_CONTEXT_READWRITE, core, NULL);
-}
+}
diff --git a/bindings/gumjs/gumv8memory.cpp b/bindings/gumjs/gumv8memory.cpp
@@ -1214,6 +1214,9 @@ gum_v8_memory_on_access (GumMemoryAccessMonitor * monitor,
   ScriptScope script_scope (core->script);
 
   auto d = Object::New (isolate);
+  _gum_v8_object_set (d, "threadId", Number::New (isolate, details->thread_id),
+      core);
+
   _gum_v8_object_set_ascii (d, "operation",
       _gum_v8_memory_operation_to_string (details->operation), core);
   _gum_v8_object_set_pointer (d, "from", details->from, core);

diff --git a/gum/backend-posix/gummemoryaccessmonitor-posix.c b/gum/backend-posix/gummemoryaccessmonitor-posix.c
@@ -377,6 +377,7 @@ gum_memory_access_monitor_on_exception (GumExceptionDetails * details,
   if (details->type != GUM_EXCEPTION_ACCESS_VIOLATION)
     return FALSE;
 
+  d.thread_id = details->thread_id;
   d.operation = details->memory.operation;
   d.from = details->address;
   d.address = details->memory.address;

diff --git a/gum/backend-windows/gummemoryaccessmonitor-windows.c b/gum/backend-windows/gummemoryaccessmonitor-windows.c
@@ -433,6 +433,7 @@ gum_memory_access_monitor_on_exception (GumExceptionDetails * details,
 
   self = GUM_MEMORY_ACCESS_MONITOR (user_data);
 
+  d.thread_id = details->thread_id;
   d.operation = details->memory.operation;
   d.from = details->address;
   d.address = details->memory.address;

diff --git a/gum/gummemoryaccessmonitor.h b/gum/gummemoryaccessmonitor.h
@@ -8,6 +8,7 @@
 #define __GUM_MEMORY_ACCESS_MONITOR_H__
 
 #include <gum/gummemory.h>
+#include <gum/gumprocess.h>
 
 G_BEGIN_DECLS
 
@@ -22,6 +23,7 @@ typedef void (* GumMemoryAccessNotify) (GumMemoryAccessMonitor * monitor,
 
 struct _GumMemoryAccessDetails
 {
+  GumThreadId thread_id;
   GumMemoryOperation operation;
   gpointer from;
   gpointer address;

diff --git a/tests/core/memoryaccessmonitor.c b/tests/core/memoryaccessmonitor.c
@@ -19,13 +19,17 @@ TESTCASE (notify_on_read_access)
   volatile guint8 * bytes = GSIZE_TO_POINTER (fixture->range.base_address);
   guint8 val;
   volatile GumMemoryAccessDetails * d = &fixture->last_details;
+  GumThreadId thread_id;
 
   bytes[fixture->offset_in_first_page] = 0x13;
   bytes[fixture->offset_in_second_page] = 0x37;
 
   ENABLE_MONITOR ();
-
   val = bytes[fixture->offset_in_first_page];
+
+  thread_id = gum_process_get_current_thread_id ();
+  g_assert_cmpuint (d->thread_id, ==, thread_id);
+
   g_assert_cmpuint (fixture->number_of_notifies, ==, 1);
   g_assert_cmpint (d->operation, ==, GUM_MEMOP_READ);
   g_assert_true (d->from != NULL && d->from != d->address);
@@ -70,12 +74,17 @@ TESTCASE (notify_on_write_access)
   volatile guint8 * bytes = GSIZE_TO_POINTER (fixture->range.base_address);
   guint8 val;
   volatile GumMemoryAccessDetails * d = &fixture->last_details;
+  GumThreadId thread_id;
 
   bytes[fixture->offset_in_first_page] = 0x13;
 
   ENABLE_MONITOR ();
 
   bytes[fixture->offset_in_first_page] = 0x14;
+
+  thread_id = gum_process_get_current_thread_id ();
+  g_assert_cmpuint (d->thread_id, ==, thread_id);
+
   g_assert_cmpuint (fixture->number_of_notifies, ==, 1);
   g_assert_cmpint (d->operation, ==, GUM_MEMOP_WRITE);
   g_assert_true (d->from != NULL && d->from != d->address);
@@ -105,10 +114,15 @@ TESTCASE (notify_on_write_access)
 TESTCASE (notify_on_execute_access)
 {
   volatile GumMemoryAccessDetails * d = &fixture->last_details;
+  GumThreadId thread_id;
 
   ENABLE_MONITOR ();
 
   fixture->nop_function_in_third_page ();
+
+  thread_id = gum_process_get_current_thread_id ();
+  g_assert_cmpuint (d->thread_id, ==, thread_id);
+
   g_assert_cmpuint (fixture->number_of_notifies, ==, 1);
   g_assert_cmpint (d->operation, ==, GUM_MEMOP_EXECUTE);
   g_assert_true (d->from != NULL && d->from == d->address);

diff --git a/tests/gumjs/script.c b/tests/gumjs/script.c
@@ -183,6 +183,7 @@ TESTLIST_BEGIN (script)
     TESTENTRY (memory_access_can_be_monitored_one_range)
     TESTENTRY (memory_access_monitor_provides_cpu_context)
     TESTENTRY (memory_access_monitor_cpu_context_can_be_modified)
+    TESTENTRY (memory_access_monitor_provides_thread_id)
   TESTGROUP_END ()
 
   TESTENTRY (frida_version_is_available)
@@ -8266,6 +8267,35 @@ put_return_instruction (gpointer mem,
 #endif
 }
 
+TESTCASE (memory_access_monitor_provides_thread_id)
+{
+  volatile guint8 * a;
+  guint page_size;
+  GumThreadId thread_id;
+
+  if (!check_exception_handling_testable ())
+    return;
+
+  a = gum_alloc_n_pages (1, GUM_PAGE_RW);
+  page_size = gum_query_page_size ();
+
+  COMPILE_AND_LOAD_SCRIPT (
+      "MemoryAccessMonitor.enable({ base: " GUM_PTR_CONST ", size: %u }, {"
+        "onAccess(details) {"
+          "send([details.threadId]);"
+        "}"
+      "});",
+      a, page_size);
+  EXPECT_NO_MESSAGES ();
+
+  a[0] = 1;
+
+  thread_id = gum_process_get_current_thread_id ();
+  EXPECT_SEND_MESSAGE_WITH ("[%" G_GSIZE_MODIFIER "u]", thread_id);
+
+  gum_free_pages ((gpointer) a);
+}
+
 TESTCASE (pointer_can_be_read)
 {
   gpointer val = GSIZE_TO_POINTER (0x1337000);