Jump to content

mach_star and Rosetta

1 post in this topic

Recommended Posts

Has anybody gotten Jonathan Rentzsch's mach_star system to work with Rosetta?


The latest versions of mach_star, modified by Bertrand Guihéneuf and others, work fine if the target process's executable is a PPC exe running on a PPC chip, or an x86 exe running on an x86 chip.


However, code injection doesn't work for a PPC exe running under Rosetta. I've been trying to get this to work, but have run into some problems, and was hoping that either somebody has succeeded at this, or can at least provide some pointers.


Here are a few things I've discovered:


- A PPC source exe that works fine at injecting particular PPC target exes on a PowerMac G5, fails when running in Rosetta on a MacBook.


- Most of the injection process (allocating memory in the target process, etc.) succeeds. Where things fail is inside thread_create_running(). When you feed it a PPC_THREAD_STATE thread state flavor when running on an x86 CPU, it returns an error code of KERN_INVALID_ARGUMENT. This happens no matter whether the calling process is an x86 or PPC exe.


- It looks like things are failing in xnu, in machine_thread_set_state(). This is a routine that sets up the thread based on register contents and so on. In recent kernels, there are two versions of this, one for x86 (osfmk/i386/pcb.c) and one for PPC (osfmk/ppc/status.c). Each of these has a switch block that handles the allowable thread state flavors for the hardware. And if you try to use a thread state flavor for PPC in an x86 kernel (or vice versa), the switch block hits the default and returns KERN_INVALID_ARGUMENT.


There may be other places code injection on Rosetta will also fail; I haven't determined that yet.


The only solution I've been able to think of so far is to abstract the PPC thread setup code from osfmk/ppc/status.c and do it in my injector. But if there's an easier, or proven, way to accomplish the task, that would be better.


And any advice will be gratefully appreciated.


- Bob


P.S. Somebody has suggested that injecting an x86 bundle to a PPC process under Rosetta would work. I'm going to try that.

Link to comment
Share on other sites


  • Create New...