[FEATURE] Add ARM64 support to the Frida uprobe attach manager

Question

[FEATURE] Add ARM64 support to the Frida uprobe attach manager

viniciusd opened this issue 6 months ago · 6 comments

Is your feature request related to a problem? Please describe.
As part of supporting MacOS (#145), we should support ARM64 as Apple has migrated from x86.

Describe the solution you'd like
x86-specific code supports ARM64

Provide usage examples
The bpftime components should be able to run on arm64

Answer 1 · 2024-06-10T03:17:39.000Z

@Officeyutong I understand the Frida uprobe attach manager is at bpftime/attach/frida_uprobe_attach_impl. How can I run the unit tests for this directory only?

Answer 2 · 2024-06-10T05:42:54.000Z

@Officeyutong I understand the Frida uprobe attach manager is at bpftime/attach/frida_uprobe_attach_impl. How can I run the unit tests for this directory only?

Build and run target bpftime_frida_uprobe_attach_tests

Answer 3 · 2024-06-12T02:49:54.000Z

@Officeyutong I am going over the entire attach impl code to try to understand what is happening (super cool btw, great idea y'all had for implementing it with frida/gum).

In the uprobe_listener_on_enter: (frida_internal_attach_entry.cpp)

static void uprobe_listener_on_enter(GumInvocationListener *listener,
				     GumInvocationContext *ic)
{
	UprobeListener *self = EXAMPLE_LISTENER(listener);
	auto *hook_entry = (frida_internal_attach_entry *)
		gum_invocation_context_get_listener_function_data(ic);
	SPDLOG_TRACE("Handle uprobe at uprobe_listener_on_enter");
	GumInvocationContext *ctx;
	bpftime::pt_regs regs;
	ctx = gum_interceptor_get_current_invocation();
	convert_gum_cpu_context_to_pt_regs(*ctx->cpu_context, regs);
	hook_entry->iterate_uprobe_callbacks(regs);
}

Is this EXAMPLE_LISTENER used for anything or is it just leftover from the initial implementation?

Answer 4 · 2024-06-12T07:52:59.000Z

EXAMPLE_LISTENER

A listener object is required by frida if we want to monitor invocation of a function. The expansion of macro G_DECLARE_FINAL_TYPE defined EXAMPLE_LISTENER and G_DEFINE_TYPE_EXTENDED defines the initializer uprobe_listener_iface_init where it specified uprobe_listener_on_enter and uprobe_listener_on_leave as the listener function. The name EXAMPLE was copied from our POC, I forgot to rename it to a suitable name

Answer 5 · 2024-06-30T08:24:15.000Z

Implementation of uprobe is in attach/frida_uprobe_attach_impl/src/*.cpp. Most code here are platform independent which directly calls functions provided by frida. The first thing we do should be making target bpftime_frida_uprobe_attach_tests, the unit tests of uprobe implementation, work on macos. It doesn't involve anythings related to eBPF

Here is a brief introduction to the attach part https://eunomia.dev/bpftime/documents/attach/

@hp77-creator

Answer 6 · 2024-07-14T02:16:14.000Z

@Officeyutong bpftime_frida_uprobe_attach_tests works fine in Debug config but if I try with Release or RelWithDebInfo then it fails. Attaching output of cmake for RelWithDebInfo for reference
ouput.log