darwin-module: Handle special lib ordinal values (#653)

In this way, if an import's module can't be resolved by direct ordinal
index, the import address is resolved immediately using dlsym() and the
corresponding module path is resolved anyway at emit time (like it's
always been) with a new fallback on dladdr() when ModuleMap fails to
resolve it.

Author: mrmacete

gum/backend-darwin/gumprocess-darwin.c

@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2010-2022 Ole André Vadla Ravnås <oleavr@nowsecure.com>
  * Copyright (C) 2015 Asger Hautop Drewsen <asgerdrewsen@gmail.com>
+ * Copyright (C) 2022 Francesco Tamagni <mrmacete@protonmail.ch>
  *
  * Licence: wxWindows Library Licence, Version 3.1
  */
@@ -1894,17 +1895,23 @@ gum_emit_import (const GumImportDetails * details,
 
   if (d.module == NULL)
   {
-    d.address = GUM_ADDRESS (dlsym (RTLD_DEFAULT, d.name));
+    if (details->address != 0)
+      d.address = details->address;
+    else
+      d.address = GUM_ADDRESS (dlsym (RTLD_DEFAULT, d.name));
 
     if (d.address != 0)
     {
       const GumModuleDetails * module_details;
+      Dl_info info;
 
       if (ctx->module_map == NULL)
         ctx->module_map = gum_module_map_new ();
       module_details = gum_module_map_find (ctx->module_map, d.address);
       if (module_details != NULL)
         d.module = module_details->path;
+      else if (dladdr (GSIZE_TO_POINTER (d.address), &info) != 0)
+        d.module = info.dli_fname;
     }
   }
 
@@ -1936,6 +1943,12 @@ gum_resolve_export (const char * module_name,
   GumEnumerateImportsContext * ctx = user_data;
   GumDarwinModule * module;
 
+  if (module_name == NULL)
+  {
+    const char * name = gum_symbol_name_from_darwin (symbol_name);
+    return GUM_ADDRESS (dlsym (RTLD_DEFAULT, name));
+  }
+
   module = gum_darwin_module_resolver_find_module (ctx->resolver, module_name);
   if (module != NULL)
   {

gum/gumdarwinmodule-priv.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2015-2020 Ole André Vadla Ravnås <oleavr@nowsecure.com>
+ * Copyright (C)      2022 Francesco Tamagni <mrmacete@protonmail.ch>
  *
  * Licence: wxWindows Library Licence, Version 3.1
  */
@@ -34,6 +35,7 @@
 #define GUM_BIND_SPECIAL_DYLIB_SELF             0
 #define GUM_BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE -1
 #define GUM_BIND_SPECIAL_DYLIB_FLAT_LOOKUP     -2
+#define GUM_BIND_SPECIAL_DYLIB_WEAK_LOOKUP     -3
 
 G_BEGIN_DECLS
 

gum/gumdarwinmodule.c

@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2015-2022 Ole André Vadla Ravnås <oleavr@nowsecure.com>
+ * Copyright (C)      2022 Francesco Tamagni <mrmacete@protonmail.ch>
  *
  * Licence: wxWindows Library Licence, Version 3.1
  */
@@ -1570,7 +1571,7 @@ gum_emit_chained_imports (const GumDarwinChainedFixupsDetails * details,
   for (imp_index = 0; imp_index != fixups_header->imports_count; imp_index++)
   {
     guint name_offset;
-    gint lib_ordinal;
+    gint8 lib_ordinal;
     GumImportDetails * d;
     gpointer key;
 
@@ -1896,11 +1897,23 @@ const gchar *
 gum_darwin_module_get_dependency_by_ordinal (GumDarwinModule * self,
                                              gint ordinal)
 {
-  gint i = ordinal - 1;
+  gint i;
 
   if (!gum_darwin_module_ensure_image_loaded (self, NULL))
     return NULL;
 
+  switch (ordinal)
+  {
+    case GUM_BIND_SPECIAL_DYLIB_SELF:
+      return self->name;
+    case GUM_BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE:
+    case GUM_BIND_SPECIAL_DYLIB_FLAT_LOOKUP:
+    case GUM_BIND_SPECIAL_DYLIB_WEAK_LOOKUP:
+      return NULL;
+  }
+
+  i = ordinal - 1;
+
   if (i < 0 || i >= (gint) self->dependencies->len)
     return NULL;