Last active
June 5, 2025 16:14
-
-
Save defanator/9eb9b34a14e981eebe81ee2763aa6440 to your computer and use it in GitHub Desktop.
wm123
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gdb ./print_time /tmp/print_time.22639.core | |
| GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.2) 9.2 | |
| Copyright (C) 2020 Free Software Foundation, Inc. | |
| License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | |
| This is free software: you are free to change and redistribute it. | |
| There is NO WARRANTY, to the extent permitted by law. | |
| Type "show copying" and "show warranty" for details. | |
| This GDB was configured as "aarch64-linux-gnu". | |
| Type "show configuration" for configuration details. | |
| For bug reporting instructions, please see: | |
| <http://www.gnu.org/software/gdb/bugs/>. | |
| Find the GDB manual and other documentation resources online at: | |
| <http://www.gnu.org/software/gdb/documentation/>. | |
| For help, type "help". | |
| Type "apropos word" to search for commands related to "word"... | |
| Reading symbols from ./print_time... | |
| (No debugging symbols found in ./print_time) | |
| [New LWP 22639] | |
| [Thread debugging using libthread_db enabled] | |
| Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". | |
| Core was generated by `./print_time'. | |
| Program terminated with signal SIGSEGV, Segmentation fault. | |
| #0 0x0000ffffb4f9201c in ?? () | |
| (gdb) bt | |
| #0 0x0000ffffb4f9201c in ?? () | |
| Backtrace stopped: previous frame identical to this frame (corrupt stack?) | |
| (gdb) x/16x 0x0000ffffb4f9201c | |
| 0xffffb4f9201c: 0xf9000521 0x93407c42 0xf9400021 0xea01005f | |
| 0xffffb4f9202c: 0x54000400 0x90000502 0x90000561 0xf94004e6 | |
| 0xffffb4f9203c: 0xd2994005 0xf9000582 0xf2a77345 0xf90005c1 | |
| 0xffffb4f9204c: 0xf9400042 0xf9400024 0x8b060043 0xeb05007f | |
| (gdb) | |
| 0xffffb4f9205c: 0x5400010d 0x92993fe1 0xf2b88ca1 0x8b010042 | |
| 0xffffb4f9206c: 0x91000484 0x8b0200c3 0xeb05007f 0x54ffff8c | |
| 0xffffb4f9207c: 0xb6f80123 0xd2994005 0xf2a77345 0x8b050042 | |
| 0xffffb4f9208c: 0x8b060042 0xaa0203e3 0xd1000484 0x8b050042 | |
| (gdb) | |
| 0xffffb4f9209c: 0xb7ffffa3 0xf94000e1 0x8b040024 0xa9000ce4 | |
| 0xffffb4f920ac: 0xd65f03c0 0x00000000 0x00000000 0x00000000 | |
| 0xffffb4f920bc: 0x00000000 0xb4f920c8 0x0000ffff 0x00000001 | |
| 0xffffb4f920cc: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| (gdb) | |
| 0xffffb4f920dc: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| 0xffffb4f920ec: 0x00000000 0xb4f920f8 0x0000ffff 0xd964b800 | |
| 0xffffb4f920fc: 0x00000045 0xb4f92108 0x0000ffff 0x00000000 | |
| 0xffffb4f9210c: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| (gdb) | |
| 0xffffb4f9211c: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| 0xffffb4f9212c: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| 0xffffb4f9213c: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| 0xffffb4f9214c: 0x00000000 0x00000000 0x00000000 0x00000000 | |
| (gdb) | |
| (gdb) frame | |
| #0 0x0000ffffaee2701c in ?? () | |
| (gdb) x/32i 0x0000ffffaee2701c | |
| => 0xffffaee2701c: str x1, [x9, #8] | |
| 0xffffaee27020: sxtw x2, w2 | |
| 0xffffaee27024: ldr x1, [x1] | |
| 0xffffaee27028: tst x2, x1 | |
| 0xffffaee2702c: b.eq 0xffffaee270ac // b.none | |
| 0xffffaee27030: adrp x2, 0xffffaeec7000 | |
| 0xffffaee27034: adrp x1, 0xffffaeed3000 | |
| 0xffffaee27038: ldr x6, [x7, #8] | |
| 0xffffaee2703c: mov x5, #0xca00 // #51712 | |
| 0xffffaee27040: str x2, [x12, #8] | |
| 0xffffaee27044: movk x5, #0x3b9a, lsl #16 | |
| 0xffffaee27048: str x1, [x14, #8] | |
| 0xffffaee2704c: ldr x2, [x2] | |
| 0xffffaee27050: ldr x4, [x1] | |
| 0xffffaee27054: add x3, x2, x6 | |
| 0xffffaee27058: cmp x3, x5 | |
| 0xffffaee2705c: b.le 0xffffaee2707c | |
| 0xffffaee27060: mov x1, #0xffffffffffff3600 // #-51712 | |
| 0xffffaee27064: movk x1, #0xc465, lsl #16 | |
| 0xffffaee27068: add x2, x2, x1 | |
| 0xffffaee2706c: add x4, x4, #0x1 | |
| 0xffffaee27070: add x3, x6, x2 | |
| 0xffffaee27074: cmp x3, x5 | |
| 0xffffaee27078: b.gt 0xffffaee27068 | |
| 0xffffaee2707c: tbz x3, #63, 0xffffaee270a0 | |
| 0xffffaee27080: mov x5, #0xca00 // #51712 | |
| 0xffffaee27084: movk x5, #0x3b9a, lsl #16 | |
| 0xffffaee27088: add x2, x2, x5 | |
| 0xffffaee2708c: add x2, x2, x6 | |
| 0xffffaee27090: mov x3, x2 | |
| 0xffffaee27094: sub x4, x4, #0x1 | |
| 0xffffaee27098: add x2, x2, x5 | |
| (gdb) | |
| 0xffffaee2709c: tbnz x3, #63, 0xffffaee27090 | |
| 0xffffaee270a0: ldr x1, [x7] | |
| 0xffffaee270a4: add x4, x1, x4 | |
| 0xffffaee270a8: stp x4, x3, [x7] | |
| 0xffffaee270ac: ret | |
| >>>>> disassembling from 28 bytes _before_ frame pointer: matches to the original beginning of fake_clock_gettime() | |
| (gdb) x/44i 0x0000ffffaee2701c-28 | |
| 0xffffaee27000: mov w3, w0 | |
| 0xffffaee27004: mov x7, x1 | |
| 0xffffaee27008: mov x8, #0x71 // #113 | |
| 0xffffaee2700c: svc #0x0 | |
| 0xffffaee27010: adrp x1, 0xffffaeec7000 | |
| 0xffffaee27014: mov w2, #0x1 // #1 | |
| 0xffffaee27018: lsl w2, w2, w3 | |
| => 0xffffaee2701c: str x1, [x9, #8] | |
| 0xffffaee27020: sxtw x2, w2 | |
| 0xffffaee27024: ldr x1, [x1] | |
| 0xffffaee27028: tst x2, x1 | |
| 0xffffaee2702c: b.eq 0xffffaee270ac // b.none | |
| 0xffffaee27030: adrp x2, 0xffffaeec7000 | |
| 0xffffaee27034: adrp x1, 0xffffaeed3000 | |
| 0xffffaee27038: ldr x6, [x7, #8] | |
| 0xffffaee2703c: mov x5, #0xca00 // #51712 | |
| 0xffffaee27040: str x2, [x12, #8] | |
| 0xffffaee27044: movk x5, #0x3b9a, lsl #16 | |
| 0xffffaee27048: str x1, [x14, #8] | |
| 0xffffaee2704c: ldr x2, [x2] | |
| 0xffffaee27050: ldr x4, [x1] | |
| 0xffffaee27054: add x3, x2, x6 | |
| 0xffffaee27058: cmp x3, x5 | |
| 0xffffaee2705c: b.le 0xffffaee2707c | |
| 0xffffaee27060: mov x1, #0xffffffffffff3600 // #-51712 | |
| 0xffffaee27064: movk x1, #0xc465, lsl #16 | |
| 0xffffaee27068: add x2, x2, x1 | |
| 0xffffaee2706c: add x4, x4, #0x1 | |
| 0xffffaee27070: add x3, x6, x2 | |
| 0xffffaee27074: cmp x3, x5 | |
| 0xffffaee27078: b.gt 0xffffaee27068 | |
| 0xffffaee2707c: tbz x3, #63, 0xffffaee270a0 | |
| 0xffffaee27080: mov x5, #0xca00 // #51712 | |
| 0xffffaee27084: movk x5, #0x3b9a, lsl #16 | |
| 0xffffaee27088: add x2, x2, x5 | |
| 0xffffaee2708c: add x2, x2, x6 | |
| 0xffffaee27090: mov x3, x2 | |
| 0xffffaee27094: sub x4, x4, #0x1 | |
| 0xffffaee27098: add x2, x2, x5 | |
| 0xffffaee2709c: tbnz x3, #63, 0xffffaee27090 | |
| 0xffffaee270a0: ldr x1, [x7] | |
| 0xffffaee270a4: add x4, x1, x4 | |
| 0xffffaee270a8: stp x4, x3, [x7] | |
| 0xffffaee270ac: ret |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~/aanti-wm123/watchmaker$ objdump -d fakeclock/fake_clock_gettime_arm64.o | |
| fakeclock/fake_clock_gettime_arm64.o: file format elf64-littleaarch64 | |
| Disassembly of section .text: | |
| 0000000000000000 <fake_clock_gettime>: | |
| 0: 2a0003e3 mov w3, w0 | |
| 4: aa0103e7 mov x7, x1 | |
| 8: d2800e28 mov x8, #0x71 // #113 | |
| c: d4000001 svc #0x0 | |
| 10: 90000001 adrp x1, 0 <CLOCK_IDS_MASK> | |
| 14: 52800022 mov w2, #0x1 // #1 | |
| 18: 1ac32042 lsl w2, w2, w3 | |
| 1c: f9400021 ldr x1, [x1] | |
| 20: 93407c42 sxtw x2, w2 | |
| 24: f9400021 ldr x1, [x1] | |
| 28: ea01005f tst x2, x1 | |
| 2c: 54000400 b.eq ac <fake_clock_gettime+0xac> // b.none | |
| 30: 90000002 adrp x2, 0 <TV_NSEC_DELTA> | |
| 34: 90000001 adrp x1, 0 <TV_SEC_DELTA> | |
| 38: f94004e6 ldr x6, [x7, #8] | |
| 3c: d2994005 mov x5, #0xca00 // #51712 | |
| 40: f9400042 ldr x2, [x2] | |
| 44: f2a77345 movk x5, #0x3b9a, lsl #16 | |
| 48: f9400021 ldr x1, [x1] | |
| 4c: f9400042 ldr x2, [x2] | |
| 50: f9400024 ldr x4, [x1] | |
| 54: 8b060043 add x3, x2, x6 | |
| 58: eb05007f cmp x3, x5 | |
| 5c: 5400010d b.le 7c <fake_clock_gettime+0x7c> | |
| 60: 92993fe1 mov x1, #0xffffffffffff3600 // #-51712 | |
| 64: f2b88ca1 movk x1, #0xc465, lsl #16 | |
| 68: 8b010042 add x2, x2, x1 | |
| 6c: 91000484 add x4, x4, #0x1 | |
| 70: 8b0200c3 add x3, x6, x2 | |
| 74: eb05007f cmp x3, x5 | |
| 78: 54ffff8c b.gt 68 <fake_clock_gettime+0x68> | |
| 7c: b6f80123 tbz x3, #63, a0 <fake_clock_gettime+0xa0> | |
| 80: d2994005 mov x5, #0xca00 // #51712 | |
| 84: f2a77345 movk x5, #0x3b9a, lsl #16 | |
| 88: 8b050042 add x2, x2, x5 | |
| 8c: 8b060042 add x2, x2, x6 | |
| 90: aa0203e3 mov x3, x2 | |
| 94: d1000484 sub x4, x4, #0x1 | |
| 98: 8b050042 add x2, x2, x5 | |
| 9c: b7ffffa3 tbnz x3, #63, 90 <fake_clock_gettime+0x90> | |
| a0: f94000e1 ldr x1, [x7] | |
| a4: 8b040024 add x4, x1, x4 | |
| a8: a9000ce4 stp x4, x3, [x7] | |
| ac: d65f03c0 ret |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo ./bin/watchmaker_linux_arm64 --pid 22639 --faketime +300 | |
| 2025/06/05 14:39:47 watchmaker.go:44: pid: 22639 faketime: +300 clockids: CLOCK_REALTIME | |
| 2025/06/05 14:39:47 watchmaker.go:60: modifying time, pid: 22639 | |
| 2025/06/05 14:39:47 time_skew_linux.go:114: [INJECT DEBUG] Starting injection for PID 22639 with delta: 0s, 300000000000ns, clockMask: 0x1 | |
| 2025/06/05 14:39:47 time_skew_linux.go:117: [INJECT DEBUG] Injecting time() function... | |
| 2025/06/05 14:39:47 fake_image_linux.go:38: [DEBUG] AttachToProcess: Starting for time, PID: 22639, variables: 2, offsets: 2 | |
| 2025/06/05 14:39:47 fake_image_linux.go:39: [DEBUG] AttachToProcess: Variables requested: map[TV_NSEC_DELTA:300000000000 TV_SEC_DELTA:0] | |
| 2025/06/05 14:39:47 fake_image_linux.go:40: [DEBUG] AttachToProcess: Offsets available: map[TV_NSEC_DELTA:156 TV_SEC_DELTA:172] | |
| 2025/06/05 14:39:47 fake_image_linux.go:74: [DEBUG] AttachToProcess: No existing injection found, injecting new fake image for time | |
| 2025/06/05 14:39:47 ptrace_linux.go:211: [MMAP DEBUG] Attempting mmap: length=188, fd=0, syscall_nr=222 | |
| 2025/06/05 14:39:47 ptrace_linux.go:216: [MMAP DEBUG] Using aligned length: 4096 (original: 188) | |
| 2025/06/05 14:39:48 ptrace_linux.go:224: [MMAP DEBUG] Strategy 1 failed: mmap returned NULL address, result=0x0 | |
| 2025/06/05 14:39:48 ptrace_linux.go:233: [MMAP DEBUG] Strategy 2 (larger allocation) succeeded: address=0xffffb4f94000, allocated=8192 | |
| 2025/06/05 14:39:48 fake_image_linux.go:173: [INJECT DEBUG] Flushing instruction cache for fake image at 0xffffb4f94000, size: 188 | |
| 2025/06/05 14:39:48 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f94000, size=188 | |
| 2025/06/05 14:39:48 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f94000, 188) -> aligned(0xffffb4f94000, 192) | |
| 2025/06/05 14:39:48 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:48 ptrace_linux.go:456: [SYMBOL DEBUG] Looking for symbol 'time', trying variants: [time __kernel_time] | |
| 2025/06/05 14:39:48 ptrace_linux.go:470: [SYMBOL DEBUG] Symbol 'time' not found. Available symbols: | |
| 2025/06/05 14:39:48 ptrace_linux.go:473: [SYMBOL DEBUG] - LINUX_2.6.39 | |
| 2025/06/05 14:39:48 ptrace_linux.go:473: [SYMBOL DEBUG] - __kernel_clock_getres | |
| 2025/06/05 14:39:48 ptrace_linux.go:473: [SYMBOL DEBUG] - __kernel_rt_sigreturn | |
| 2025/06/05 14:39:48 ptrace_linux.go:473: [SYMBOL DEBUG] - __kernel_gettimeofday | |
| 2025/06/05 14:39:48 ptrace_linux.go:473: [SYMBOL DEBUG] - __kernel_clock_gettime | |
| 2025/06/05 14:39:48 fake_image_linux.go:77: [DEBUG] AttachToProcess: InjectFakeImage failed for time: cannot find symbol find origin time in vdso | |
| 2025/06/05 14:39:48 time_skew_linux.go:126: [INJECT DEBUG] time() injection successful | |
| 2025/06/05 14:39:48 time_skew_linux.go:128: [INJECT DEBUG] Injecting clock_gettime() function... | |
| 2025/06/05 14:39:48 fake_image_linux.go:38: [DEBUG] AttachToProcess: Starting for clock_gettime, PID: 22639, variables: 3, offsets: 3 | |
| 2025/06/05 14:39:48 fake_image_linux.go:39: [DEBUG] AttachToProcess: Variables requested: map[CLOCK_IDS_MASK:1 TV_NSEC_DELTA:300000000000 TV_SEC_DELTA:0] | |
| 2025/06/05 14:39:48 fake_image_linux.go:40: [DEBUG] AttachToProcess: Offsets available: map[CLOCK_IDS_MASK:192 TV_NSEC_DELTA:240 TV_SEC_DELTA:256] | |
| 2025/06/05 14:39:48 fake_image_linux.go:74: [DEBUG] AttachToProcess: No existing injection found, injecting new fake image for clock_gettime | |
| 2025/06/05 14:39:48 ptrace_linux.go:211: [MMAP DEBUG] Attempting mmap: length=272, fd=0, syscall_nr=222 | |
| 2025/06/05 14:39:48 ptrace_linux.go:216: [MMAP DEBUG] Using aligned length: 4096 (original: 272) | |
| 2025/06/05 14:39:49 ptrace_linux.go:224: [MMAP DEBUG] Strategy 1 failed: mmap returned NULL address, result=0x0 | |
| 2025/06/05 14:39:49 ptrace_linux.go:233: [MMAP DEBUG] Strategy 2 (larger allocation) succeeded: address=0xffffb4f92000, allocated=8192 | |
| 2025/06/05 14:39:49 fake_image_linux.go:173: [INJECT DEBUG] Flushing instruction cache for fake image at 0xffffb4f92000, size: 272 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f92000, size=272 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f92000, 272) -> aligned(0xffffb4f92000, 320) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux.go:456: [SYMBOL DEBUG] Looking for symbol 'clock_gettime', trying variants: [clock_gettime __kernel_clock_gettime] | |
| 2025/06/05 14:39:49 ptrace_linux.go:463: [SYMBOL DEBUG] Found symbol 'clock_gettime' as '__kernel_clock_gettime' at offset 0x2c0 | |
| 2025/06/05 14:39:49 fake_image_linux.go:187: [INJECT DEBUG] About to overwrite function at 0xffffb4f982c0 (size: 664) with jump to 0xffffb4f92000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:410: [BTI DEBUG] Creating simple replacement patch from 0xffffb4f982c0 to 0xffffb4f92000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:304: [BTI DEBUG] Making VDSO page writable at 0xffffb4f98000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:313: [BTI DEBUG] Successfully made VDSO page writable | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:425: [BTI DEBUG] Original bytes: 1f3c0071e80500542200805263108152 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:447: [BTI DEBUG] First instruction: 0x71003c1f, BTI: false, PAC: false | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:176: [BTI DEBUG] Allocating trampoline near 0xffffb4f982c0, size=32 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:189: [BTI DEBUG] Allocated trampoline at 0xffffb4f91000, distance=0 MB | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:249: [BTI DEBUG] Creating simple replacement trampoline to fake at 0xffffb4f92000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:258: [BTI DEBUG] Added BTI c instruction for landing pad safety | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:287: [BTI DEBUG] Simple replacement trampoline created, total size: 20 bytes | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:288: [BTI DEBUG] Layout: BTI c + LDR+BR (12 bytes) + address (8 bytes) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:289: [BTI DEBUG] Trampoline hexdump: 5f2403d55100005820021fd60020f9b4ffff0000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:290: [BTI DEBUG] Expected sequence: | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:291: [BTI DEBUG] BTI c: 0xd503245f | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:292: [BTI DEBUG] LDR x17: 0x58000051 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:293: [BTI DEBUG] BR x17: 0xd61f0220 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:294: [BTI DEBUG] Address: 0x0000ffffb4f92000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:481: [BTI DEBUG] Branch distance: -29376 bytes (-0.03 MB) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:502: [BTI DEBUG] Using simple patch: | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:503: [BTI DEBUG] 0x17ffe350 (b #-7344) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:504: [BTI DEBUG] 0xd503201f (nop) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:505: [BTI DEBUG] Patch instructions (8 bytes): 50e3ff171f2003d5 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:514: [BTI DEBUG] Flushing instruction cache for patched vDSO function | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f982c0, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f982c0, 8) -> aligned(0xffffb4f982c0, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f91000, size=20 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f91000, 20) -> aligned(0xffffb4f91000, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:322: [BTI DEBUG] Restoring VDSO page to read-execute only at 0xffffb4f98000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:331: [BTI DEBUG] Successfully restored VDSO page protection (W^X) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:533: [BTI DEBUG] Simple function replacement completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:209: [INJECT DEBUG] Successfully overwrote function with jump instruction | |
| 2025/06/05 14:39:49 fake_image_linux.go:80: [DEBUG] AttachToProcess: InjectFakeImage succeeded for clock_gettime | |
| 2025/06/05 14:39:49 fake_image_linux.go:95: [DEBUG] AttachToProcess: About to set variables - fakeEntry: true | |
| 2025/06/05 14:39:49 fake_image_linux.go:101: [DEBUG] AttachToProcess: Setting 3 variables for symbol clock_gettime, PID: 22639 | |
| 2025/06/05 14:39:49 fake_image_linux.go:102: [DEBUG] AttachToProcess: Fake entry at 0xffffb4f92000-0xffffb4f92110, size: 272 | |
| 2025/06/05 14:39:49 fake_image_linux.go:103: [DEBUG] AttachToProcess: Available offsets: map[CLOCK_IDS_MASK:192 TV_NSEC_DELTA:240 TV_SEC_DELTA:256] | |
| 2025/06/05 14:39:49 fake_image_linux.go:106: [DEBUG] AttachToProcess: About to set CLOCK_IDS_MASK=1 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:24: [ARM64 DEBUG] Setting CLOCK_IDS_MASK: value=1, offset=192, base=0xffffb4f92000, ptr_addr=0xffffb4f920c0, val_addr=0xffffb4f920c8 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:28: [ARM64 DEBUG] Memory layout - Entry: 0xffffb4f92000-0xffffb4f92110 (size: 272), ptr_addr within entry: true, val_addr within entry: true | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:34: [ARM64 DEBUG] Step 1: Writing pointer 0xffffb4f920c8 to address 0xffffb4f920c0 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:40: [ARM64 DEBUG] Step 1: Successfully wrote pointer | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:43: [ARM64 DEBUG] Step 2: Writing value 1 to address 0xffffb4f920c8 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:48: [ARM64 DEBUG] Successfully set CLOCK_IDS_MASK=1 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f920c8, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f920c8, 8) -> aligned(0xffffb4f920c0, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:113: [DEBUG] AttachToProcess: Successfully set CLOCK_IDS_MASK=1 | |
| 2025/06/05 14:39:49 fake_image_linux.go:106: [DEBUG] AttachToProcess: About to set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:24: [ARM64 DEBUG] Setting TV_SEC_DELTA: value=0, offset=256, base=0xffffb4f92000, ptr_addr=0xffffb4f92100, val_addr=0xffffb4f92108 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:28: [ARM64 DEBUG] Memory layout - Entry: 0xffffb4f92000-0xffffb4f92110 (size: 272), ptr_addr within entry: true, val_addr within entry: true | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:34: [ARM64 DEBUG] Step 1: Writing pointer 0xffffb4f92108 to address 0xffffb4f92100 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:40: [ARM64 DEBUG] Step 1: Successfully wrote pointer | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:43: [ARM64 DEBUG] Step 2: Writing value 0 to address 0xffffb4f92108 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:48: [ARM64 DEBUG] Successfully set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f92108, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f92108, 8) -> aligned(0xffffb4f92100, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:113: [DEBUG] AttachToProcess: Successfully set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 fake_image_linux.go:106: [DEBUG] AttachToProcess: About to set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:24: [ARM64 DEBUG] Setting TV_NSEC_DELTA: value=300000000000, offset=240, base=0xffffb4f92000, ptr_addr=0xffffb4f920f0, val_addr=0xffffb4f920f8 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:28: [ARM64 DEBUG] Memory layout - Entry: 0xffffb4f92000-0xffffb4f92110 (size: 272), ptr_addr within entry: true, val_addr within entry: true | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:34: [ARM64 DEBUG] Step 1: Writing pointer 0xffffb4f920f8 to address 0xffffb4f920f0 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:40: [ARM64 DEBUG] Step 1: Successfully wrote pointer | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:43: [ARM64 DEBUG] Step 2: Writing value 300000000000 to address 0xffffb4f920f8 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:48: [ARM64 DEBUG] Successfully set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f920f8, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f920f8, 8) -> aligned(0xffffb4f920c0, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:113: [DEBUG] AttachToProcess: Successfully set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 time_skew_linux.go:138: [INJECT DEBUG] clock_gettime() injection successful | |
| 2025/06/05 14:39:49 time_skew_linux.go:140: [INJECT DEBUG] Injecting gettimeofday() function... | |
| 2025/06/05 14:39:49 fake_image_linux.go:38: [DEBUG] AttachToProcess: Starting for gettimeofday, PID: 22639, variables: 2, offsets: 2 | |
| 2025/06/05 14:39:49 fake_image_linux.go:39: [DEBUG] AttachToProcess: Variables requested: map[TV_NSEC_DELTA:300000000000 TV_SEC_DELTA:0] | |
| 2025/06/05 14:39:49 fake_image_linux.go:40: [DEBUG] AttachToProcess: Offsets available: map[TV_NSEC_DELTA:276 TV_SEC_DELTA:292] | |
| 2025/06/05 14:39:49 fake_image_linux.go:74: [DEBUG] AttachToProcess: No existing injection found, injecting new fake image for gettimeofday | |
| 2025/06/05 14:39:49 ptrace_linux.go:211: [MMAP DEBUG] Attempting mmap: length=308, fd=0, syscall_nr=222 | |
| 2025/06/05 14:39:49 ptrace_linux.go:216: [MMAP DEBUG] Using aligned length: 4096 (original: 308) | |
| 2025/06/05 14:39:49 ptrace_linux.go:221: [MMAP DEBUG] Strategy 1 (standard) succeeded: address=0xffffb4f90000 | |
| 2025/06/05 14:39:49 fake_image_linux.go:173: [INJECT DEBUG] Flushing instruction cache for fake image at 0xffffb4f90000, size: 308 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f90000, size=308 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f90000, 308) -> aligned(0xffffb4f90000, 320) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux.go:456: [SYMBOL DEBUG] Looking for symbol 'gettimeofday', trying variants: [gettimeofday __kernel_gettimeofday] | |
| 2025/06/05 14:39:49 ptrace_linux.go:463: [SYMBOL DEBUG] Found symbol 'gettimeofday' as '__kernel_gettimeofday' at offset 0x558 | |
| 2025/06/05 14:39:49 fake_image_linux.go:187: [INJECT DEBUG] About to overwrite function at 0xffffb4f98558 (size: 424) with jump to 0xffffb4f90000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:410: [BTI DEBUG] Creating simple replacement patch from 0xffffb4f98558 to 0xffffb4f90000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:304: [BTI DEBUG] Making VDSO page writable at 0xffffb4f98000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:313: [BTI DEBUG] Successfully made VDSO page writable | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:425: [BTI DEBUG] Original bytes: 44d5fe100c00b012000500b4870040b9 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:447: [BTI DEBUG] First instruction: 0x10fed544, BTI: false, PAC: false | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:176: [BTI DEBUG] Allocating trampoline near 0xffffb4f98558, size=32 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:189: [BTI DEBUG] Allocated trampoline at 0xffffb4f8f000, distance=0 MB | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:249: [BTI DEBUG] Creating simple replacement trampoline to fake at 0xffffb4f90000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:258: [BTI DEBUG] Added BTI c instruction for landing pad safety | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:287: [BTI DEBUG] Simple replacement trampoline created, total size: 20 bytes | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:288: [BTI DEBUG] Layout: BTI c + LDR+BR (12 bytes) + address (8 bytes) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:289: [BTI DEBUG] Trampoline hexdump: 5f2403d55100005820021fd60000f9b4ffff0000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:290: [BTI DEBUG] Expected sequence: | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:291: [BTI DEBUG] BTI c: 0xd503245f | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:292: [BTI DEBUG] LDR x17: 0x58000051 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:293: [BTI DEBUG] BR x17: 0xd61f0220 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:294: [BTI DEBUG] Address: 0x0000ffffb4f90000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:481: [BTI DEBUG] Branch distance: -38232 bytes (-0.04 MB) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:502: [BTI DEBUG] Using simple patch: | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:503: [BTI DEBUG] 0x17ffdaaa (b #-9558) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:504: [BTI DEBUG] 0xd503201f (nop) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:505: [BTI DEBUG] Patch instructions (8 bytes): aadaff171f2003d5 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:514: [BTI DEBUG] Flushing instruction cache for patched vDSO function | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f98558, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f98558, 8) -> aligned(0xffffb4f98540, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f8f000, size=20 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f8f000, 20) -> aligned(0xffffb4f8f000, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:322: [BTI DEBUG] Restoring VDSO page to read-execute only at 0xffffb4f98000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:331: [BTI DEBUG] Successfully restored VDSO page protection (W^X) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:533: [BTI DEBUG] Simple function replacement completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:209: [INJECT DEBUG] Successfully overwrote function with jump instruction | |
| 2025/06/05 14:39:49 fake_image_linux.go:80: [DEBUG] AttachToProcess: InjectFakeImage succeeded for gettimeofday | |
| 2025/06/05 14:39:49 fake_image_linux.go:95: [DEBUG] AttachToProcess: About to set variables - fakeEntry: true | |
| 2025/06/05 14:39:49 fake_image_linux.go:101: [DEBUG] AttachToProcess: Setting 2 variables for symbol gettimeofday, PID: 22639 | |
| 2025/06/05 14:39:49 fake_image_linux.go:102: [DEBUG] AttachToProcess: Fake entry at 0xffffb4f90000-0xffffb4f90134, size: 308 | |
| 2025/06/05 14:39:49 fake_image_linux.go:103: [DEBUG] AttachToProcess: Available offsets: map[TV_NSEC_DELTA:276 TV_SEC_DELTA:292] | |
| 2025/06/05 14:39:49 fake_image_linux.go:106: [DEBUG] AttachToProcess: About to set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:24: [ARM64 DEBUG] Setting TV_SEC_DELTA: value=0, offset=292, base=0xffffb4f90000, ptr_addr=0xffffb4f90124, val_addr=0xffffb4f9012c | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:28: [ARM64 DEBUG] Memory layout - Entry: 0xffffb4f90000-0xffffb4f90134 (size: 308), ptr_addr within entry: true, val_addr within entry: true | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:34: [ARM64 DEBUG] Step 1: Writing pointer 0xffffb4f9012c to address 0xffffb4f90124 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:40: [ARM64 DEBUG] Step 1: Successfully wrote pointer | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:43: [ARM64 DEBUG] Step 2: Writing value 0 to address 0xffffb4f9012c | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:48: [ARM64 DEBUG] Successfully set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f9012c, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f9012c, 8) -> aligned(0xffffb4f90100, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:113: [DEBUG] AttachToProcess: Successfully set TV_SEC_DELTA=0 | |
| 2025/06/05 14:39:49 fake_image_linux.go:106: [DEBUG] AttachToProcess: About to set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:24: [ARM64 DEBUG] Setting TV_NSEC_DELTA: value=300000000000, offset=276, base=0xffffb4f90000, ptr_addr=0xffffb4f90114, val_addr=0xffffb4f9011c | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:28: [ARM64 DEBUG] Memory layout - Entry: 0xffffb4f90000-0xffffb4f90134 (size: 308), ptr_addr within entry: true, val_addr within entry: true | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:34: [ARM64 DEBUG] Step 1: Writing pointer 0xffffb4f9011c to address 0xffffb4f90114 | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:40: [ARM64 DEBUG] Step 1: Successfully wrote pointer | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:43: [ARM64 DEBUG] Step 2: Writing value 300000000000 to address 0xffffb4f9011c | |
| 2025/06/05 14:39:49 fake_image_linux_arm64.go:48: [ARM64 DEBUG] Successfully set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:97: [CACHE DEBUG] Flushing ARM64 instruction cache for addr=0xffffb4f9011c, size=8 | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:117: [CACHE DEBUG] Cache flush: original(0xffffb4f9011c, 8) -> aligned(0xffffb4f90100, 64) | |
| 2025/06/05 14:39:49 ptrace_linux_arm64.go:151: [CACHE DEBUG] ARM64 instruction cache flush completed successfully | |
| 2025/06/05 14:39:49 fake_image_linux.go:113: [DEBUG] AttachToProcess: Successfully set TV_NSEC_DELTA=300000000000 | |
| 2025/06/05 14:39:49 time_skew_linux.go:149: [INJECT DEBUG] gettimeofday() injection successful | |
| 2025/06/05 14:39:49 time_skew_linux.go:151: [INJECT DEBUG] All injections completed successfully for PID 22639 | |
| 2025/06/05 14:39:49 watchmaker.go:65: modifying time success |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment