Re: Rosetta and Code Injection
Re: Rosetta and Code Injection
- Subject: Re: Rosetta and Code Injection
- From: Bob Murphy <email@hidden>
- Date: Wed, 23 Apr 2008 18:37:22 -0700
On Apr 23, 2008, at 4:57 PM, Terry Lambert wrote:
On Apr 23, 2008, at 11:32 AM, Bob Murphy wrote:
However, mach_star uses routines like vm_allocate() and vm_write()
and thread_create_running() that are implemented in xnu. I figured
this list is a good place to ask about my problem because:
a. The problem I'm having is with how the underpinnings of
thread_create_running() operate in the kernel.
Your fundamental premise here is wrong.
What you are doing is more or less like succeeding sneaking into a
bowling alley, even though you have no bowling ball or bowling
shoes: whatever else happens, you're not going to be doing any
bowling.
When I was a kid in Ohio, I just paid for the games, used a ball off
the freebie racks, and bowled in my socks.
Rosetta should probably be thought of as a virtual machine or
interpreter. The process you see in "ps", "lsof", "top", etc., is
actually an instance of a Rosetta process, and not really a PPC
process at all. The PPC "process" is the data on which the native
Rosetta process operates.
If I understand this, then in theory, I could take my PPC-only copy
of MS Word 2004, and successfully execute an x86 thread inside its
Rosetta parent.
That would work for me, except it doesn't: Word crashes hard. The
crash log has a mix of x86 and PPC information, so I gather that what
I think I'm injecting into isn't the Rosetta process.
When I launch Word, though, both ps -Ax and programmatic diagnostics
show only show Word itself, not anything that looks like a separate
Rosetta process.
So how does one distinguish the Rosetta process from the PPC surrogate?
However, I feel I owe it to the people paying me to examine the
possibility that there is some official, Apple-supported way to do
code-inject a PPC executable running under Rosetta, or that
someone else has succeeded in doing this, before rushing off to do
what I consider a dubious hack. And I thought there might be a
faint chance that Apple might, for some odd reason, support this
by some means I hadn't considered.
No supported way (even if you weren't running under Rosetta).
<sigh> The story of my life.
1986 exchange with MacDTS: "How can I write floating point code that
directly accesses the 68881 FPU in our beta Mac II, rather than incur
the overhead of SANE's rather thick wrapper?" "No supported way." (I
hand-coded machine language FPU instructions and embedded them as
data in the middle of an "asm" block in the C source.)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden