Use madvise to maximize memory dump

Your Name · Your Name · commit 3e33f9451c2b · 2024-12-05T09:25:54.000Z
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "frida-cshell",
-  "version": "1.8.4",
+  "version": "1.8.5",
   "description": "Frida's CShell",
   "scripts": {
     "prepare": "npm run version && npm run build && npm run package && npm run copy",
diff --git a/src/cmdlets/misc/corpse/corpse.ts b/src/cmdlets/misc/corpse/corpse.ts
@@ -16,6 +16,7 @@ import { APP_VERSION, GIT_COMMIT_HASH } from '../../../version.js';
 import { Overlay } from '../../../memory/overlay.js';
 import { Regs } from '../../../breakpoints/regs.js';
 import { Vars } from '../../../vars/vars.js';
+import { Madvise } from './madvise.js';
 
 export class CorpseCmdLet extends CmdLetBase {
   name = 'corpse';
@@ -34,6 +35,7 @@ corpse - create a corpse file`;
   private clone: Fork | null = null;
   private proc: Proc | null = null;
   private mem: Mem | null = null;
+  private madvise: Madvise | null = null;
 
   public runSync(tokens: Token[]): Var {
     if (tokens.length != 0) return this.usage();
@@ -48,6 +50,9 @@ corpse - create a corpse file`;
         run 'setenforce 0' to disable`);
     }
 
+    const madvise = this.madvise as Madvise;
+    madvise.tryForkAll(this.warning);
+
     /* run the clone */
     const debugFileName = Files.getRandomFileName('debug');
     this.status(`Creating debug file: '${debugFileName}'`);
@@ -139,6 +144,9 @@ corpse - create a corpse file`;
 
       this.writeMetadata(debug);
 
+      const madvise = this.madvise as Madvise;
+      madvise.tryDumpAll(debug);
+
       debug(`Suicide`);
       proc.kill(pid, Proc.SIGABRT);
     } catch (error) {
@@ -301,6 +309,7 @@ corpse - create a corpse file`;
           this.clone = new Fork();
           this.proc = new Proc();
           this.mem = new Mem();
+          this.madvise = new Madvise();
         } catch {
           return false;
         }
diff --git a/src/cmdlets/misc/corpse/madvise.ts b/src/cmdlets/misc/corpse/madvise.ts
@@ -0,0 +1,84 @@
+import { Mem } from '../../../memory/mem.js';
+
+export class Madvise {
+  private static readonly MADV_DOFORK: number = 11;
+  private static readonly MADV_DODUMP: number = 17;
+  // int madvise(void addr[.length], size_t length, int advice);
+  private fnMadvise: SystemFunction<
+    number,
+    [NativePointer, UInt64 | number, number]
+  >;
+
+  constructor() {
+    const pMadvise = Module.findExportByName(null, 'madvise');
+    if (pMadvise === null) throw new Error('failed to find madvise');
+
+    this.fnMadvise = new SystemFunction(pMadvise, 'int', [
+      'pointer',
+      'size_t',
+      'int',
+    ]);
+  }
+
+  private doFork(base: NativePointer, size: number) {
+    const ret = this.fnMadvise(
+      base,
+      size,
+      Madvise.MADV_DOFORK,
+    ) as UnixSystemFunctionResult<number>;
+    if (ret.value !== 0)
+      throw new Error(
+        `failed to madvise, errno: ${ret.errno}, base: ${base}, size: ${size}`,
+      );
+  }
+
+  private doDump(base: NativePointer, size: number) {
+    const ret = this.fnMadvise(
+      base,
+      size,
+      Madvise.MADV_DODUMP,
+    ) as UnixSystemFunctionResult<number>;
+    if (ret.value !== 0)
+      throw new Error(
+        `failed to madvise, errno: ${ret.errno}, base: ${base}, size: ${size}`,
+      );
+  }
+
+  private alignRange(
+    base: NativePointer,
+    size: number,
+  ): { base: NativePointer; size: number } {
+    const limit = base.add(size);
+    const alignedLimit = Mem.pageAlignUp(limit);
+    const alignedBase = Mem.pageAlignDown(base);
+    const alignedSize = alignedLimit.sub(alignedBase).toUInt32();
+    return { base: alignedBase, size: alignedSize };
+  }
+
+  private forAlignedRanges(fn: (base: NativePointer, size: number) => void) {
+    Process.enumerateRanges('---').forEach(r => {
+      const { base, size } = this.alignRange(r.base, r.size);
+      fn(base, size);
+    });
+  }
+
+  public tryForkAll(debug: (msg: string) => void) {
+    this.forAlignedRanges((base, size) => {
+        try {
+            this.doFork(base, size)
+        } catch (e) {
+            debug(`failed to madvise MADV_DOFORK range: ${e}, base: ${base}, size: ${size}`);
+        }
+    });
+  }
+
+  public tryDumpAll(debug: (msg: string) => void) {
+    this.forAlignedRanges((base, size) => {
+        try {
+            this.doDump(base, size)
+        } catch (e) {
+            debug(`failed to madvise MADV_DODUMP range: ${e}, base: ${base}, size: ${size}`);
+        }
+    });
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "frida-cshell",`
`3`		`- "version": "1.8.4",`
	`3`	`+ "version": "1.8.5",`
`4`	`4`	`"description": "Frida's CShell",`
`5`	`5`	`"scripts": {`
`6`	`6`	`"prepare": "npm run version && npm run build && npm run package && npm run copy",`