Open Menu / common / ProcessAtlas.cpp
Loading...
common/ProcessAtlas.cpp dyld-1340 dyld-1285.19 
--- dyld/dyld-1340/common/ProcessAtlas.cpp
+++ dyld/dyld-1285.19/common/ProcessAtlas.cpp
@@ -56,7 +56,6 @@
 #include "MachOLoaded.h"
 #include "ProcessAtlas.h"
 #include "Utilities.h"
-#include "SafeVMPrimitives.h"
 
 #include "CRC32c.h"
 #include "UUID.h"
@@ -1297,11 +1296,14 @@
         BLEND_KERN_RETURN_LOCATION(*kr, 0xee);
         return nullptr;
     }
+    uint8_t remoteBuffer[16*1024];
+    mach_vm_size_t readSize = 0;
     uint64_t failedAddress = 0;
     while (1) {
         // Using mach_vm_read_overwrite because this is part of dyld. If the file is removed or the codesignature is invalid
         // then the system is broken beyond recovery anyway
-        auto taskInfoBuffer = SafeRemoteBuffer(_task, task_dyld_info.all_image_info_addr, task_dyld_info.all_image_info_size, kr);
+        *kr = mach_vm_read_overwrite(_task, task_dyld_info.all_image_info_addr, task_dyld_info.all_image_info_size,
+                                     (mach_vm_address_t)&remoteBuffer[0], &readSize);
         if (*kr != KERN_SUCCESS) {
             BLEND_KERN_RETURN_LOCATION(*kr, 0xed);
             // If we cannot read the all image info this is game over
@@ -1310,19 +1312,20 @@
         uint64_t compactInfoAddress;
         uint64_t compactInfoSize;
         if (task_dyld_info.all_image_info_format == TASK_DYLD_ALL_IMAGE_INFO_32 ) {
-            const dyld_all_image_infos_32* info = (const dyld_all_image_infos_32*)&taskInfoBuffer.data()[0];
+            const dyld_all_image_infos_32* info = (const dyld_all_image_infos_32*)&remoteBuffer[0];
             compactInfoAddress              = info->compact_dyld_image_info_addr;
             compactInfoSize                 = info->compact_dyld_image_info_size;
         } else {
-            const dyld_all_image_infos_64* info = (const dyld_all_image_infos_64*)&taskInfoBuffer.data()[0];
-            compactInfoAddress              = info->compact_dyld_image_info_addr;
+            const dyld_all_image_infos_64* info = (const dyld_all_image_infos_64*)&remoteBuffer[0];
+            // Mask of TBI bits
+            compactInfoAddress              = (info->compact_dyld_image_info_addr & 0x00ff'ffff'ffff'ffff);
             compactInfoSize                 = info->compact_dyld_image_info_size;
         }
         if (compactInfoSize == 0) {
             return synthesizeSnapshot(kr);
         }
-        
-        auto compactInfoBuffer = SafeRemoteBuffer(_task, compactInfoAddress,compactInfoSize, kr);
+        auto compactInfo = UniquePtr<std::byte>((std::byte*)_transactionalAllocator.malloc((size_t)compactInfoSize));
+        *kr = mach_vm_read_overwrite(_task, compactInfoAddress, compactInfoSize, (mach_vm_address_t)&*compactInfo, &readSize);
         if (*kr != KERN_SUCCESS) {
             BLEND_KERN_RETURN_LOCATION(*kr, 0xec);
             if (compactInfoAddress == failedAddress) {
@@ -1333,7 +1336,8 @@
             // The read failed, chances are the process mutated the compact info, retry
             continue;
         }
-        UniquePtr<ProcessSnapshot> result = _transactionalAllocator.makeUnique<ProcessSnapshot>(_ephemeralAllocator, _fileManager, false, compactInfoBuffer.data());
+        std::span<std::byte> data = std::span<std::byte>(&*compactInfo, (size_t)compactInfoSize);
+        UniquePtr<ProcessSnapshot> result = _transactionalAllocator.makeUnique<ProcessSnapshot>(_ephemeralAllocator, _fileManager, false, data);
         if (!result->valid()) {
             // Something blew up we don't know what
             *kr = KERN_FAILURE;