I want to take a look at the implementation of a certain IL instruction, for example, box, in SSCLI, where can I get it in the SSCLI 2.0 source?
I think this is the implementation
C:\Users\preet\Downloads\sscli20_20060311\sscli20\clr\src\vm\methodtable.cpp(1933):OBJECTREF MethodTable::Box(void* data, BOOL mayContainRefs)
Related
This post showed me how to see stuff in SMM. And I notice that Simics shows other normally "hidden" registers like the segment descriptor shadow values, which only get updated indirectly. So is it possible to see the "smbase" register in Simics?
To read one MSR, currently you need to use interface calls on the processor. The "%" operator reads named registers on the current processor. Calling the iface inspects any processor object, and works for-only-has-a-number MSRs.
Use online help to figure out how to use the interface. For example:
simics> #conf.board.mb.cpu0.core[0][0].iface.x86_msr.get_number("IA32_TSC_DEADLINE")
1760
simics> api-help x86_msr_interface_t
Help on API keyword "x86_msr_interface_t":
DESCRIPTION
SIM_INTERFACE(x86_msr) {
void (*register_handlers)(
conf_object_t *cpu,
int64 number,
x86_msr_getter_func_t getter,
lang_void *getter_data,
x86_msr_setter_func_t setter,
lang_void *setter_data,
...
Adding a command for inspection is on the wish list.
UPDATE.
The interface also provides the ability to look up from number to name. For the case of MSR 0x9E, IA32_SMBASE, on the "client" core in Public Simics, looking up the name yields this:
simics> #conf.board.mb.cpu0.core[0][0].iface.x86_msr.get_name(158)
'msr_ia32_smbase'
simics> #conf.board.mb.cpu0.core[0]0].iface.x86_msr.get_number("msr_ia32_smbase")
158
For historical reasons, the register is called msr_ia32_smbase, and not IA32_SMBASE from the manual. In general, looking things up by number is a bit more robust. Esp since many MSRs just have numbers in the Simics model as it is currently set up.
First, you may search the loaded configuration for a particular string using the apropos command (a for short). And since smbase is likely exposed via an attribute it would look like a -a smbase. And if there are anything "smbase" in the configuration you will see it.
I loaded the QSP-x86 Firststeps platform and got several hits on the form
<cpu-class>.msr_ia32_smbase
Also, in general it helps knowing the context of a certain something. Such that smbase is "part of" MSR.
We are in process to migrate our TB to UVM.
I am working on first IP that will be verified using UVM.
I have to find out if it is possible to reuse my uvm_sequences in SOC that remains in OVM mean time.
In case it is possible , like find example how it's done.
Thanks in advance.
You cannot mix OVM and UVM that way. You should be able to write your uvm_sequence in such a way that it work in both by simply changing your u's to o's. You would have to limit your sequence to functionality that exists in both.
If you use UVM RAL. there is a package that integrates that functionality back into OVM.
There is another package, ovm_container, that gives you the functionality of uvm_config_db.
What I want to do is to create a FB to read the signal of input point when it is given a TAG NAME.
For example, if the tag name is "I_motor_sensor", so "I_motor_sensor" is send to Read_I_Point FB, then the FB will give the current status back. So is there a way to do this?
Yes, you can read the symbol using FB_ReadAdsSymByName block in the DataExchange library. Info here.. It will take more than one scan though, so should be considered "heavy".
If you want to read them quickly, create a dictonary of references to the variables of interest to you in an intialisation routine, and access them via their key (which you will use a string for).
There's a TwinCAT3 dictonary class in my freely available library, Intecre Utilities, available here. You could try to adapt that for TC2.
I'd like to deconstruct the raw reports received from the hid_read function of hidapi.
As I understand, this can be achieved using the information from the device's report descriptors. But when trying to query for those descriptors, I get lost somewhere between the HID Spec and using the methods available in hidapi.
I would love to see a concrete C or node-hidapi based example that queries and enumerates all the report descriptors for a device — perhaps a mouse to keep things simple?
I asked Alan Ott by email about this, and he responded with no as follows:
HIDAPI does not provide functions for getting or parsing the report
descriptor. Since HIDAPI is for talking to a custom devices, these
devices will likely contain all or mostly vendor-defined report items
anyway.
This isn't exactly what you're looking for, but it will get the same job done. I highly recommend you use libusbx over any other hid library. If you are willing to do so, here is a very blatant example of device enumeration.
Edit:
It appears that libusbx has been merged back into libusb. This is awesome! As the above link is broken, here is the new link.
I had success with using both https://github.com/Orochimarufan/HIDRAW/tree/master/HIDRAW_test (that is hopefully the C code example that you asked about) and RDD! USB HID Report Descriptor Decoder for more descriptive output.
What is a good place to learn reverse engineering, specifically as it applies to Mac OS X? Two apps that I admire in terms of this subject:
Hyperspaces – Link
and
Orbit – http://www.steventroughtonsmith.com/orbit/
Thanks guys.
You should grab a copy of Mac OS X Internals which is an awesome book about everything that Apple does not tell you. Not only is this great if you are interested in reverse engineering, it will also make you a better OS X programmer in general.
Use class-dump-x/-z to get the private Objective-C headers for OS X/iPhone OS system frameworks. There are a lot of classes/methods hidden from the public (some rightly so)
Apple releases a ton of the foundation of OS X as open source. See here.
In addition, F-Script Anywhere will help a ton with dissecting the Finder and/or any other closed source application.
For iPhoneOS specifically, class-dump-z is a great way to dump headers. The only problem, of course, is that you can't actually see what is going on inside of each method. IDA Pro and a few scripts make it possible to see the assembly instructions for these system frameworks. (example picture: http://grab.by/1Vn6).
The most handy IDC scripts are fixobjc2 and dyldinfo. You can find each of these linked from this blog post: http://networkpx.blogspot.com/2010/01/two-ida-pro-5x-scripts-for-iphoneos.html
But, what good is this information if you can't use it? iPhone developer saurik has written something called MobileSubstrate that enables hooking onto any method. http://svn.saurik.com/repos/menes/trunk/mobilesubstrate/
Others have already mentioned class-dump, which is an excellent tool for retrieving the class definitions from a compiled executable. On a related note, you should also take a look at otx, which is provides very nice (readable), disassembled output.
If you need a way to quickly test snippets of code, use F-Script (mentioned by others), Nu or MacRuby. Of these, I've mainly used Nu. It has the capability to define bridged functions on the fly, and can handle pointers, both of which are pretty handy if you need to call arbitrary C functions.
Since you mentioned being interesting in Spaces and other screen managers, you should also read A brief tutorial on reverse engineering OS X. It's an old article by Rich Wareham (author of the pre-Spaces multi-desktop app: 'Desktop Manager') on how he figured out the call syntax for few private CoreGraphics methods in order to do nice desktop transitions. The source code for Desktop Manager is also available, which might be useful to you.
This site shows how to patch an existing Objective C program: http://www.culater.net/wiki/moin.cgi/CocoaReverseEngineering
Namely posing:
[[B class] poseAsClass:[A class]];
and method swizzling:
/**
* Renames the selector for a given method.
* Searches for a method with _oldSelector and reassigned _newSelector to that
* implementation.
* #return NO on an error and the methods were not swizzled
*/
BOOL DTRenameSelector(Class _class, SEL _oldSelector, SEL _newSelector)
{
Method method = nil;
// First, look for the methods
method = class_getInstanceMethod(_class, _oldSelector);
if (method == nil)
return NO;
method->method_name = _newSelector;
return YES;
}
// *** Example ***
// never implemented, just here to silence a compiler warning
#interface WebInternalImage (PHWebInternalImageSwizzle)
- (void) _webkit_scheduleFrame;
#end
#implementation WebInternalImage (PHWebInternalImage)
+ (void) initialize
{
DTRenameSelector([self class], #selector(scheduleFrame), #selector (_webkit_scheduleFrame));
DTRenameSelector([self class], #selector(_ph_scheduleFrame), #selector(scheduleFrame));
}
- (void) _ph_scheduleFrame
{
// do something crazy...
...
// call the "super" method - this method doesn't exist until runtime
[self _webkit_scheduleFrame];
}
#end
(code copied from http://www.culater.net/wiki/moin.cgi/CocoaReverseEngineering)
As an addition to the other answers, you are going to want to check out DYLD_INSERT_LIBRARIES to inject your code into a Cocoa program.
You should definitely consider using DTrace. There is an excellent BlackHat presentation on using DTrace for reverse engineering on OS X entitled, "DTRACE: The Reverse Engineer's Unexpected Swiss Army Knife".
You can get a copy and view the video presentation here.
There are also some excellent papers at www.uninformed.org on reverse engineering OS X.