func (thread *Thread) saveRegisters() (Registers, error) { kret := C.get_registers(C.mach_port_name_t(thread.os.thread_act), &thread.os.registers) if kret != C.KERN_SUCCESS { return nil, fmt.Errorf("could not save register contents") } return &Regs{rip: uint64(thread.os.registers.__rip), rsp: uint64(thread.os.registers.__rsp)}, nil }
func registers(thread *Thread) (Registers, error) { var state C.x86_thread_state64_t kret := C.get_registers(C.mach_port_name_t(thread.os.thread_act), &state) if kret != C.KERN_SUCCESS { return nil, fmt.Errorf("could not get registers") } regs := &Regs{ rax: uint64(state.__rax), rbx: uint64(state.__rbx), rcx: uint64(state.__rcx), rdx: uint64(state.__rdx), rdi: uint64(state.__rdi), rsi: uint64(state.__rsi), rbp: uint64(state.__rbp), rsp: uint64(state.__rsp), r8: uint64(state.__r8), r9: uint64(state.__r9), r10: uint64(state.__r10), r11: uint64(state.__r11), r12: uint64(state.__r12), r13: uint64(state.__r13), r14: uint64(state.__r14), r15: uint64(state.__r15), rip: uint64(state.__rip), rflags: uint64(state.__rflags), cs: uint64(state.__cs), fs: uint64(state.__fs), gs: uint64(state.__gs), } return regs, nil }
func registers(thread *Thread) (Registers, error) { var state C.x86_thread_state64_t var identity C.thread_identifier_info_data_t kret := C.get_registers(C.mach_port_name_t(thread.os.thread_act), &state) if kret != C.KERN_SUCCESS { return nil, fmt.Errorf("could not get registers") } kret = C.get_identity(C.mach_port_name_t(thread.os.thread_act), &identity) if kret != C.KERN_SUCCESS { return nil, fmt.Errorf("could not get thread identity informations") } /* thread_identifier_info::thread_handle contains the base of the thread-specific data area, which on x86 and x86_64 is the thread’s base address of the %gs segment. 10.9.2 xnu-2422.90.20/osfmk/kern/thread.c thread_info_internal() gets the value from machine_thread::cthread_self, which is the same value used to set the %gs base in xnu-2422.90.20/osfmk/i386/pcb_native.c act_machine_switch_pcb(). -- comment copied from chromium's crashpad https://chromium.googlesource.com/crashpad/crashpad/+/master/snapshot/mac/process_reader.cc */ regs := &Regs{ rax: uint64(state.__rax), rbx: uint64(state.__rbx), rcx: uint64(state.__rcx), rdx: uint64(state.__rdx), rdi: uint64(state.__rdi), rsi: uint64(state.__rsi), rbp: uint64(state.__rbp), rsp: uint64(state.__rsp), r8: uint64(state.__r8), r9: uint64(state.__r9), r10: uint64(state.__r10), r11: uint64(state.__r11), r12: uint64(state.__r12), r13: uint64(state.__r13), r14: uint64(state.__r14), r15: uint64(state.__r15), rip: uint64(state.__rip), rflags: uint64(state.__rflags), cs: uint64(state.__cs), fs: uint64(state.__fs), gs: uint64(state.__gs), gs_base: uint64(identity.thread_handle), } return regs, nil }