Re: [PATCH] [RFC] Add g_*_deinit() API

From: Ole André Vadla Ravnås <oleavr gmail com>
To: Matthias Clasen <matthias clasen gmail com>
Cc: gtk-devel-list gnome org
Subject: Re: [PATCH] [RFC] Add g_*_deinit() API
Date: Wed, 29 Sep 2010 16:25:57 +0200

On Wed, Sep 29, 2010 at 3:49 PM, Matthias Clasen
<matthias clasen gmail com> wrote:
> On Wed, Sep 29, 2010 at 9:46 AM, Ole André Vadla Ravnås
> <oleavr gmail com> wrote:
>> I'm currently working on adding API to GLib/GObject/GIO for explicitly
>> cleaning up statically allocated resources, like TLS keys, threads,
>> handles, heap blocks, etc.
>>
>> This is clearly not useful to regular GLib-based applications where
>> GLib has the same life-time as the host process itself, so such
>> applications/libraries will behave just like before, because they
>> won't be calling any deinit functions at exit/unload.  However, in
>> certain applications, like for example Frida
>> (http://code.google.com/p/frida-ire/), there is a shared library which
>> has its own private copy of GLib/GObject/GIO statically linked in, and
>> this library gets injected into already running applications in order
>> to do runtime instrumentation of APIs and things like that.
>
>
> Lets just say: don't do that ?

People have been trying to tell me that for years, but I guess I'm hopeless. ;-)

Here's a few screenshots of how this is used in real life:

1. We're attached to Spotify on Windows. Decide it would be fun to
change the argument list of calls to DrawTextExW, so we write a little
script which we send over to the agent running inside the target
process. Agent compiles the script into native machine code and
patches the DrawTextExW function in memory so any future calls to it
will invoke the script before executing the original instructions:
http://dl.dropbox.com/u/169648/frida-multibackend-08.png

2. Switch over to Spotify and hover the mouse around the UI to trigger
redraws and thus calls to DrawTextExW, and the result:
http://dl.dropbox.com/u/169648/frida-multibackend-09.png

3. Decide we've had enough fun, so we detach the script from DrawTextExW:
http://dl.dropbox.com/u/169648/frida-multibackend-10.png

4. Switch back to Spotify again and trigger redraws, and things are
indeed back to normal:
http://dl.dropbox.com/u/169648/frida-multibackend-11.png

That was Windows/x86. Here's an example of using it to inject the
GLib-based agent into an application running on an iPhone/ARM, and
using it to see calls to an internal logging function used by FaceTime
(the text you see is actually g_variant_print(), as the "Send*"
statements in the script produces a GVariant tuple with the values
that you "Send"):
http://dl.dropbox.com/u/169648/frida-iPhone-script.png

As you can see this isn't a hypothetical "what if GLib could be used
like this", so if I have to maintain this patch and GLib fork
indefinitely, then so be it, it's worth the pain. :-)

Cheers,
Ole André

References:
- [PATCH] [RFC] Add g_*_deinit() API
  - From: =?ISO-8859-1?Q?Ole_Andr=E9_Vadla_Ravn=E5s?=
- Re: [PATCH] [RFC] Add g_*_deinit() API
  - From: Matthias Clasen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]