Retrieving ASLR offset using mach_vm_region

Documentation/usage/dlv.md

@@ -25,7 +25,7 @@ Pass flags to the program you are debugging using `--`, for example:
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_attach.md

@@ -31,7 +31,7 @@ dlv attach pid [executable]
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_backend.md

@@ -24,7 +24,7 @@ are:
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_connect.md

@@ -20,7 +20,7 @@ dlv connect addr
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_core.md

@@ -26,7 +26,7 @@ dlv core <executable> <core>
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_dap.md

@@ -27,7 +27,7 @@ dlv dap
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_debug.md

@@ -33,7 +33,7 @@ dlv debug [package]
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_exec.md

@@ -33,7 +33,7 @@ dlv exec <path/to/binary>
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_log.md

@@ -39,7 +39,7 @@ and dap modes.
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_redirect.md

@@ -27,7 +27,7 @@ File redirects can also be changed using the 'restart' command.
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_replay.md

@@ -24,7 +24,7 @@ dlv replay [trace directory]
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_run.md

@@ -20,7 +20,7 @@ dlv run
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_test.md

@@ -31,7 +31,7 @@ dlv test [package]
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_trace.md

@@ -38,7 +38,7 @@ dlv trace [package] regexp
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

Documentation/usage/dlv_version.md

@@ -20,7 +20,7 @@ dlv version
       --backend string                   Backend selection (see 'dlv help backend'). (default "default")
       --build-flags string               Build flags, to be passed to the compiler.
       --check-go-version                 Checks that the version of Go in use is compatible with Delve. (default true)
-      --disable-aslr                     Disables address space randomization. This option is forced to true on darwin/arm64
+      --disable-aslr                     Disables address space randomization
       --headless                         Run debug server only, in headless mode.
       --init string                      Init file, executed by the terminal client.
   -l, --listen string                    Debugging server listen address. (default "127.0.0.1:0")

cmd/dlv/cmds/commands.go

@@ -134,7 +134,7 @@ func New(docCall bool) *cobra.Command {
 	rootCommand.PersistentFlags().StringVar(&backend, "backend", "default", `Backend selection (see 'dlv help backend').`)
 	rootCommand.PersistentFlags().StringArrayVarP(&redirects, "redirect", "r", []string{}, "Specifies redirect rules for target process (see 'dlv help redirect')")
 	rootCommand.PersistentFlags().BoolVar(&allowNonTerminalInteractive, "allow-non-terminal-interactive", false, "Allows interactive sessions of Delve that don't have a terminal as stdin, stdout and stderr")
-	rootCommand.PersistentFlags().BoolVar(&disableASLR, "disable-aslr", false, "Disables address space randomization. This option is forced to true on darwin/arm64")
+	rootCommand.PersistentFlags().BoolVar(&disableASLR, "disable-aslr", false, "Disables address space randomization")
 
 	// 'attach' subcommand.
 	attachCommand := &cobra.Command{

pkg/proc/bininfo.go

@@ -1372,6 +1372,15 @@ func loadBinaryInfoMacho(bi *BinaryInfo, image *Image, path string, entryPoint u
 	if err != nil {
 		return err
 	}
+
+	if entryPoint != 0 {
+		// This is a little bit hacky. We use the entryPoint variable, but it
+		// actually holds the address of the mach-o header. We can use this
+		// to calculate the offset to the non-aslr location of the mach-o header
+		// (which is 0x100000000)
+		image.StaticBase = entryPoint - 0x100000000
+	}
+
 	image.closer = exe
 	if !supportedDarwinArch[exe.Cpu] {
 		return &ErrUnsupportedArch{os: "darwin", cpuArch: exe.Cpu}

pkg/proc/native/proc_darwin.c

@@ -86,6 +86,28 @@ reset_exception_ports(task_t task, mach_port_t *exception_port, mach_port_t *not
 	return KERN_SUCCESS;
 }
 
+mach_vm_address_t
+get_macho_header_offset(task_t task) {
+	kern_return_t kret;
+	mach_vm_address_t address;
+	mach_vm_size_t size;
+	vm_region_basic_info_data_64_t info;
+	mach_msg_type_number_t infoCnt = VM_REGION_BASIC_INFO_COUNT_64;
+	mach_port_t object_name;
+
+	// start at 0x0
+	address = 0x0;
+
+	kret = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO_64,
+										(vm_region_info_64_t)&info, &infoCnt, &object_name);
+	// Return 0 if we cannot find the address, since we implicitly use this to denote
+	// that we do not have the entrypoint in bininfo
+	if (kret != KERN_SUCCESS) return 0;
+
+	// address will then contain the start address of the section after __PAGEZERO, i.e. the mach-o header
+	return address;
+}
+
 char *
 find_executable(int pid) {
 	static char pathbuf[PATH_MAX];

pkg/proc/native/proc_darwin.go

@@ -14,7 +14,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"runtime"
 	"unsafe"
 
 	sys "golang.org/x/sys/unix"
@@ -64,7 +63,7 @@ func Launch(cmd []string, wd string, flags proc.LaunchFlags, _ []string, _ strin
 	argvSlice = append(argvSlice, nil)
 
 	disableASLR := 0
-	if flags&proc.LaunchDisableASLR != 0 || (runtime.GOOS == "darwin" && runtime.GOARCH == "arm64") {
+	if flags&proc.LaunchDisableASLR != 0 {
 		disableASLR = 1
 	}
 
@@ -119,12 +118,10 @@ func Launch(cmd []string, wd string, flags proc.LaunchFlags, _ []string, _ strin
 
 	dbp.os.initialized = true
 
-	regs, err := dbp.memthread.Registers()
-	if err != nil {
-		return nil, err
-	}
-
-	dbp.os.entryPoint = regs.PC()
+	// This is a bit hacky. This is technically not the entrypoint,
+	// but rather we use the variable to points at the mach-o header,
+	// so we can get the offset in bininfo
+	dbp.os.entryPoint = uint64(C.get_macho_header_offset(dbp.os.task))
 
 	tgt, err := dbp.initialize(argv0Go, []string{})
 	if err != nil {
@@ -161,6 +158,12 @@ func Attach(pid int, _ []string) (*proc.Target, error) {
 		return nil, err
 	}
 
+	// TODO: Find out, if the target is actually using ASLR or not
+	// This is a bit hacky. This is technically not the entrypoint,
+	// but rather we use the variable to points at the mach-o header,
+	// so we can get the offset in bininfo
+	dbp.os.entryPoint = uint64(C.get_macho_header_offset(dbp.os.task))
+
 	tgt, err := dbp.initialize(findExecutable("", dbp.pid), []string{})
 	if err != nil {
 		dbp.Detach(false)
@@ -478,4 +481,6 @@ func (dbp *nativeProcess) EntryPoint() (uint64, error) {
 	return dbp.os.entryPoint, nil
 }
 
-func initialize(dbp *nativeProcess) error { return nil }
+func initialize(dbp *nativeProcess) error {
+	return nil
+}

pkg/proc/native/proc_darwin.h

@@ -61,3 +61,6 @@ get_task_for_pid(int pid);
 
 int
 task_is_valid(task_t task);
+
+mach_vm_address_t
+get_macho_header_offset(task_t task);