Initial commit

Author: tonyredondo

go.mod

@@ -0,0 +1,3 @@
+module github.com/undefinedlabs/go-mpatch
+
+go 1.13

patcher.go

@@ -0,0 +1,161 @@
+package mpatch // import "github.com/undefinedlabs/go-mpatch"
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+type (
+	Patch struct {
+		targetBytes []byte
+		target      *reflect.Value
+		redirection *reflect.Value
+	}
+	pointer struct {
+		length uintptr
+		ptr    uintptr
+	}
+)
+
+var (
+	patchLock = sync.Mutex{}
+	patches   = make(map[uintptr]*Patch)
+	pageSize  = syscall.Getpagesize()
+)
+
+func PatchMethod(target, redirection interface{}) (*Patch, error) {
+	tValue := getValueFrom(target)
+	rValue := getValueFrom(redirection)
+	err := isPatchable(&tValue, &rValue)
+	if err != nil {
+		return nil, err
+	}
+	patch := &Patch{target: &tValue, redirection: &rValue}
+	err = applyPatch(patch)
+	if err != nil {
+		return nil, err
+	}
+	return patch, nil
+}
+func PatchInstanceMethodByName(target reflect.Type, methodName string, redirection interface{}) (*Patch, error) {
+	if target.Kind() == reflect.Struct {
+		target = reflect.PtrTo(target)
+	}
+	method, ok := target.MethodByName(methodName)
+	if !ok {
+		return nil, errors.New(fmt.Sprintf("Method '%v' not found", methodName))
+	}
+	return PatchMethodByReflect(method, redirection)
+}
+func PatchMethodByReflect(target reflect.Method, redirection interface{}) (*Patch, error) {
+	tValue := &target.Func
+	rValue := getValueFrom(redirection)
+	err := isPatchable(tValue, &rValue)
+	if err != nil {
+		return nil, err
+	}
+	patch := &Patch{target: tValue, redirection: &rValue}
+	err = applyPatch(patch)
+	if err != nil {
+		return nil, err
+	}
+	return patch, nil
+}
+
+func (p *Patch) Patch() error {
+	if p == nil {
+		return errors.New("patch is nil")
+	}
+	err := isPatchable(p.target, p.redirection)
+	if err != nil {
+		return err
+	}
+	err = applyPatch(p)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func (p *Patch) Unpatch() error {
+	if p == nil {
+		return errors.New("patch is nil")
+	}
+	return applyUnpatch(p)
+}
+
+func isPatchable(target, redirection *reflect.Value) error {
+	if target.Kind() != reflect.Func || redirection.Kind() != reflect.Func {
+		return errors.New("the target and/or redirection is not a Func")
+	}
+	if target.Type() != redirection.Type() {
+		return errors.New(fmt.Sprintf("the target and/or redirection doesn't have the same type: %s != %s", target.Type(), redirection.Type()))
+	}
+	if _, ok := patches[target.Pointer()]; ok {
+		return errors.New("the target is already patched")
+	}
+	return nil
+}
+
+func applyPatch(patch *Patch) error {
+	patchLock.Lock()
+	defer patchLock.Unlock()
+	tPointer := patch.target.Pointer()
+	rPointer := getInternalPtrFromValue(*patch.redirection)
+	rPointerJumpBytes := getJumpFuncBytes(rPointer)
+	tPointerBytes := getMemorySliceFromPointer(tPointer, len(rPointerJumpBytes))
+	targetBytes := make([]byte, len(tPointerBytes))
+	copy(targetBytes, tPointerBytes)
+	err := copyDataToPtr(tPointer, rPointerJumpBytes)
+	if err != nil {
+		return err
+	}
+	patch.targetBytes = targetBytes
+	patches[tPointer] = patch
+	return nil
+}
+
+func applyUnpatch(patch *Patch) error {
+	patchLock.Lock()
+	defer patchLock.Unlock()
+	if patch.targetBytes == nil || len(patch.targetBytes) == 0 {
+		return errors.New("the target is not patched")
+	}
+	tPointer := patch.target.Pointer()
+	if _, ok := patches[tPointer]; !ok {
+		return errors.New("the target is not patched")
+	}
+	delete(patches, tPointer)
+	err := copyDataToPtr(tPointer, patch.targetBytes)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func getInternalPtrFromValue(value reflect.Value) uintptr {
+	return (*pointer)(unsafe.Pointer(&value)).ptr
+}
+
+func getValueFrom(data interface{}) reflect.Value {
+	if cValue, ok := data.(reflect.Value); ok {
+		return cValue
+	} else {
+		return reflect.ValueOf(data)
+	}
+}
+
+func getMemorySliceFromPointer(p uintptr, length int) []byte {
+	return *(*[]byte)(unsafe.Pointer(&reflect.SliceHeader{
+		Data: p,
+		Len:  length,
+		Cap:  length,
+	}))
+}
+
+func getPageStartPtr(ptr uintptr) uintptr {
+	return ptr & ^(uintptr(pageSize - 1))
+}

patcher_test.go

@@ -0,0 +1,64 @@
+package mpatch
+
+import (
+	"reflect"
+	"testing"
+)
+
+//go:noinline
+func methodA() int { return 1 }
+
+//go:noinline
+func methodB() int { return 2 }
+
+type myStruct struct {
+}
+
+//go:noinline
+func (s *myStruct) Method() int {
+	return 1
+}
+
+func TestPatcher(t *testing.T) {
+	patch, err := PatchMethod(methodA, methodB)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if methodA() != 2 {
+		t.Fatal("The patch did not work")
+	}
+
+	err = patch.Unpatch()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if methodA() != 1 {
+		t.Fatal("The unpatch did not work")
+	}
+}
+
+func TestInstancePatcher(t *testing.T) {
+	mStruct := myStruct{}
+
+	var patch *Patch
+	var err error
+	patch, err = PatchInstanceMethodByName(reflect.TypeOf(mStruct), "Method", func(m *myStruct) int {
+		patch.Unpatch()
+		defer patch.Patch()
+		return 41 + m.Method()
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if mStruct.Method() != 42 {
+		t.Fatal("The patch did not work")
+	}
+	err = patch.Unpatch()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if mStruct.Method() != 1 {
+		t.Fatal("The unpatch did not work")
+	}
+}

patcher_unix.go

@@ -0,0 +1,34 @@
+// +build !windows
+
+package mpatch
+
+import "syscall"
+
+var writeAccess = syscall.PROT_READ | syscall.PROT_WRITE | syscall.PROT_EXEC
+var readAccess = syscall.PROT_READ | syscall.PROT_EXEC
+
+func callMProtect(addr uintptr, length int, prot int) error {
+	for p := getPageStartPtr(addr); p < addr+uintptr(length); p += uintptr(pageSize) {
+		page := getMemorySliceFromPointer(p, pageSize)
+		err := syscall.Mprotect(page, prot)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func copyDataToPtr(ptr uintptr, data []byte) error {
+	dataLength := len(data)
+	ptrByteSlice := getMemorySliceFromPointer(ptr, len(data))
+	err := callMProtect(ptr, dataLength, writeAccess)
+	if err != nil {
+		return err
+	}
+	copy(ptrByteSlice, data[:])
+	err = callMProtect(ptr, dataLength, readAccess)
+	if err != nil {
+		return err
+	}
+	return nil
+}

patcher_windows.go

@@ -0,0 +1,35 @@
+// +build windows
+
+package mpatch
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const pageExecuteReadAndWrite = 0x40
+
+var virtualProtectProc = syscall.NewLazyDLL("kernel32.dll").NewProc("VirtualProtect")
+
+func callVirtualProtect(lpAddress uintptr, dwSize int, flNewProtect uint32, lpflOldProtect unsafe.Pointer) error {
+	ret, _, _ := virtualProtectProc.Call(lpAddress, uintptr(dwSize), uintptr(flNewProtect), uintptr(lpflOldProtect))
+	if ret == 0 {
+		return syscall.GetLastError()
+	}
+	return nil
+}
+
+func copyDataToPtr(ptr uintptr, data []byte) error {
+	var oldPerms, tmp uint32
+	dataLength := len(data)
+	ptrByteSlice := getMemorySliceFromPointer(ptr, len(data))
+	err := callVirtualProtect(ptr, dataLength, pageExecuteReadAndWrite, unsafe.Pointer(&oldPerms))
+	if err != nil {
+		return err
+	}
+	copy(ptrByteSlice, data[:])
+	err = callVirtualProtect(ptr, dataLength, oldPerms, unsafe.Pointer(&tmp))
+	if err != nil {
+		return err
+	}
+}

patcher_x32.go

@@ -0,0 +1,15 @@
+// +build 386
+
+package mpatch
+
+// Gets the jump function rewrite bytes
+func getJumpFuncBytes(to uintptr) []byte {
+	return []byte{
+		0xBA,
+		byte(to),
+		byte(to >> 8),
+		byte(to >> 16),
+		byte(to >> 24),
+		0xFF, 0x22,
+	}
+}

patcher_x64.go

@@ -0,0 +1,19 @@
+// +build amd64
+
+package mpatch
+
+// Gets the jump function rewrite bytes
+func getJumpFuncBytes(to uintptr) []byte {
+	return []byte{
+		0x48, 0xBA,
+		byte(to),
+		byte(to >> 8),
+		byte(to >> 16),
+		byte(to >> 24),
+		byte(to >> 32),
+		byte(to >> 40),
+		byte(to >> 48),
+		byte(to >> 56),
+		0xFF, 0x22,
+	}
+}