abdulowork/browse_packages.py

## browse_packages.py
import re
from lldb import SBDebugger, SBCommandReturnObject, SBCommandInterpreter, SBError, SBProcess

def browse_packages(
    debugger: SBDebugger,
    command: str,
    result: SBCommandReturnObject,
    dict
):
    try:
        klass = 'TBrowserContainerController'
        method = 'allowsBrowsingPackages'
        function_address_return = SBCommandReturnObject()
        interpreter: SBCommandInterpreter = debugger.GetCommandInterpreter()
        interpreter.HandleCommand(
            f'''
            e -l objc --
            @import AppKit;
            @import ObjectiveC;
            (IMP)method_getImplementation(
                (Method)class_getInstanceMethod(
                    (Class)NSClassFromString(@"{klass}"),
                    (SEL)NSSelectorFromString(@"{method}")
                )
            );
            '''.replace('\n', ' '),
            function_address_return
        )
        # (IMP) $1 = 0x31120001045837d8 (actual=0x00000001045837d8 Finder`___lldb_unnamed_symbol4648)
        function_address = int(re.search(r'actual=(.+) ', function_address_return.GetOutput()).group(1), 16)
        print(f'- [{klass} {method}] loaded at {hex(function_address)}\n')

        def print_instructions():
            result = SBCommandReturnObject()
            interpreter.HandleCommand(f'mem read -f i {function_address}', result)
            print(result.GetOutput())

        print('Instructions before patch:')
        print_instructions()

        patch = bytearray([0x20])
        print(f'Writing {[hex(byte) for byte in patch]} to {hex(function_address)}\n')
        process: SBProcess = debugger.GetSelectedTarget().GetProcess()
        process.WriteMemory(function_address, bytearray([0x20]), SBError())

        print('Instructions after patch:')
        print_instructions()
    except Exception as e:
        print(e)


module = os.path.splitext(os.path.basename(__file__))[0]
def __lldb_init_module(debugger: SBDebugger, dict):
    for function in [
        browse_packages.__name__,
    ]:
        print(f'\nRegistering {module}.{function}. Call "{function}" from lldb to run the script')
        debugger.HandleCommand(f'command script add -f {module}.{function} {function}')
	import re
	from lldb import SBDebugger, SBCommandReturnObject, SBCommandInterpreter, SBError, SBProcess

	def browse_packages(
	debugger: SBDebugger,
	command: str,
	result: SBCommandReturnObject,
	dict
	):
	try:
	klass = 'TBrowserContainerController'
	method = 'allowsBrowsingPackages'
	function_address_return = SBCommandReturnObject()
	interpreter: SBCommandInterpreter = debugger.GetCommandInterpreter()
	interpreter.HandleCommand(
	f'''
	e -l objc --
	@import AppKit;
	@import ObjectiveC;
	(IMP)method_getImplementation(
	(Method)class_getInstanceMethod(
	(Class)NSClassFromString(@"{klass}"),
	(SEL)NSSelectorFromString(@"{method}")
	)
	);
	'''.replace('\n', ' '),
	function_address_return
	)
	# (IMP) $1 = 0x31120001045837d8 (actual=0x00000001045837d8 Finder`___lldb_unnamed_symbol4648)
	function_address = int(re.search(r'actual=(.+) ', function_address_return.GetOutput()).group(1), 16)
	print(f'- [{klass} {method}] loaded at {hex(function_address)}\n')

	def print_instructions():
	result = SBCommandReturnObject()
	interpreter.HandleCommand(f'mem read -f i {function_address}', result)
	print(result.GetOutput())

	print('Instructions before patch:')
	print_instructions()

	patch = bytearray([0x20])
	print(f'Writing {[hex(byte) for byte in patch]} to {hex(function_address)}\n')
	process: SBProcess = debugger.GetSelectedTarget().GetProcess()
	process.WriteMemory(function_address, bytearray([0x20]), SBError())

	print('Instructions after patch:')
	print_instructions()
	except Exception as e:
	print(e)


	module = os.path.splitext(os.path.basename(__file__))[0]
	def __lldb_init_module(debugger: SBDebugger, dict):
	for function in [
	browse_packages.__name__,
	]:
	print(f'\nRegistering {module}.{function}. Call "{function}" from lldb to run the script')
	debugger.HandleCommand(f'command script add -f {module}.{function} {function}')