M README.md => README.md +24 -1
@@ 3,7 3,7 @@
Tool for analyzing [Atmosphère](https://github.com/Atmosphere-NX/Atmosphere) (Nintendo Switch CFW) crash dumps in radare2.
It lets you load binary dumps that Atmosphère puts into `atmosphere/crash_reports/dumps` on the SD card as flags and
-mapped stack contents.
+mapped stack and tls contents.
## Installation
@@ 221,3 221,26 @@ Stack of a thread with telescoping:
0x4befc6f0 0x000000004befc710 ...K.... 1274005264
0x4befc6f8 ..[ null bytes ].. 00000000 th339.crash.reg.x26
```
+
+Hexump of the TLS of a thread:
+```
+[0x604001c0]> px 0x100 @ th339.crash.tls
+- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
+0x6b093200 0200 0000 0000 0000 2000 0000 1580 1100 ........ .......
+0x6b093210 5346 434f 0000 0000 0000 0000 0000 0000 SFCO............
+0x6b093220 0002 0000 0000 0000 2f01 0000 0000 0001 ......../.......
+0x6b093230 0000 0000 0000 0000 0200 0000 0000 0000 ................
+0x6b093240 0000 0000 0000 0000 0600 0000 0000 0000 ................
+0x6b093250 0004 0000 0000 0000 00c0 0100 0000 0000 ................
+0x6b093260 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b093270 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b093280 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b093290 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932a0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932b0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932c0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932d0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932e0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+0x6b0932f0 0000 0000 0000 0000 0000 0000 0000 0000 ................
+```
+
M src/AMSDump.hs => src/AMSDump.hs +3 -2
@@ 29,7 29,8 @@ data Thread = Thread
, stackTop :: Word64
, stackBottom :: Word64
, stackTrace :: [Word64]
- , tlsAddress :: Word64
+ , tlsAddress :: Word64 -- [tlsSize]
+ , tlsDump :: B.ByteString
, stackDumpBase :: Word64
, stackDump :: B.ByteString -- [stackDumpSize]
, name :: B.ByteString }
@@ 80,7 81,7 @@ parseThread = do
stackDump <- getByteString stackDumpSize
stackTraceSize <- getWord64le
stackTrace <- parseArray getWord64le stackTraceSize
- return $ Thread threadContext threadId stackTop stackBottom stackTrace tlsAddr stackDumpBase stackDump nameBytes
+ return $ Thread threadContext threadId stackTop stackBottom stackTrace tlsAddr tls stackDumpBase stackDump nameBytes
parseDump :: Get (Maybe Dump)
M src/DumpR2.hs => src/DumpR2.hs +12 -6
@@ 42,15 42,19 @@ openMalloc = printf "o malloc://%#x %#x"
writeHex :: B.ByteString -> Word64 -> String
writeHex s addr = printf "wx %s @ %#x" (BU.toString $ B.toLazyByteString $ B.byteStringHex s) addr
-loadStackDump :: Thread -> String -> [String]
-loadStackDump thread prefix =
- let dump = stackDump thread
- base = stackDumpBase thread
- size = (fromIntegral $ B.length dump)::Word64 in
- [flagSized (prefix ++ "stack") size base,
+loadMemory :: Word64 -> B.ByteString -> String -> [String]
+loadMemory base dump flagname =
+ let size = (fromIntegral $ B.length dump)::Word64 in
+ [flagSized flagname size base,
openMalloc size base,
writeHex dump base]
+loadStackDump :: Thread -> String -> [String]
+loadStackDump thread prefix = loadMemory (stackDumpBase thread) (stackDump thread) (prefix ++ "stack")
+
+loadTLS :: Thread -> String -> [String]
+loadTLS thread prefix = loadMemory (tlsAddress thread) (tlsDump thread) (prefix ++ "tls")
+
loadStackTrace :: Thread -> String -> [String]
loadStackTrace thread prefix = mapi (\index addr -> flag (prefix ++ "stacktrace." ++ (show index)) addr) $ stackTrace thread
@@ 62,6 66,8 @@ loadThread thread crashed =
++ mapRegs (\r v -> flag (regPrefix ++ r) v) (context thread)
++ loadStackDump thread prefix
++ ["fs dump"]
+ ++ loadTLS thread prefix
+ ++ ["fs dump"]
++ loadStackTrace thread prefix
loadDump :: Dump -> [String]