[Barebone] Unable to attach to Cortex-R82AE (AVH)
Manouchehri opened this issue · comments
When using Arm Virtual Hardware (AVH) with a Cortex-R82AE device, Frida isn't able to attach.
dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
____
/ _ | Frida 16.1.1 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid register name: TCR_EL1
dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
____
/ _ | Frida 16.2.1 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid TG1 value
lldb works fine.
dave@mbp ~ % lldb --one-line "gdb-remote localhost:4000"
(lldb) gdb-remote localhost:4000
Process 1 stopped
* thread #1, stop reason = signal SIGINT
frame #0: 0x000000000021508c
-> 0x21508c: adrp x23, 205
0x215090: add x2, x23, #0x548
0x215094: ldr w19, [x0, x1]
0x215098: str x2, [sp, #0x88]
Target 0: (No executable module.) stopped.
(lldb) register read
general:
x0 = 0x00000000002e1330
x1 = 0x0000000000000000
x2 = 0x000000000000001f
x3 = 0x0000000000000000
x4 = 0x0000000000000000
x5 = 0x000000000028a000
x6 = 0x0000000000318bc8
x7 = 0x0000000000000012
x8 = 0x0000000000000014
x9 = 0x0000000000000012
x10 = 0x000000000146c310
x11 = 0x0000000000000032
x12 = 0x0000000000310f40
x13 = 0x000000000030cf40
x14 = 0x0000000068fbcea8
x15 = 0x00000000002e1308
x16 = 0xffffffffffffffff
x17 = 0xffffffffffffffff
x18 = 0xffffffffffffffff
x19 = 0x0000000000000000
x20 = 0x0000000000318bc8
x21 = 0x00000000002e0140
x22 = 0x00000000002e5380
x23 = 0x0000000000318778
x24 = 0x0000000000000000
x25 = 0x0000000000318bc8
x26 = 0x00000000002e1330
x27 = 0x00000000002e5380
x28 = 0x0000000000000000
x29 = 0x000000007fb3ab30
x30 = 0x0000000000252fb4
sp = 0x0000000000000000
pc = 0x000000000021508c
cpsr = 0x80000049
fpsr = 0x00000000
fpcr = 0x00000000
32 registers were unavailable.
(lldb) bt
* thread #1, stop reason = signal SIGINT
* frame #0: 0x000000000021508c
frame #1: 0x000000007ff80214
frame #2: 0x000000007ff815d8
frame #3: 0x000000007ff80fac
frame #4: 0x000000007ff95ce8
frame #5: 0x000000007ff8fa34
frame #6: 0x000000007ff8fcf8
frame #7: 0x000000007ff8f314
frame #8: 0x000000007ff8f808
frame #9: 0x000000007ff8fcf8
frame #10: 0x000000007ff8f2d4
frame #11: 0x000000007ff94fec
frame #12: 0x000000007ff95ce8
frame #13: 0x000000007ff8fa34
frame #14: 0x000000007ff8fcf8
frame #15: 0x000000007ff8f314
frame #16: 0x000000007ff8f808
frame #17: 0x000000007ff8fcf8
frame #18: 0x000000007ff8f2d4
frame #19: 0x000000007ff9507c
frame #20: 0x000000007ff95ce8
frame #21: 0x000000007ff8fa34
frame #22: 0x000000007ff8f6f4
frame #23: 0x000000007ff8f6f4
frame #24: 0x000000007ff8fcf8
frame #25: 0x000000007ff8f2d4
frame #26: 0x000000007ff9507c
frame #27: 0x000000007ff95ce8
frame #28: 0x000000007ff8fa34
frame #29: 0x000000007ff8f6f4
frame #30: 0x000000007ff8fcf8
frame #31: 0x000000007ff8f2d4
frame #32: 0x000000007ff9507c
frame #33: 0x000000007ff95ce8
frame #34: 0x000000007ff8fa34
frame #35: 0x000000007ff8f6f4
frame #36: 0x000000007ff8f6f4
frame #37: 0x000000007ff8fcf8
frame #38: 0x000000007ff8f2d4
frame #39: 0x000000007ff9507c
frame #40: 0x000000007ff95ce8
frame #41: 0x000000007ff8fa34
frame #42: 0x000000007ff8f6f4
frame #43: 0x000000007ff8fcf8
frame #44: 0x000000007ff8f2d4
frame #45: 0x000000007ff9507c
frame #46: 0x000000007ff95ce8
frame #47: 0x000000007ff8fa34
frame #48: 0x000000007ff8fcf8
frame #49: 0x000000007ff8f2d4
frame #50: 0x000000007ff9507c
frame #51: 0x000000007ff95ce8
frame #52: 0x000000007ff8fa34
frame #53: 0x000000007ff8fcf8
frame #54: 0x000000007ff8f314
frame #55: 0x000000007ff8f808
frame #56: 0x000000007ff8f6f4
frame #57: 0x000000007ff8fcf8
frame #58: 0x000000007ff8f2d4
frame #59: 0x000000007ff9507c
frame #60: 0x000000007ff95ce8
frame #61: 0x000000007ff8fa34
frame #62: 0x000000007ff8fcf8
frame #63: 0x000000007ff8f2d4
frame #64: 0x000000007ff8e160
frame #65: 0x000000007ff90890
frame #66: 0x000000007ff90b48
frame #67: 0x000000007ff7fe54