Anyone else find Setup of any sort to be somewhat always complicated? Whether its setting up dev environment, going through documented installation steps etc. For me most things just would not work like they have been documented to. Maybe it’s just me. Well, this was one of those. Check out the “Into the weeds the section” at the end of the post for more details on mistakes, frustrations, challenges and general lolz and facepalm moments and troubleshooting tips.

Obligatory Environment Details

  1. Windows 10 Enterprise Evaluation v1809

    Setup & Debug
    In each step, where applicable, the superscript numbers reference the official Mozilla Documentation. This would help with troubleshooting when required.

  2. Getting SpiderMonkey Source.
  • Get the latest Mozilla-build 1. Use default installation settings.
  • Run the start-shell.bat file in C:\mozilla-build
  • From within a new Shell navigate to a location where you would want the source to reside
  • Fetch the source using mecurial
    hg clone https://hg.mozilla.org/mozilla-central
    This is going to take some time

    2. Compiling SpiderMonkey 2

        SpiderMonkey requires some pre-requisites as mention in Mozilla build docs.

    1. Follow the instructions from Getting-Ready till Required Tools. During the Visual Studio Setup also select clang for Windows in the individual components. 
    2. Download and Install Microsoft Visual C++ Compiler for Python 
    3. Install .NET Framework 3.5 from "Turn Windows Features Off or On"
    4. launch the start-shell.bat script and navigate to your repo location
    5. Execute the following command to properly configure your environment and catch any missing deps

      6. mozilla-central$ ./mach bootstrap
    6. In the js/src folder create a build directory. Mine is called BUILD_DBG.OBJ (as recommended by Mozilla)
      mozilla-central/js/src$ mkdir BUILD_DBG.OBJ
    7. From within the new directory run the following commands 
    mozilla-central/js/src/BUILD_DBG.OBJ$ autoconf-2.13
mozilla-central/js/src/BUILD_DBG.OBJ$ ../configure --enable-debug --disable-optimize --enable-nspr-build
mozilla-central/js/src/BUILD_DBG.OBJ$ mozmake -j4 -s

    Note the official docs use autoconf2.13 but checking C:\mozilla-build\msys\local\bin we see the correct command

    1. Debugging

           We want to be able to instrument the JS engine from within the debugger and break into it to examine memory. We would be using WinDbg.
    1. Install the WinDbg Preview App from the Windows Store. You can find the app by searching WinDBG in Cortana search box. If you prefer, you can install WinDbg by following these instructions from Download Debugging Tools for Windows
    2. Configure WinDbg as a Postmortem debugger by following these instructions from Microsoft
    3. Configure Symbol path in the debugger
      .sympath srv*c:\symbols*https://msdl.microsoft.com/download/symbols
      .sympath+ srv*C:\symbols*https://symbols.mozilla.org/
    4. Next, we would be using a tool by @0vercl0k. Follow the installation guide on GitHub
      1. Note that to use the command interface on the debugger, you'll have to have attached to a process. You can start and attach to the JS shell at 
        /path/to/debug/build/dist/bin/js.exe
    5. Install python3.7 from Python
    6. Two notable functions only available in Debug build of JS shell are dumpObject() and objectAddress()
    7. Now we should be set to start our Journey


    Resources

    1. https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Windows_Prerequisites
    2. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Build_Documentation
    3. https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/#setting-it-up



    Into the Weeds
    I originally tried to use the source from GitHub using the following command.
    git clone --depth 1 https://github.com/mozilla/gecko-dev.git
    The build time using this method was supposed to be significantly faster. However, I ran into problems running step 7 using that source.The major reason was ./mach bootstrap which is supposed to help with dependencies only works with the Mecurial source. Technically, I could go through the code, see what it does and validate the environment myself but that would be way too much work (I think).

    Now, there’s definitely a way to use Mecurial and still get cloning to complete in a significantly shorter time but I did not explore this option. Feel free to share your quick clone/build tips in the comment below.

    Oh, I almost forgot. Step 2 and 3 where written after multiple fails in step 5. So you may have more fails but that means step 5 is really doing it’s job. Just make the fix to your environment as it suggest. Also it does take sometime.

    I also ran into problems using the following options for configure. --host=x86_64-pc-mingw32 --target=x86_64-pc-mingw32. Definitely, If you have some advice regarding this please share in the comments! But I don’t think we need this.

    I ran config without the --enable-nspr-build option and mozmake failed with 'prinit.h' not found. This was frustrating because I thought I had done everything right. A quick check on my configure and I returned here to update Step 7!

    In the debugging stage. Setting the symbols path, at this point of writing. I’m not sure if that step is required. I seemed to be able to find symbols without specifying the symbols path. This is probably a result of the debug build.

    Special Thanks to 0vercl0k, his blog on Introduction to SpiderMonkey Exploitation3 is a useful reference as I compare and contrast with LiveOverflow’s work on Webkit. It has really helped fast-track my progress