| Index: src/processor/exploitability_linux.h
|
| ===================================================================
|
| --- src/processor/exploitability_linux.h (revision 1491)
|
| +++ src/processor/exploitability_linux.h (working copy)
|
| @@ -37,7 +37,6 @@
|
| #ifndef GOOGLE_BREAKPAD_PROCESSOR_EXPLOITABILITY_LINUX_H_
|
| #define GOOGLE_BREAKPAD_PROCESSOR_EXPLOITABILITY_LINUX_H_
|
|
|
| -#include "common/scoped_ptr.h"
|
| #include "google_breakpad/common/breakpad_types.h"
|
| #include "google_breakpad/processor/exploitability.h"
|
|
|
| @@ -48,9 +47,21 @@
|
| ExploitabilityLinux(Minidump *dump,
|
| ProcessState *process_state);
|
|
|
| + // Parameters are the minidump to analyze, the object representing process
|
| + // state, and whether to enable objdump disassembly.
|
| + // Enabling objdump will allow exploitability analysis to call out to
|
| + // objdump for diassembly. It is used to check the identity of the
|
| + // instruction that caused the program to crash. If there are any
|
| + // portability concerns, this should not be enabled.
|
| + ExploitabilityLinux(Minidump *dump,
|
| + ProcessState *process_state,
|
| + bool enable_objdump);
|
| +
|
| virtual ExploitabilityRating CheckPlatformExploitability();
|
|
|
| private:
|
| + friend class ExploitabilityLinuxTest;
|
| +
|
| // Takes the address of the instruction pointer and returns
|
| // whether the instruction pointer lies in a valid instruction region.
|
| bool InstructionPointerInCode(uint64_t instruction_ptr);
|
| @@ -59,6 +70,40 @@
|
| // minidump and reports whether the exception suggests no exploitability.
|
| bool BenignCrashTrigger(const MDRawExceptionStream *raw_exception_stream);
|
|
|
| + // This method checks if the crash occurred during a write to read-only or
|
| + // invalid memory. It does so by checking if the instruction at the
|
| + // instruction pointer is a write instruction, and if the target of the
|
| + // instruction is at a spot in memory that prohibits writes.
|
| + bool EndedOnIllegalWrite(uint64_t instruction_ptr);
|
| +
|
| +#ifndef _WIN32
|
| + // Disassembles raw bytes via objdump and pipes the output into the provided
|
| + // buffer, given the desired architecture, the file from which objdump will
|
| + // read, and the buffer length. The method returns whether the disassembly
|
| + // was a success, and the caller owns all pointers.
|
| + static bool DisassembleBytes(const string &architecture,
|
| + const uint8_t *raw_bytes,
|
| + const unsigned int MAX_OBJDUMP_BUFFER_LEN,
|
| + char *objdump_output_buffer);
|
| +
|
| + // Tokenizes out the operation and operands from a line of instruction
|
| + // disassembled by objdump. This method modifies the pointers to match the
|
| + // tokens of the instruction, and returns if the tokenizing was a success.
|
| + // The caller owns all pointers.
|
| + static bool TokenizeObjdumpInstruction(const string &line,
|
| + string *operation,
|
| + string *dest,
|
| + string *src);
|
| +
|
| + // Calculates the effective address of an expression in the form reg+a or
|
| + // reg-a, where 'reg' is a register and 'a' is a constant, and writes the
|
| + // result in the pointer. The method returns whether the calculation was
|
| + // a success. The caller owns the pointer.
|
| + static bool CalculateAddress(const string &address_expression,
|
| + const DumpContext &context,
|
| + uint64_t *write_address);
|
| +#endif // _WIN32
|
| +
|
| // Checks if the stack pointer points to a memory mapping that is not
|
| // labelled as the stack.
|
| bool StackPointerOffStack(uint64_t stack_ptr);
|
| @@ -66,6 +111,10 @@
|
| // Checks if the stack or heap are marked executable according
|
| // to the memory mappings.
|
| bool ExecutableStackOrHeap();
|
| +
|
| + // Whether this exploitability engine is permitted to shell out to objdump
|
| + // to disassemble raw bytes.
|
| + bool enable_objdump_;
|
| };
|
|
|
| } // namespace google_breakpad
|
|
|
Chromium Code Reviews
Issue 1273823004:
Add check for Linux minidump ending on bad write for exploitability rating. (Closed)
Base URL: http://google-breakpad.googlecode.com/svn/trunk/