def __init__(self, process, mm): ip = process.getInstrPointer() fp = process.getFramePointer() self.module = FindModule(ip,mm) self.fp_type = RefinePType(Type("Ptr32",4), fp, process, mm) #print "fp:",hex(fp_type[1]), str(fp_type[0]) if not process.no_frame_pointer: #str(self.fp_type[0]) == "SPtr32": self.bt = getBacktrace(process,max_args=0, max_depth=20) else: self.bt = Backtrace() frames = [] for i,frame in enumerate(self.bt.frames): r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm) frames.append(r_type) #print "ip:", str(r_type[0]) if not (str(r_type[0]) == "GxPtr32"): break #if str(r_type[0]) == "DPtr32": # break self.bt.frames = frames self.eip_type = RefinePType(Type("Ptr32",4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm): self.name = "Abort" ip = process.getInstrPointer() self.bt = process.getBacktrace(max_args=0, max_depth=20) self.module = FindModule(ip, mm) # print self.bt, type(self.bt) frames = [] if CPU_X86_64: # detection of stack frame disabled, python-ptrace does not support # ... pass if CPU_I386: for i, frame in enumerate(self.bt.frames): r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm) frames.append(r_type) if str(r_type[0]) == "DPtr32": break self.bt.frames = frames # print "frames",frames # print "self.bt.frames", self.bt.frames self.eip = RefinePType(Type("Ptr32", 4), ip, process, mm)
def __init__(self, process, mm): ip = process.getInstrPointer() fp = process.getFramePointer() self.module = FindModule(ip, mm) self.fp_type = RefinePType(Type("Ptr32", 4), fp, process, mm) # print "fp:",hex(fp_type[1]), str(fp_type[0]) if not process.no_frame_pointer: # str(self.fp_type[0]) == "SPtr32": self.bt = getBacktrace(process, max_args=0, max_depth=20) else: self.bt = Backtrace() frames = [] if CPU_X86_64: # detection of stack frame disabled, python-ptrace does not support # ... pass if CPU_I386: for i, frame in enumerate(self.bt.frames): print "frame", frame, hex(frame.ip) r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm) frames.append(r_type) # print "ip:", str(r_type[0]) if not (str(r_type[0]) == "GxPtr32"): break self.bt.frames = frames self.eip_type = RefinePType( Type("Ptr32", 4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm): self.name = "Abort" ip = process.getInstrPointer() self.bt = process.getBacktrace(max_args=0, max_depth=20) self.module = FindModule(ip,mm) #print self.bt, type(self.bt) frames = [] for i,frame in enumerate(self.bt.frames): r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm) frames.append(r_type) if str(r_type[0]) == "DPtr32": break self.bt.frames = frames #print "frames",frames #print "self.bt.frames", self.bt.frames self.eip = RefinePType(Type("Ptr32",4), ip, process, mm)
def detect_vulnerability(preevents, event, process, mm): if isinstance(event, Call): (name, args) = event.GetTypedName() if name == "system" or name == "popen": pass elif isinstance(event, Abort): if len(event.bt) > 0 and len(preevents) > 0: if not (str(preevents[-1]) in ["free", "malloc", "realloc"]): return None for (typ, val) in event.bt: module = FindModule(val, mm) if module == "[vdso]": pass elif "libc-" in module: assert(0) return Vulnerability("MemoryCorruption") else: return None elif isinstance(event, Crash): if str( event.fp_type[0]) == "DPtr32" and str( event.eip_type[0]) == "DPtr32": return Vulnerability("StackCorruption") for (typ, val) in event.bt: if str(typ) == "DPtr32": return Vulnerability("StackCorruption") elif isinstance(event, Signal): pass return None