def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip,mm)
self.fp_type = RefinePType(Type("Ptr32",4), fp, process, mm)
#print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: #str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process,max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
#print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
#if str(r_type[0]) == "DPtr32":
# break
self.bt.frames = frames
self.eip_type = RefinePType(Type("Ptr32",4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip, mm)
# print self.bt, type(self.bt)
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
# print "frames",frames
# print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32", 4), ip, process, mm)
def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip, mm)
self.fp_type = RefinePType(Type("Ptr32", 4), fp, process, mm)
# print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: # str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process, max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
print "frame", frame, hex(frame.ip)
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
# print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
self.bt.frames = frames
self.eip_type = RefinePType(
Type("Ptr32", 4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip,mm)
#print self.bt, type(self.bt)
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
#print "frames",frames
#print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32",4), ip, process, mm)
def detect_vulnerability(preevents, event, process, mm):
if isinstance(event, Call):
(name, args) = event.GetTypedName()
if name == "system" or name == "popen":
pass
elif isinstance(event, Abort):
if len(event.bt) > 0 and len(preevents) > 0:
if not (str(preevents[-1]) in ["free", "malloc", "realloc"]):
return None
for (typ, val) in event.bt:
module = FindModule(val, mm)
if module == "[vdso]":
pass
elif "libc-" in module:
assert(0)
return Vulnerability("MemoryCorruption")
else:
return None
elif isinstance(event, Crash):
if str(
event.fp_type[0]) == "DPtr32" and str(
event.eip_type[0]) == "DPtr32":
return Vulnerability("StackCorruption")
for (typ, val) in event.bt:
if str(typ) == "DPtr32":
return Vulnerability("StackCorruption")
elif isinstance(event, Signal):
pass
return None