def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip,mm)
self.fp_type = RefinePType(Type("Ptr32",4), fp, process, mm)
#print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: #str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process,max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
#print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
#if str(r_type[0]) == "DPtr32":
# break
self.bt.frames = frames
self.eip_type = RefinePType(Type("Ptr32",4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip, mm)
self.fp_type = RefinePType(Type("Ptr32", 4), fp, process, mm)
# print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: # str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process, max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
print "frame", frame, hex(frame.ip)
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
# print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
self.bt.frames = frames
self.eip_type = RefinePType(
Type("Ptr32", 4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip, mm)
# print self.bt, type(self.bt)
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
# print "frames",frames
# print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32", 4), ip, process, mm)
def __init__(self, name, process, mm): #_sifields = None):
self.fields = dict()
_sifields = process.getsiginfo()._sifields
self.name = name
if hasattr(_sifields, "_sigfault") and self.name == "SIGSEGV":
self.fields["addr"] = RefinePType(Type("Ptr32",4), _sifields._sigfault._addr, process, mm)
def _detect_parameter_x86_64(self, ptype, index):
if index > 4:
return None
reg = ["rdi", "rsi", "rdx", "rcx", "r8"][index]
val = self.process.getreg(reg)
# print "bs value", repr(bs), hex(bytes2word(bs))
return RefinePType(GetPtype(ptype), val, self.process, self.mm)
def _detect_parameter_x86(self, ptype, offset):
addr = self.process.getStackPointer() + offset
bs = self.process.readBytes(addr, 4)
#if CPU_X86_64:
# bs = bs + (4*'\00')
#print "bs value", repr(bs), hex(bytes2word(bs))
return RefinePType(GetPtype(ptype), bytes2word(bs), self.process,
self.mm)
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip,mm)
#print self.bt, type(self.bt)
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
#print "frames",frames
#print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32",4), ip, process, mm)
def DetectReturnValue(self, process):
self.process = process
self.retvalue = RefinePType(GetPtype(self.ret),process.getreg("eax"), self.process, self.mm)
def __DetectParam__(self, ptype, offset):
addr = self.process.getreg("esp")+offset
bytes = self.process.readBytes(addr, 4)
return RefinePType(GetPtype(ptype),bytes2word(bytes), self.process, self.mm)
def __DetectRetAddr__(self):
addr = self.process.getreg("esp")
bytes = self.process.readBytes(addr, 4)
return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)