def _gen_prstatus(self, pid, tid): """ Generate NT_PRSTATUS note for thread tid of process pid. """ core = self.cores[tid] regs = core["thread_info"]["gpregs"] pstree = self.pstree[pid] prstatus = elf.elf_prstatus() ctypes.memset(ctypes.addressof(prstatus), 0, ctypes.sizeof(prstatus)) #FIXME setting only some of the fields for now. Revisit later. prstatus.pr_pid = tid prstatus.pr_ppid = pstree["ppid"] prstatus.pr_pgrp = pstree["pgid"] prstatus.pr_sid = pstree["sid"] prstatus.pr_reg.r15 = regs["r15"] prstatus.pr_reg.r14 = regs["r14"] prstatus.pr_reg.r13 = regs["r13"] prstatus.pr_reg.r12 = regs["r12"] prstatus.pr_reg.rbp = regs["bp"] prstatus.pr_reg.rbx = regs["bx"] prstatus.pr_reg.r11 = regs["r11"] prstatus.pr_reg.r10 = regs["r10"] prstatus.pr_reg.r9 = regs["r9"] prstatus.pr_reg.r8 = regs["r8"] prstatus.pr_reg.rax = regs["ax"] prstatus.pr_reg.rcx = regs["cx"] prstatus.pr_reg.rdx = regs["dx"] prstatus.pr_reg.rsi = regs["si"] prstatus.pr_reg.rdi = regs["di"] prstatus.pr_reg.orig_rax = regs["orig_ax"] prstatus.pr_reg.rip = regs["ip"] prstatus.pr_reg.cs = regs["cs"] prstatus.pr_reg.eflags = regs["flags"] prstatus.pr_reg.rsp = regs["sp"] prstatus.pr_reg.ss = regs["ss"] prstatus.pr_reg.fs_base = regs["fs_base"] prstatus.pr_reg.gs_base = regs["gs_base"] prstatus.pr_reg.ds = regs["ds"] prstatus.pr_reg.es = regs["es"] prstatus.pr_reg.fs = regs["fs"] prstatus.pr_reg.gs = regs["gs"] nhdr = elf.Elf64_Nhdr() nhdr.n_namesz = 5 nhdr.n_descsz = ctypes.sizeof(elf.elf_prstatus()) nhdr.n_type = elf.NT_PRSTATUS note = elf_note() note.data = prstatus note.owner = "CORE" note.nhdr = nhdr return note
def gen_prstatus(self, thread): """ Generate NT_PRSTATUS note for thread tid of process pid. """ regs = self.threads_registers[str(thread.pid)] prstatus = elf.elf_prstatus() ctypes.memset(ctypes.addressof(prstatus), 0, ctypes.sizeof(prstatus)) prstatus.pr_pid = thread.pid prstatus.pr_ppid = thread.parent.pid prstatus.pr_pgrp = thread.parent.gid prstatus.pr_sid = 0 #default prstatus.pr_reg.r15 = regs["r15"] prstatus.pr_reg.r14 = regs["r14"] prstatus.pr_reg.r13 = regs["r13"] prstatus.pr_reg.r12 = regs["r12"] prstatus.pr_reg.rbp = regs["rbp"] prstatus.pr_reg.rbx = regs["rbx"] prstatus.pr_reg.r11 = regs["r11"] prstatus.pr_reg.r10 = regs["r10"] prstatus.pr_reg.r9 = regs["r9"] prstatus.pr_reg.r8 = regs["r8"] prstatus.pr_reg.rax = regs["rax"] prstatus.pr_reg.rcx = regs["rcx"] prstatus.pr_reg.rdx = regs["rdx"] prstatus.pr_reg.rsi = regs["rsi"] prstatus.pr_reg.rdi = regs["rdi"] #prstatus.pr_reg.orig_rax = regs["unknown?"] prstatus.pr_reg.rip = regs["rip"] prstatus.pr_reg.cs = regs["cs"] prstatus.pr_reg.eflags = regs["eflags"] prstatus.pr_reg.rsp = regs["rsp"] prstatus.pr_reg.ss = regs["ss"] # prstatus.pr_reg.fs_base = regs["fs_base"] # prstatus.pr_reg.gs_base = regs["gs_base"] # prstatus.pr_reg.ds = regs["ds"] MISSING # prstatus.pr_reg.es = regs["es"] # prstatus.pr_reg.fs = regs["fs"] # prstatus.pr_reg.gs = regs["gs"] nhdr = elf.Elf64_Nhdr() nhdr.n_namesz = 5 nhdr.n_descsz = ctypes.sizeof(elf.elf_prstatus()) nhdr.n_type = elf.NT_PRSTATUS note = elf_note() note.data = prstatus note.owner = "CORE" note.nhdr = nhdr return note