def _gen_prstatus(self, pid, tid): """ Generate NT_PRSTATUS note for thread tid of process pid. """ core = self.cores[tid] regs = core["thread_info"]["gpregs"] pstree = self.pstree[pid] prstatus = elf.elf_prstatus() ctypes.memset(ctypes.addressof(prstatus), 0, ctypes.sizeof(prstatus)) #FIXME setting only some of the fields for now. Revisit later. prstatus.pr_pid = tid prstatus.pr_ppid = pstree["ppid"] prstatus.pr_pgrp = pstree["pgid"] prstatus.pr_sid = pstree["sid"] prstatus.pr_reg.r15 = regs["r15"] prstatus.pr_reg.r14 = regs["r14"] prstatus.pr_reg.r13 = regs["r13"] prstatus.pr_reg.r12 = regs["r12"] prstatus.pr_reg.rbp = regs["bp"] prstatus.pr_reg.rbx = regs["bx"] prstatus.pr_reg.r11 = regs["r11"] prstatus.pr_reg.r10 = regs["r10"] prstatus.pr_reg.r9 = regs["r9"] prstatus.pr_reg.r8 = regs["r8"] prstatus.pr_reg.rax = regs["ax"] prstatus.pr_reg.rcx = regs["cx"] prstatus.pr_reg.rdx = regs["dx"] prstatus.pr_reg.rsi = regs["si"] prstatus.pr_reg.rdi = regs["di"] prstatus.pr_reg.orig_rax = regs["orig_ax"] prstatus.pr_reg.rip = regs["ip"] prstatus.pr_reg.cs = regs["cs"] prstatus.pr_reg.eflags = regs["flags"] prstatus.pr_reg.rsp = regs["sp"] prstatus.pr_reg.ss = regs["ss"] prstatus.pr_reg.fs_base = regs["fs_base"] prstatus.pr_reg.gs_base = regs["gs_base"] prstatus.pr_reg.ds = regs["ds"] prstatus.pr_reg.es = regs["es"] prstatus.pr_reg.fs = regs["fs"] prstatus.pr_reg.gs = regs["gs"] nhdr = elf.Elf64_Nhdr() nhdr.n_namesz = 5 nhdr.n_descsz = ctypes.sizeof(elf.elf_prstatus()) nhdr.n_type = elf.NT_PRSTATUS note = elf_note() note.data = prstatus note.owner = "CORE" note.nhdr = nhdr return note
def gen_prstatus(self, thread):
"""
Generate NT_PRSTATUS note for thread tid of process pid.
"""
regs = self.threads_registers[str(thread.pid)]
prstatus = elf.elf_prstatus()
ctypes.memset(ctypes.addressof(prstatus), 0, ctypes.sizeof(prstatus))
prstatus.pr_pid = thread.pid
prstatus.pr_ppid = thread.parent.pid
prstatus.pr_pgrp = thread.parent.gid
prstatus.pr_sid = 0 #default
prstatus.pr_reg.r15 = regs["r15"]
prstatus.pr_reg.r14 = regs["r14"]
prstatus.pr_reg.r13 = regs["r13"]
prstatus.pr_reg.r12 = regs["r12"]
prstatus.pr_reg.rbp = regs["rbp"]
prstatus.pr_reg.rbx = regs["rbx"]
prstatus.pr_reg.r11 = regs["r11"]
prstatus.pr_reg.r10 = regs["r10"]
prstatus.pr_reg.r9 = regs["r9"]
prstatus.pr_reg.r8 = regs["r8"]
prstatus.pr_reg.rax = regs["rax"]
prstatus.pr_reg.rcx = regs["rcx"]
prstatus.pr_reg.rdx = regs["rdx"]
prstatus.pr_reg.rsi = regs["rsi"]
prstatus.pr_reg.rdi = regs["rdi"]
#prstatus.pr_reg.orig_rax = regs["unknown?"]
prstatus.pr_reg.rip = regs["rip"]
prstatus.pr_reg.cs = regs["cs"]
prstatus.pr_reg.eflags = regs["eflags"]
prstatus.pr_reg.rsp = regs["rsp"]
prstatus.pr_reg.ss = regs["ss"]
# prstatus.pr_reg.fs_base = regs["fs_base"]
# prstatus.pr_reg.gs_base = regs["gs_base"]
# prstatus.pr_reg.ds = regs["ds"] MISSING
# prstatus.pr_reg.es = regs["es"]
# prstatus.pr_reg.fs = regs["fs"]
# prstatus.pr_reg.gs = regs["gs"]
nhdr = elf.Elf64_Nhdr()
nhdr.n_namesz = 5
nhdr.n_descsz = ctypes.sizeof(elf.elf_prstatus())
nhdr.n_type = elf.NT_PRSTATUS
note = elf_note()
note.data = prstatus
note.owner = "CORE"
note.nhdr = nhdr
return note
