def platformParseBinaryPe(self, filename, baseaddr, normname):
# If we're on windows, fake out the PE header and use dbghelp
if False:
# FIXME this code is stolen and should be a function!
import ctypes
import vtrace.platforms.win32 as vt_win32
fakepe = self.readMemory(baseaddr, 1024)
tfile = tempfile.NamedTemporaryFile(delete=False)
tfilename = tfile.name
pebuf = ctypes.create_string_buffer(fakepe)
try:
try:
tfile.write(fakepe)
tfile.close()
#parser = vt_win32.Win32SymbolParser(-1, tfilename, baseaddr)
parser = vt_win32.Win32SymbolParser(
-1, None, ctypes.addressof(pebuf))
parser.parse()
parser.loadSymsIntoTrace(self, normname)
finally:
os.unlink(tfilename)
except Exception as e:
logger.warning(str(e))
else:
pe = PE.peFromMemoryObject(self, baseaddr)
for rva, ord, name in pe.getExports():
self.addSymbol(
e_resolv.Symbol(name, baseaddr + rva, 0, normname))
def platformParseBinary(self, filename, baseaddr, normname):
typemap = {
Elf.STT_FUNC: e_resolv.FunctionSymbol,
Elf.STT_SECTION: e_resolv.SectionSymbol,
}
fd = self.platformOpenFile(filename)
elf = Elf.Elf(fd)
addbase = 0
if not elf.isPreLinked() and elf.isSharedObject():
addbase = baseaddr
for sec in elf.sections:
sym = e_resolv.SectionSymbol(sec.name, sec.sh_addr + addbase,
sec.sh_size, normname)
self.addSymbol(sym)
for sym in elf.symbols:
symclass = typemap.get((sym.st_info & 0xf), e_resolv.Symbol)
sym = symclass(sym.name, sym.st_value + addbase, sym.st_size,
normname)
self.addSymbol(sym)
for sym in elf.dynamic_symbols:
symclass = typemap.get((sym.st_info & 0xf), e_resolv.Symbol)
sym = symclass(sym.name, sym.st_value + addbase, sym.st_size,
normname)
self.addSymbol(sym)
if elf.isExecutable():
sym = e_resolv.Symbol('__entry', elf.e_entry, 0, normname)
self.addSymbol(sym)
def platformParseBinary(self, filename, baseaddr, normname):
typemap = {
Elf.STT_FUNC: e_resolv.FunctionSymbol,
Elf.STT_SECTION: e_resolv.SectionSymbol,
}
try:
fd = self.platformOpenFile(filename)
elf = Elf.Elf(fd)
except IOError:
try:
# it's possible we hit vdso or something similar
elf = Elf.elfFromMemoryObject(self, baseaddr)
except:
raise
# elf = Elf.Elf(fd)
addbase = 0
if not elf.isPreLinked() and elf.isSharedObject():
addbase = baseaddr
for sec in elf.sections:
sym = e_resolv.SectionSymbol(sec.name, sec.sh_addr + addbase,
sec.sh_size, normname)
self.addSymbol(sym)
for sym in elf.symbols:
symclass = typemap.get((sym.st_info & 0xf), e_resolv.Symbol)
sym = symclass(sym.name, sym.st_value + addbase, sym.st_size,
normname)
self.addSymbol(sym)
for sym in elf.dynamic_symbols:
symclass = typemap.get((sym.st_info & 0xf), e_resolv.Symbol)
sym = symclass(sym.name, sym.st_value + addbase, sym.st_size,
normname)
self.addSymbol(sym)
if elf.isExecutable():
sym = e_resolv.Symbol('__entry', elf.e_entry, 0, normname)
self.addSymbol(sym)
tfile.close()
#parser = vt_win32.Win32SymbolParser(-1, tfilename, baseaddr)
parser = vt_win32.Win32SymbolParser(
-1, None, ctypes.addressof(pebuf))
parser.parse()
parser.loadSymsIntoTrace(self, normname)
finally:
os.unlink(tfilename)
except Exception, e:
print e
else:
pe = PE.peFromMemoryObject(self, baseaddr)
for rva, ord, name in pe.getExports():
self.addSymbol(
e_resolv.Symbol(name, baseaddr + rva, 0, normname))
def platformPs(self):
return [
(1, 'SystemProcess'),
]
def _getVmwareReg(self, rname):
'''
Use VMWare's monitor extension to get a register we wouldn't
normally have...
'''
#fs 0x30 base 0xffdff000 limit 0x00001fff type 0x3 s 1 dpl 0 p 1 db 1
fsstr = self._monitorCommand('r %s' % rname)
fsparts = fsstr.split()
return int(fsparts[3], 16)