1 | // Copyright (c) 2006, Google Inc. |
2 | // All rights reserved. |
3 | // |
4 | // Redistribution and use in source and binary forms, with or without |
5 | // modification, are permitted provided that the following conditions are |
6 | // met: |
7 | // |
8 | // * Redistributions of source code must retain the above copyright |
9 | // notice, this list of conditions and the following disclaimer. |
10 | // * Redistributions in binary form must reproduce the above |
11 | // copyright notice, this list of conditions and the following disclaimer |
12 | // in the documentation and/or other materials provided with the |
13 | // distribution. |
14 | // * Neither the name of Google Inc. nor the names of its |
15 | // contributors may be used to endorse or promote products derived from |
16 | // this software without specific prior written permission. |
17 | // |
18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | |
30 | // process_state.h: A snapshot of a process, in a fully-digested state. |
31 | // |
32 | // Author: Mark Mentovai |
33 | |
34 | #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ |
35 | #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ |
36 | |
37 | #include <string> |
38 | #include <vector> |
39 | |
40 | #include "common/using_std_string.h" |
41 | #include "google_breakpad/common/breakpad_types.h" |
42 | #include "google_breakpad/processor/code_modules.h" |
43 | #include "google_breakpad/processor/exception_record.h" |
44 | #include "google_breakpad/processor/minidump.h" |
45 | #include "google_breakpad/processor/system_info.h" |
46 | #include "processor/linked_ptr.h" |
47 | |
48 | namespace google_breakpad { |
49 | |
50 | using std::vector; |
51 | |
52 | class CallStack; |
53 | class CodeModules; |
54 | |
55 | enum ExploitabilityRating { |
56 | EXPLOITABILITY_HIGH, // The crash likely represents |
57 | // a exploitable memory corruption |
58 | // vulnerability. |
59 | |
60 | EXPLOITABILITY_MEDIUM, // The crash appears to corrupt |
61 | // memory in a way which may be |
62 | // exploitable in some situations. |
63 | |
64 | EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM, // an old misspelling |
65 | |
66 | EXPLOITABILITY_LOW, // The crash either does not corrupt |
67 | // memory directly or control over |
68 | // the affected data is limited. The |
69 | // issue may still be exploitable |
70 | // on certain platforms or situations. |
71 | |
72 | EXPLOITABILITY_INTERESTING, // The crash does not appear to be |
73 | // directly exploitable. However it |
74 | // represents a condition which should |
75 | // be further analyzed. |
76 | |
77 | EXPLOITABILITY_NONE, // The crash does not appear to represent |
78 | // an exploitable condition. |
79 | |
80 | EXPLOITABILITY_NOT_ANALYZED, // The crash was not analyzed for |
81 | // exploitability because the engine |
82 | // was disabled. |
83 | |
84 | EXPLOITABILITY_ERR_NOENGINE, // The supplied minidump's platform does |
85 | // not have a exploitability engine |
86 | // associated with it. |
87 | |
88 | EXPLOITABILITY_ERR_PROCESSING // An error occured within the |
89 | // exploitability engine and no rating |
90 | // was calculated. |
91 | }; |
92 | |
93 | class ProcessState { |
94 | public: |
95 | ProcessState() : modules_(NULL), unloaded_modules_(NULL) { Clear(); } |
96 | ~ProcessState(); |
97 | |
98 | // Resets the ProcessState to its default values |
99 | void Clear(); |
100 | |
101 | // Accessors. See the data declarations below. |
102 | uint32_t time_date_stamp() const { return time_date_stamp_; } |
103 | uint32_t process_create_time() const { return process_create_time_; } |
104 | bool crashed() const { return crashed_; } |
105 | string crash_reason() const { return crash_reason_; } |
106 | uint64_t crash_address() const { return crash_address_; } |
107 | string assertion() const { return assertion_; } |
108 | int requesting_thread() const { return requesting_thread_; } |
109 | const ExceptionRecord* exception_record() const { return &exception_record_; } |
110 | const vector<CallStack*>* threads() const { return &threads_; } |
111 | const vector<MemoryRegion*>* thread_memory_regions() const { |
112 | return &thread_memory_regions_; |
113 | } |
114 | const SystemInfo* system_info() const { return &system_info_; } |
115 | const CodeModules* modules() const { return modules_; } |
116 | const CodeModules* unloaded_modules() const { return unloaded_modules_; } |
117 | const vector<linked_ptr<const CodeModule> >* shrunk_range_modules() const { |
118 | return &shrunk_range_modules_; |
119 | } |
120 | const vector<const CodeModule*>* modules_without_symbols() const { |
121 | return &modules_without_symbols_; |
122 | } |
123 | const vector<const CodeModule*>* modules_with_corrupt_symbols() const { |
124 | return &modules_with_corrupt_symbols_; |
125 | } |
126 | ExploitabilityRating exploitability() const { return exploitability_; } |
127 | |
128 | private: |
129 | // MinidumpProcessor and MicrodumpProcessor are responsible for building |
130 | // ProcessState objects. |
131 | friend class MinidumpProcessor; |
132 | friend class MicrodumpProcessor; |
133 | |
134 | // The time-date stamp of the minidump (time_t format) |
135 | uint32_t time_date_stamp_; |
136 | |
137 | // The time-date stamp when the process was created (time_t format) |
138 | uint32_t process_create_time_; |
139 | |
140 | // True if the process crashed, false if the dump was produced outside |
141 | // of an exception handler. |
142 | bool crashed_; |
143 | |
144 | // If the process crashed, the type of crash. OS- and possibly CPU- |
145 | // specific. For example, "EXCEPTION_ACCESS_VIOLATION" (Windows), |
146 | // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV" |
147 | // (other Unix). |
148 | string crash_reason_; |
149 | |
150 | // If the process crashed, and if crash_reason implicates memory, |
151 | // the memory address that caused the crash. For data access errors, |
152 | // this will be the data address that caused the fault. For code errors, |
153 | // this will be the address of the instruction that caused the fault. |
154 | uint64_t crash_address_; |
155 | |
156 | // If there was an assertion that was hit, a textual representation |
157 | // of that assertion, possibly including the file and line at which |
158 | // it occurred. |
159 | string assertion_; |
160 | |
161 | // The index of the thread that requested a dump be written in the |
162 | // threads vector. If a dump was produced as a result of a crash, this |
163 | // will point to the thread that crashed. If the dump was produced as |
164 | // by user code without crashing, and the dump contains extended Breakpad |
165 | // information, this will point to the thread that requested the dump. |
166 | // If the dump was not produced as a result of an exception and no |
167 | // extended Breakpad information is present, this field will be set to -1, |
168 | // indicating that the dump thread is not available. |
169 | int requesting_thread_; |
170 | |
171 | // Exception record details: code, flags, address, parameters. |
172 | ExceptionRecord exception_record_; |
173 | |
174 | // Stacks for each thread (except possibly the exception handler |
175 | // thread) at the time of the crash. |
176 | vector<CallStack*> threads_; |
177 | vector<MemoryRegion*> thread_memory_regions_; |
178 | |
179 | // OS and CPU information. |
180 | SystemInfo system_info_; |
181 | |
182 | // The modules that were loaded into the process represented by the |
183 | // ProcessState. |
184 | const CodeModules *modules_; |
185 | |
186 | // The modules that have been unloaded from the process represented by the |
187 | // ProcessState. |
188 | const CodeModules *unloaded_modules_; |
189 | |
190 | // The modules which virtual address ranges were shrunk down due to |
191 | // virtual address conflicts. |
192 | vector<linked_ptr<const CodeModule> > shrunk_range_modules_; |
193 | |
194 | // The modules that didn't have symbols when the report was processed. |
195 | vector<const CodeModule*> modules_without_symbols_; |
196 | |
197 | // The modules that had corrupt symbols when the report was processed. |
198 | vector<const CodeModule*> modules_with_corrupt_symbols_; |
199 | |
200 | // The exploitability rating as determined by the exploitability |
201 | // engine. When the exploitability engine is not enabled this |
202 | // defaults to EXPLOITABILITY_NOT_ANALYZED. |
203 | ExploitabilityRating exploitability_; |
204 | }; |
205 | |
206 | } // namespace google_breakpad |
207 | |
208 | #endif // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ |
209 | |