Beispiel #1
0
        public void Init()
        {
            filesystem     = new Mock <IFilesystem>();
            processHandler = new ProcessHandlerDouble();
            analysisResult = new SDResult();
            var coredump = new Mock <IFileInfo>();

            coredump.Setup(c => c.FullName).Returns(PATH + "dump.core");
            analysis = new GdbAnalyzer(filesystem.Object, processHandler, coredump.Object, analysisResult);

            this.analysisResult.ThreadInformation = new Dictionary <uint, SDThread>();
            SDThread thread = new SDThread();
            var      frames = new List <SDCombinedStackFrame> {
                new SDCDCombinedStackFrame("module", "method", 0, 0, 0, 0, 0, null)
            };

            thread.StackTrace = new SDCombinedStackTrace(frames);
            this.analysisResult.ThreadInformation.Add(0, thread);
            SDCDSystemContext context = new SDCDSystemContext()
            {
                FileName = PATH + "my-executable"
            };

            analysisResult.SystemContext = context;
        }
        private void UnwindCurrentThread(SDCDSystemContext context, SDThread thread)
        {
            var frames = new List <SDCombinedStackFrame>();

            ulong  ip, oldIp = 0, sp, oldSp = 0, offset, oldOffset = 0;
            string procName, oldProcName = null;
            int    nFrames = 0;

            do
            {
                ip       = getInstructionPointer();
                sp       = getStackPointer();
                procName = getProcedureName();
                offset   = getProcedureOffset();

                if (oldProcName != null)
                {
                    frames.Add(new SDCDCombinedStackFrame("", oldProcName, oldOffset, oldIp, oldSp, ip, 0, null));
                }
                oldIp       = ip;
                oldSp       = sp;
                oldOffset   = offset;
                oldProcName = procName;
            } while (!step() && ++nFrames < MAX_FRAMES);

            thread.StackTrace = new SDCombinedStackTrace(frames);
        }
 public async Task AnalyzeAsync()
 {
     using (var readelf = await ProcessRunner.Run("readelf", new DirectoryInfo(coredump.DirectoryName), "-n", coredump.FullName)) {
         SDCDSystemContext context = analysisResult.SystemContext as SDCDSystemContext ?? new SDCDSystemContext();
         context.Modules = RetrieveLibsFromReadelfOutput(readelf.StdOut).ToList();
     }
 }
        public void Analyze()
        {
            SDCDSystemContext context = (SDCDSystemContext)analysisResult.SystemContext;

            SetContextFields(context);
            this.analysisResult.ThreadInformation = UnwindThreads(context);
            Console.WriteLine("Destroying unwindwrapper context ...");
        }
        public GdbSharedLibAnalyzer(IFilesystem filesystem, IProcessHandler processHandler, IFileInfo coredump, SDResult result)
        {
            this.filesystem     = filesystem ?? throw new ArgumentNullException("FilesystemHelper must not be null!");
            this.processHandler = processHandler ?? throw new ArgumentNullException("ProcessHandler must not be null!");
            this.coredump       = coredump ?? throw new ArgumentNullException("Coredump must not be null!");

            this.systemContext         = (SDCDSystemContext)result.SystemContext;
            this.systemContext.Modules = new List <SDModule>();
        }
 private SDCDSystemContext SetContextFields(SDCDSystemContext context)
 {
     context.ProcessArchitecture = "N/A";
     context.SystemUpTime        = "Could not be obtained.";
     context.AppDomains          = new List <SDAppDomain>();
     context.ClrVersions         = new List <SDClrVersion>();
     Console.WriteLine("Retrieving filename and args ...");
     SetAuxvFields(context);
     return(context);
 }
 private void SetAuxvFields(SDCDSystemContext context)
 {
     context.PageSize           = (int)getAuxvValue(AuxType.PAGE_SIZE.Type);
     context.EntryPoint         = getAuxvValue(AuxType.ENTRY_POINT.Type);
     context.BasePlatform       = getAuxvString(AuxType.BASE_PLATFORM.Type);
     context.Uid                = (int)getAuxvValue(AuxType.UID.Type);
     context.Euid               = (int)getAuxvValue(AuxType.EUID.Type);
     context.Gid                = (int)getAuxvValue(AuxType.GID.Type);
     context.Egid               = (int)getAuxvValue(AuxType.EGID.Type);
     context.SystemArchitecture = getAuxvString(AuxType.PLATFORM.Type);
 }
Beispiel #8
0
        public async Task AnalyzeAsync()
        {
            SDCDSystemContext context = (SDCDSystemContext)analysisResult.SystemContext;

            using (var readelf = await ProcessRunner.Run("readelf", new DirectoryInfo(coredump.DirectoryName), "-n", coredump.FullName)) {
                context.Modules = RetrieveLibsFromReadelfOutput(readelf.StdOut).ToList();
            }
            if (addBackingFiles && context.Modules.Count > 0)
            {
                addBackingFilesFromNotes();
            }
        }
 private void SetAuxvFields(SDCDSystemContext context)
 {
     // get system architecture directly from the header instead of using libunwind
     // currently, libunwind only works for 64bit dumps.
     context.SystemArchitecture = GetSystemArchitecture();
     context.PageSize           = (int)getAuxvValue(AuxType.PAGE_SIZE.Type);
     context.EntryPoint         = getAuxvValue(AuxType.ENTRY_POINT.Type);
     context.BasePlatform       = getAuxvString(AuxType.BASE_PLATFORM.Type);
     context.Uid  = (int)getAuxvValue(AuxType.UID.Type);
     context.Euid = (int)getAuxvValue(AuxType.EUID.Type);
     context.Gid  = (int)getAuxvValue(AuxType.GID.Type);
     context.Egid = (int)getAuxvValue(AuxType.EGID.Type);
 }
        public void Init()
        {
            filesystem       = new Mock <IFilesystem>(MockBehavior.Strict);
            context          = new SDCDSystemContext();
            context.FileName = DEFAULT_FILENAME;
            analyzer         = new ExecutablePathAnalyzer(filesystem.Object, context);

            summary = new Mock <IFileInfo>();
            filesystem.Setup(fs => fs.GetFile(Constants.SUMMARY_TXT)).Returns(summary.Object);

            execFile = new Mock <IFileInfo>();
            execFile.Setup(f => f.Exists).Returns(true);

            nonExistentFile = new Mock <IFileInfo>();
            nonExistentFile.Setup(f => f.Exists).Returns(false);
        }
        public void Analyze()
        {
            if (isDestroyed)
            {
                throw new InvalidOperationException("Cannot use analysis on the same object twice!");
            }
            init(coredump.FullName, coredump.Directory.FullName);

            SDCDSystemContext context = analysisResult.SystemContext as SDCDSystemContext ?? new SDCDSystemContext();

            SetContextFields(context);
            this.analysisResult.SystemContext     = context;
            this.analysisResult.ThreadInformation = UnwindThreads(context);
            Console.WriteLine("Destroying unwindwrapper context ...");
            destroy();
            isDestroyed = true;
        }
Beispiel #12
0
        private Dictionary <uint, SDThread> UnwindThreads(SDCDSystemContext context)
        {
            var threads = new Dictionary <uint, SDThread>();

            int nThreads = getNumberOfThreads();

            for (uint i = 0; i < nThreads; i++)
            {
                selectThread(i);
                SDThread thread = new SDThread()
                {
                    EngineId = i,
                    OsId     = i,
                    Index    = i
                };
                UnwindCurrentThread(context, thread);
                threads.Add(i, thread);
            }

            bool foundLastExecuted = false;

            for (int i = 0; i < nThreads; i++)
            {
                int signal = getSignalNumber(i);
                if (signal == -1)
                {
                    continue;
                }
                if (signal < 32 && signal != 19)
                {
                    if (foundLastExecuted)
                    {
                        Console.WriteLine("Already found the last executed thread which was: " + analysisResult.LastExecutedThread + ". New one is " + i);
                    }
                    foundLastExecuted = true;
                    analysisResult.LastExecutedThread = (uint)i;
                    analysisResult.LastEvent          = new SDLastEvent()
                    {
                        ThreadId    = (uint)i,
                        Type        = signal.ToString(),
                        Description = SignalNoToCode(signal)
                    };
                    if (signal == 4 || signal == 8)
                    {
                        analysisResult.LastEvent.Description += ": Faulty instruction at address " + getSignalAddress(i);
                    }
                    else if (signal == 11)
                    {
                        analysisResult.LastEvent.Description += ": Invalid memory reference to address 0x" + getSignalAddress(i).ToString("X");
                    }
                    else
                    {
                        int error = getSignalErrorNo(i);
                        if (error != 0)
                        {
                            analysisResult.LastEvent.Description += " (error number " + error + ")";
                        }
                    }
                }
            }
            return(threads);
        }
Beispiel #13
0
 public ExecutablePathAnalyzer(IFilesystem filesystem, SDCDSystemContext context)
 {
     this.filesystem = filesystem ?? throw new ArgumentNullException("Filesystem must not be null!");
     this.context    = context ?? throw new ArgumentNullException("System Context must not be null!");
 }