public void Init() { filesystem = new Mock <IFilesystem>(); processHandler = new ProcessHandlerDouble(); analysisResult = new SDResult(); var coredump = new Mock <IFileInfo>(); coredump.Setup(c => c.FullName).Returns(PATH + "dump.core"); analysis = new GdbAnalyzer(filesystem.Object, processHandler, coredump.Object, analysisResult); this.analysisResult.ThreadInformation = new Dictionary <uint, SDThread>(); SDThread thread = new SDThread(); var frames = new List <SDCombinedStackFrame> { new SDCDCombinedStackFrame("module", "method", 0, 0, 0, 0, 0, null) }; thread.StackTrace = new SDCombinedStackTrace(frames); this.analysisResult.ThreadInformation.Add(0, thread); SDCDSystemContext context = new SDCDSystemContext() { FileName = PATH + "my-executable" }; analysisResult.SystemContext = context; }
private void UnwindCurrentThread(SDCDSystemContext context, SDThread thread) { var frames = new List <SDCombinedStackFrame>(); ulong ip, oldIp = 0, sp, oldSp = 0, offset, oldOffset = 0; string procName, oldProcName = null; int nFrames = 0; do { ip = getInstructionPointer(); sp = getStackPointer(); procName = getProcedureName(); offset = getProcedureOffset(); if (oldProcName != null) { frames.Add(new SDCDCombinedStackFrame("", oldProcName, oldOffset, oldIp, oldSp, ip, 0, null)); } oldIp = ip; oldSp = sp; oldOffset = offset; oldProcName = procName; } while (!step() && ++nFrames < MAX_FRAMES); thread.StackTrace = new SDCombinedStackTrace(frames); }
public async Task AnalyzeAsync() { using (var readelf = await ProcessRunner.Run("readelf", new DirectoryInfo(coredump.DirectoryName), "-n", coredump.FullName)) { SDCDSystemContext context = analysisResult.SystemContext as SDCDSystemContext ?? new SDCDSystemContext(); context.Modules = RetrieveLibsFromReadelfOutput(readelf.StdOut).ToList(); } }
public void Analyze() { SDCDSystemContext context = (SDCDSystemContext)analysisResult.SystemContext; SetContextFields(context); this.analysisResult.ThreadInformation = UnwindThreads(context); Console.WriteLine("Destroying unwindwrapper context ..."); }
public GdbSharedLibAnalyzer(IFilesystem filesystem, IProcessHandler processHandler, IFileInfo coredump, SDResult result) { this.filesystem = filesystem ?? throw new ArgumentNullException("FilesystemHelper must not be null!"); this.processHandler = processHandler ?? throw new ArgumentNullException("ProcessHandler must not be null!"); this.coredump = coredump ?? throw new ArgumentNullException("Coredump must not be null!"); this.systemContext = (SDCDSystemContext)result.SystemContext; this.systemContext.Modules = new List <SDModule>(); }
private SDCDSystemContext SetContextFields(SDCDSystemContext context) { context.ProcessArchitecture = "N/A"; context.SystemUpTime = "Could not be obtained."; context.AppDomains = new List <SDAppDomain>(); context.ClrVersions = new List <SDClrVersion>(); Console.WriteLine("Retrieving filename and args ..."); SetAuxvFields(context); return(context); }
private void SetAuxvFields(SDCDSystemContext context) { context.PageSize = (int)getAuxvValue(AuxType.PAGE_SIZE.Type); context.EntryPoint = getAuxvValue(AuxType.ENTRY_POINT.Type); context.BasePlatform = getAuxvString(AuxType.BASE_PLATFORM.Type); context.Uid = (int)getAuxvValue(AuxType.UID.Type); context.Euid = (int)getAuxvValue(AuxType.EUID.Type); context.Gid = (int)getAuxvValue(AuxType.GID.Type); context.Egid = (int)getAuxvValue(AuxType.EGID.Type); context.SystemArchitecture = getAuxvString(AuxType.PLATFORM.Type); }
public async Task AnalyzeAsync() { SDCDSystemContext context = (SDCDSystemContext)analysisResult.SystemContext; using (var readelf = await ProcessRunner.Run("readelf", new DirectoryInfo(coredump.DirectoryName), "-n", coredump.FullName)) { context.Modules = RetrieveLibsFromReadelfOutput(readelf.StdOut).ToList(); } if (addBackingFiles && context.Modules.Count > 0) { addBackingFilesFromNotes(); } }
private void SetAuxvFields(SDCDSystemContext context) { // get system architecture directly from the header instead of using libunwind // currently, libunwind only works for 64bit dumps. context.SystemArchitecture = GetSystemArchitecture(); context.PageSize = (int)getAuxvValue(AuxType.PAGE_SIZE.Type); context.EntryPoint = getAuxvValue(AuxType.ENTRY_POINT.Type); context.BasePlatform = getAuxvString(AuxType.BASE_PLATFORM.Type); context.Uid = (int)getAuxvValue(AuxType.UID.Type); context.Euid = (int)getAuxvValue(AuxType.EUID.Type); context.Gid = (int)getAuxvValue(AuxType.GID.Type); context.Egid = (int)getAuxvValue(AuxType.EGID.Type); }
public void Init() { filesystem = new Mock <IFilesystem>(MockBehavior.Strict); context = new SDCDSystemContext(); context.FileName = DEFAULT_FILENAME; analyzer = new ExecutablePathAnalyzer(filesystem.Object, context); summary = new Mock <IFileInfo>(); filesystem.Setup(fs => fs.GetFile(Constants.SUMMARY_TXT)).Returns(summary.Object); execFile = new Mock <IFileInfo>(); execFile.Setup(f => f.Exists).Returns(true); nonExistentFile = new Mock <IFileInfo>(); nonExistentFile.Setup(f => f.Exists).Returns(false); }
public void Analyze() { if (isDestroyed) { throw new InvalidOperationException("Cannot use analysis on the same object twice!"); } init(coredump.FullName, coredump.Directory.FullName); SDCDSystemContext context = analysisResult.SystemContext as SDCDSystemContext ?? new SDCDSystemContext(); SetContextFields(context); this.analysisResult.SystemContext = context; this.analysisResult.ThreadInformation = UnwindThreads(context); Console.WriteLine("Destroying unwindwrapper context ..."); destroy(); isDestroyed = true; }
private Dictionary <uint, SDThread> UnwindThreads(SDCDSystemContext context) { var threads = new Dictionary <uint, SDThread>(); int nThreads = getNumberOfThreads(); for (uint i = 0; i < nThreads; i++) { selectThread(i); SDThread thread = new SDThread() { EngineId = i, OsId = i, Index = i }; UnwindCurrentThread(context, thread); threads.Add(i, thread); } bool foundLastExecuted = false; for (int i = 0; i < nThreads; i++) { int signal = getSignalNumber(i); if (signal == -1) { continue; } if (signal < 32 && signal != 19) { if (foundLastExecuted) { Console.WriteLine("Already found the last executed thread which was: " + analysisResult.LastExecutedThread + ". New one is " + i); } foundLastExecuted = true; analysisResult.LastExecutedThread = (uint)i; analysisResult.LastEvent = new SDLastEvent() { ThreadId = (uint)i, Type = signal.ToString(), Description = SignalNoToCode(signal) }; if (signal == 4 || signal == 8) { analysisResult.LastEvent.Description += ": Faulty instruction at address " + getSignalAddress(i); } else if (signal == 11) { analysisResult.LastEvent.Description += ": Invalid memory reference to address 0x" + getSignalAddress(i).ToString("X"); } else { int error = getSignalErrorNo(i); if (error != 0) { analysisResult.LastEvent.Description += " (error number " + error + ")"; } } } } return(threads); }
public ExecutablePathAnalyzer(IFilesystem filesystem, SDCDSystemContext context) { this.filesystem = filesystem ?? throw new ArgumentNullException("Filesystem must not be null!"); this.context = context ?? throw new ArgumentNullException("System Context must not be null!"); }