public override void Analyze(AnalyzeController ctrl)
{
FileInfo fileStackFrameInfo = GenerateFile ("stackframeinfo");
if (fileStackFrameInfo.Exists == false)
{
_log.WarnFormat ("[prefix={0}] Missing stackframeinfo file", _prefix);
return;
}
IStackFrameInfo stackFrameInfo;
using (FileStream src = fileStackFrameInfo.OpenRead ())
stackFrameInfo = StreamHelper.ReadTypedStreamSerializable<IStackFrameInfo> (src);
foreach(String reg in stackFrameInfo.SavedRegisters)
//_log.DebugFormat("Saved Register '{0} at 0x{1:X})'", reg, stackFrameInfo.GetSavedRegisterAddress(reg).ResolveAddress());
foreach (InstructionDescription insn in ctrl.ExecutedInstructions)
{
foreach (MemoryChange memChange in insn.MemoryChanges)
{
SavedRegistersInRange (stackFrameInfo, memChange.Address, memChange.Value.Length, insn, ctrl);
}
}
}
public override void Analyze(AnalyzeController ctrl)
{
foreach (InstructionDescription insn in ctrl.ExecutedInstructions)
{
foreach (MemoryChange memChange in insn.MemoryChanges)
{
foreach (MemoryZone memZone in _zones)
{
if (memZone.IntersectsWith (memChange.Address, (ulong)memChange.Value.Length) &&
memZone.Zone == MemoryZonesAnalyzer.MemoryZone.ZoneType.RedZone)
{
Log (memZone, memChange.Address, memChange.Address + (ulong)memChange.Value.Length - 1,
(ulong)memChange.Value.Length, insn, ctrl);
break;
}
}
}
}
}
public override void Analyze(AnalyzeController ctrl)
{
FileInfo errorlogFile = GenerateFile ("errorlog");
if (errorlogFile.Exists)
{
using (FileStream fs = errorlogFile.OpenRead ())
{
StopReasonEnum stopReason = (StopReasonEnum)StreamHelper.ReadInt32 (fs);
Int64 status = StreamHelper.ReadInt64 (fs);
UInt64 address = StreamHelper.ReadUInt64 (fs);
XmlElement node = GenerateNode ("Item");
XmlHelper.WriteString (node, "Prefix", _prefix);
XmlHelper.WriteString (node, "StopReason", stopReason.ToString ());
XmlHelper.WriteInt64 (node, "Status", status);
XmlHelper.WriteString (node, "Address", string.Format ("0x{0:X}",address));
}
}
}
private void Log(OverflowType overflowType, UInt64 memStart, UInt64 memEnd, UInt64 size, InstructionDescription insn, IList<UInt64> bt, AnalyzeController ctrl)
{
XmlElement root = GenerateNode ("simple_heap_overflow");
XmlHelper.WriteString (root, "OverflowType", overflowType.ToString());
XmlHelper.WriteString (root, "MemStart", string.Format ("0x{0:X}", memStart));
XmlHelper.WriteString (root, "MemEnd", string.Format ("0x{0:X}", memEnd));
XmlHelper.WriteString (root, "Size", size.ToString());
XmlHelper.WriteString (root, "At", BuildBacktraceString(bt));
}
public override void Analyze(AnalyzeController ctrl)
{
FileInfo pipeFile = GenerateFile ("pipes");
if (pipeFile.Exists == false)
{
_log.WarnFormat ("Missing '{0}'", pipeFile.FullName);
return;
}
_rangeInfos.Clear ();
using (StreamReader pipeReader = new StreamReader (pipeFile.OpenRead ()))
{
while (!pipeReader.EndOfStream)
{
string currentLine = pipeReader.ReadLine ();
//Extract line identifier (<id>: ...)
int lineIdSeperatorIndex = currentLine.IndexOf (':');
if (lineIdSeperatorIndex < 0)
{
_log.WarnFormat ("Invalid line detected '{0}'", currentLine);
continue;
}
string lineId = currentLine.Substring (0, lineIdSeperatorIndex).Trim ().ToLower ();
//Call line handler
if (_lineHandlers.ContainsKey (lineId))
_lineHandlers[lineId] (lineId, lineIdSeperatorIndex, currentLine);
else
_log.WarnFormat ("Invalid line id detected '{0}'", lineId);
}
}
if (_rangeInfos.Count == 0)
{
_log.WarnFormat ("[prefix: {0}] No range infos found, aborting. Maybe the pipes file is missing or the program uses another, unlogged memory allocation technique", _prefix);
return;
}
foreach (InstructionDescription insn in ctrl.ExecutedInstructions)
{
foreach (MemoryChange memChange in insn.MemoryChanges)
{
Int64? startDistance = null;
RangeInfo rangeStart = null;
Int64? endDistance = null;
RangeInfo rangeEnd = null;
foreach (RangeInfo r in _rangeInfos)
{
Int64 localStartDistance = r.Distance (memChange.Address);
Int64 localEndDistance = r.Distance (memChange.Address + (UInt64)memChange.Value.Length - 1);
//Calculate the smallest distance to an allocated block.
//Problem is to distinguish between stack accesses and heap memory accesses
if (startDistance == null ||
localStartDistance == 0 ||
(startDistance.Value != 0 && Math.Abs (localStartDistance) > Math.Abs (startDistance.Value)))
{
startDistance = localStartDistance;
rangeStart = r;
}
if (endDistance == null ||
localEndDistance == 0 ||
(endDistance.Value != 0 && Math.Abs (localEndDistance) > Math.Abs (endDistance.Value)))
{
endDistance = localEndDistance;
rangeEnd = r;
}
if (startDistance != null && endDistance != null && startDistance.Value == 0 && endDistance.Value == 0)
break;
}
if (startDistance != null && startDistance.Value != 0 && Math.Abs(startDistance.Value) < 4096)
Log((endDistance != null && endDistance.Value != 0)?OverflowType.StartAndEnd:OverflowType.Start,
memChange.Address, memChange.Address + (ulong)memChange.Value.Length - 1,
(ulong)memChange.Value.Length, insn, rangeStart.Backtrace, ctrl);
else if (endDistance != null && endDistance.Value != 0 && Math.Abs(endDistance.Value) < 4096)
Log(OverflowType.End, memChange.Address, memChange.Address + (ulong)memChange.Value.Length - 1,
(ulong)memChange.Value.Length, insn, rangeEnd.Backtrace, ctrl);
}
}
}
public abstract void Analyze(AnalyzeController ctrl);
private void Log(MemoryZone memZone, UInt64 memStart, UInt64 memEnd, UInt64 size, InstructionDescription insn, AnalyzeController ctrl)
{
XmlElement root = GenerateNode ("memory_zones");
XmlHelper.WriteString (root, "ZoneType", memZone.Zone.ToString());
XmlHelper.WriteString(root, "ZoneStart", string.Format("0x{0:X}", memZone.StartAddress));
XmlHelper.WriteString(root, "ZoneEnd", string.Format("0x{0:X}", memZone.EndAddress));
XmlHelper.WriteString (root, "MemStart", string.Format ("0x{0:X}", memStart));
XmlHelper.WriteString (root, "MemEnd", string.Format ("0x{0:X}", memEnd));
XmlHelper.WriteString (root, "At", FindProgramCounter(insn, ctrl.RegisterTypeResolver, ctrl.TargetRegisters).ToString());
}
private void LogSavedRegister(string registerName, UInt64 registerAddress, UInt64 targetAddress, int size, InstructionDescription insn, AnalyzeController ctrl)
{
XmlElement root = GenerateNode ("saved_register");
XmlHelper.WriteString (root, "Reg", registerName);
XmlHelper.WriteString (root, "RegAddr", string.Format ("0x{0:X}", registerAddress));
UInt64? pc = FindProgramCounter (insn, ctrl.RegisterTypeResolver, ctrl.TargetRegisters);
if (pc != null)
XmlHelper.WriteString (root, "At", string.Format ("0x{0:X}", pc.Value));
else
XmlHelper.WriteString (root, "At", "[unspecified]");
XmlHelper.WriteString (root, "TargetAddr", string.Format ("0x{0:X}", targetAddress));
XmlHelper.WriteInt (root, "TargetSize", size);
}
private void SavedRegistersInRange(IStackFrameInfo stackFrameInfo, UInt64 address, int size, InstructionDescription insn, AnalyzeController ctrl)
{
//_log.DebugFormat ("address=0x{0:X} size={1}", address, size);
foreach (string savedRegisterName in stackFrameInfo.SavedRegisters)
{
IAddressSpecifier savedRegisterAddressSpecifier = stackFrameInfo.GetSavedRegisterAddress (savedRegisterName);
UInt64? savedRegisterAddress = savedRegisterAddressSpecifier.ResolveAddress ();
if (savedRegisterAddress != null)
{
UInt64 regSize = ctrl.TargetRegisters.FindRegisterByName(savedRegisterName).Size;
if((savedRegisterAddress.Value + regSize > address) &&
(savedRegisterAddress.Value + regSize < address + (UInt64)size ||
(savedRegisterAddress.Value < address + (UInt64)size && savedRegisterAddress.Value + regSize >= address + (UInt64)size)))
LogSavedRegister (savedRegisterName, savedRegisterAddress.Value, address, size, insn, ctrl);
}
}
}
public AnalyzeController CreateAnalyzeController()
{
AnalyzeController ctrl = new AnalyzeController();
ctrl.Setup(_errorLog, _sourcePath, _registers, _registerTypeResolver, _analyzers.ToArray());
return ctrl;
}
private static void ParseXmlInput(CommandLineHandler.CommandOption cmdOption)
{
if (cmdOption.Arguments.Length == 0)
OutputHelp (null);
else
{
if(_programMode == null)
{
Console.WriteLine("Missing program mode (fuzz|analyze). Program mode always needs to be the first argument\n\n");
OutputHelp(null);
}
else if(_programMode.Value == MainClass.ProgramMode.Fuzz)
{
Console.WriteLine ("Using XmlFuzzFactory, parsing '{0}'", cmdOption.Arguments[0]);
XmlFuzzFactory factory = new XmlFuzzFactory (cmdOption.Arguments[0]);
factory.Init ();
_fuzzControllers = factory.CreateFuzzController ();
}
else if(_programMode.Value == MainClass.ProgramMode.Analyze)
{
Console.WriteLine("Using XmlAnalyzeFactory, parsing '{0}'", cmdOption.Arguments[0]);
XmlAnalyzeFactory factory = new XmlAnalyzeFactory(cmdOption.Arguments[0]);
factory.Init();
_analyzeController = factory.CreateAnalyzeController();
}
else
throw new NotImplementedException(string.Format("The specified program mode '{0}' it not implemented yet", _programMode.Value));
}
}
