Home | History | Annotate | Download | only in processor 
      1 // Copyright (c) 2006, Google Inc.
      2 // All rights reserved.
      3 //
      4 // Redistribution and use in source and binary forms, with or without
      5 // modification, are permitted provided that the following conditions are
      6 // met:
      7 //
      8 //     * Redistributions of source code must retain the above copyright
      9 // notice, this list of conditions and the following disclaimer.
     10 //     * Redistributions in binary form must reproduce the above
     11 // copyright notice, this list of conditions and the following disclaimer
     12 // in the documentation and/or other materials provided with the
     13 // distribution.
     14 //     * Neither the name of Google Inc. nor the names of its
     15 // contributors may be used to endorse or promote products derived from
     16 // this software without specific prior written permission.
     17 //
     18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29 
     30 // process_state.h: A snapshot of a process, in a fully-digested state.
     31 //
     32 // Author: Mark Mentovai
     33 
     34 #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
     35 #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
     36 
     37 #include <string>
     38 #include <vector>
     39 
     40 #include "common/using_std_string.h"
     41 #include "google_breakpad/common/breakpad_types.h"
     42 #include "google_breakpad/processor/system_info.h"
     43 #include "google_breakpad/processor/minidump.h"
     44 
     45 namespace google_breakpad {
     46 
     47 using std::vector;
     48 
     49 class CallStack;
     50 class CodeModules;
     51 
     52 enum ExploitabilityRating {
     53   EXPLOITABILITY_HIGH,                 // The crash likely represents
     54                                        // a exploitable memory corruption
     55                                        // vulnerability.
     56 
     57   EXPLOITABILITY_MEDIUM,               // The crash appears to corrupt
     58                                        // memory in a way which may be
     59                                        // exploitable in some situations.
     60 
     61   EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM,  // an old misspelling
     62 
     63   EXPLOITABILITY_LOW,                  // The crash either does not corrupt
     64                                        // memory directly or control over
     65                                        // the affected data is limited. The
     66                                        // issue may still be exploitable
     67                                        // on certain platforms or situations.
     68 
     69   EXPLOITABILITY_INTERESTING,          // The crash does not appear to be
     70                                        // directly exploitable. However it
     71                                        // represents a condition which should
     72                                        // be further analyzed.
     73 
     74   EXPLOITABILITY_NONE,                 // The crash does not appear to represent
     75                                        // an exploitable condition.
     76 
     77   EXPLOITABILITY_NOT_ANALYZED,         // The crash was not analyzed for
     78                                        // exploitability because the engine
     79                                        // was disabled.
     80 
     81   EXPLOITABILITY_ERR_NOENGINE,         // The supplied minidump's platform does
     82                                        // not have a exploitability engine
     83                                        // associated with it.
     84 
     85   EXPLOITABILITY_ERR_PROCESSING        // An error occured within the
     86                                        // exploitability engine and no rating
     87                                        // was calculated.
     88 };
     89 
     90 class ProcessState {
     91  public:
     92   ProcessState() : modules_(NULL) { Clear(); }
     93   ~ProcessState();
     94 
     95   // Resets the ProcessState to its default values
     96   void Clear();
     97 
     98   // Accessors.  See the data declarations below.
     99   uint32_t time_date_stamp() const { return time_date_stamp_; }
    100   uint32_t process_create_time() const { return process_create_time_; }
    101   bool crashed() const { return crashed_; }
    102   string crash_reason() const { return crash_reason_; }
    103   uint64_t crash_address() const { return crash_address_; }
    104   string assertion() const { return assertion_; }
    105   int requesting_thread() const { return requesting_thread_; }
    106   const vector<CallStack*>* threads() const { return &threads_; }
    107   const vector<MemoryRegion*>* thread_memory_regions() const {
    108     return &thread_memory_regions_;
    109   }
    110   const SystemInfo* system_info() const { return &system_info_; }
    111   const CodeModules* modules() const { return modules_; }
    112   const vector<const CodeModule*>* modules_without_symbols() const {
    113     return &modules_without_symbols_;
    114   }
    115   const vector<const CodeModule*>* modules_with_corrupt_symbols() const {
    116     return &modules_with_corrupt_symbols_;
    117   }
    118   ExploitabilityRating exploitability() const { return exploitability_; }
    119 
    120  private:
    121   // MinidumpProcessor and MicrodumpProcessor are responsible for building
    122   // ProcessState objects.
    123   friend class MinidumpProcessor;
    124   friend class MicrodumpProcessor;
    125 
    126   // The time-date stamp of the minidump (time_t format)
    127   uint32_t time_date_stamp_;
    128 
    129   // The time-date stamp when the process was created (time_t format)
    130   uint32_t process_create_time_;
    131 
    132   // True if the process crashed, false if the dump was produced outside
    133   // of an exception handler.
    134   bool crashed_;
    135 
    136   // If the process crashed, the type of crash.  OS- and possibly CPU-
    137   // specific.  For example, "EXCEPTION_ACCESS_VIOLATION" (Windows),
    138   // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV"
    139   // (other Unix).
    140   string crash_reason_;
    141 
    142   // If the process crashed, and if crash_reason implicates memory,
    143   // the memory address that caused the crash.  For data access errors,
    144   // this will be the data address that caused the fault.  For code errors,
    145   // this will be the address of the instruction that caused the fault.
    146   uint64_t crash_address_;
    147 
    148   // If there was an assertion that was hit, a textual representation
    149   // of that assertion, possibly including the file and line at which
    150   // it occurred.
    151   string assertion_;
    152 
    153   // The index of the thread that requested a dump be written in the
    154   // threads vector.  If a dump was produced as a result of a crash, this
    155   // will point to the thread that crashed.  If the dump was produced as
    156   // by user code without crashing, and the dump contains extended Breakpad
    157   // information, this will point to the thread that requested the dump.
    158   // If the dump was not produced as a result of an exception and no
    159   // extended Breakpad information is present, this field will be set to -1,
    160   // indicating that the dump thread is not available.
    161   int requesting_thread_;
    162 
    163   // Stacks for each thread (except possibly the exception handler
    164   // thread) at the time of the crash.
    165   vector<CallStack*> threads_;
    166   vector<MemoryRegion*> thread_memory_regions_;
    167 
    168   // OS and CPU information.
    169   SystemInfo system_info_;
    170 
    171   // The modules that were loaded into the process represented by the
    172   // ProcessState.
    173   const CodeModules *modules_;
    174 
    175   // The modules that didn't have symbols when the report was processed.
    176   vector<const CodeModule*> modules_without_symbols_;
    177 
    178   // The modules that had corrupt symbols when the report was processed.
    179   vector<const CodeModule*> modules_with_corrupt_symbols_;
    180 
    181   // The exploitability rating as determined by the exploitability
    182   // engine. When the exploitability engine is not enabled this
    183   // defaults to EXPLOITABILITY_NONE.
    184   ExploitabilityRating exploitability_;
    185 };
    186 
    187 }  // namespace google_breakpad
    188 
    189 #endif  // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
    190