1 // Copyright 2006 Google LLC 2 // 3 // Redistribution and use in source and binary forms, with or without 4 // modification, are permitted provided that the following conditions are 5 // met: 6 // 7 // * Redistributions of source code must retain the above copyright 8 // notice, this list of conditions and the following disclaimer. 9 // * Redistributions in binary form must reproduce the above 10 // copyright notice, this list of conditions and the following disclaimer 11 // in the documentation and/or other materials provided with the 12 // distribution. 13 // * Neither the name of Google LLC nor the names of its 14 // contributors may be used to endorse or promote products derived from 15 // this software without specific prior written permission. 16 // 17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 29 // process_state.h: A snapshot of a process, in a fully-digested state. 30 // 31 // Author: Mark Mentovai 32 33 #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 34 #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 35 36 #include <string> 37 #include <vector> 38 39 #include "common/using_std_string.h" 40 #include "google_breakpad/common/breakpad_types.h" 41 #include "google_breakpad/processor/code_modules.h" 42 #include "google_breakpad/processor/exception_record.h" 43 #include "google_breakpad/processor/minidump.h" 44 #include "google_breakpad/processor/system_info.h" 45 #include "processor/linked_ptr.h" 46 47 namespace google_breakpad { 48 49 using std::vector; 50 51 class CallStack; 52 class CodeModules; 53 54 enum ExploitabilityRating { 55 EXPLOITABILITY_HIGH, // The crash likely represents 56 // a exploitable memory corruption 57 // vulnerability. 58 59 EXPLOITABILITY_MEDIUM, // The crash appears to corrupt 60 // memory in a way which may be 61 // exploitable in some situations. 62 63 EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM, // an old misspelling 64 65 EXPLOITABILITY_LOW, // The crash either does not corrupt 66 // memory directly or control over 67 // the affected data is limited. The 68 // issue may still be exploitable 69 // on certain platforms or situations. 70 71 EXPLOITABILITY_INTERESTING, // The crash does not appear to be 72 // directly exploitable. However it 73 // represents a condition which should 74 // be further analyzed. 75 76 EXPLOITABILITY_NONE, // The crash does not appear to represent 77 // an exploitable condition. 78 79 EXPLOITABILITY_NOT_ANALYZED, // The crash was not analyzed for 80 // exploitability because the engine 81 // was disabled. 82 83 EXPLOITABILITY_ERR_NOENGINE, // The supplied minidump's platform does 84 // not have a exploitability engine 85 // associated with it. 86 87 EXPLOITABILITY_ERR_PROCESSING // An error occured within the 88 // exploitability engine and no rating 89 // was calculated. 90 }; 91 92 class ProcessState { 93 public: ProcessState()94 ProcessState() : modules_(NULL), unloaded_modules_(NULL) { Clear(); } 95 ~ProcessState(); 96 97 // Resets the ProcessState to its default values 98 void Clear(); 99 100 // Accessors. See the data declarations below. time_date_stamp()101 uint32_t time_date_stamp() const { return time_date_stamp_; } process_create_time()102 uint32_t process_create_time() const { return process_create_time_; } crashed()103 bool crashed() const { return crashed_; } crash_reason()104 string crash_reason() const { return crash_reason_; } crash_address()105 uint64_t crash_address() const { return crash_address_; } assertion()106 string assertion() const { return assertion_; } requesting_thread()107 int requesting_thread() const { return requesting_thread_; } exception_record()108 const ExceptionRecord* exception_record() const { return &exception_record_; } threads()109 const vector<CallStack*>* threads() const { return &threads_; } thread_memory_regions()110 const vector<MemoryRegion*>* thread_memory_regions() const { 111 return &thread_memory_regions_; 112 } thread_names()113 const vector<string>* thread_names() const { return &thread_names_; } system_info()114 const SystemInfo* system_info() const { return &system_info_; } modules()115 const CodeModules* modules() const { return modules_; } unloaded_modules()116 const CodeModules* unloaded_modules() const { return unloaded_modules_; } shrunk_range_modules()117 const vector<linked_ptr<const CodeModule> >* shrunk_range_modules() const { 118 return &shrunk_range_modules_; 119 } modules_without_symbols()120 const vector<const CodeModule*>* modules_without_symbols() const { 121 return &modules_without_symbols_; 122 } modules_with_corrupt_symbols()123 const vector<const CodeModule*>* modules_with_corrupt_symbols() const { 124 return &modules_with_corrupt_symbols_; 125 } exploitability()126 ExploitabilityRating exploitability() const { return exploitability_; } 127 128 private: 129 // MinidumpProcessor and MicrodumpProcessor are responsible for building 130 // ProcessState objects. 131 friend class MinidumpProcessor; 132 friend class MicrodumpProcessor; 133 134 // The time-date stamp of the minidump (time_t format) 135 uint32_t time_date_stamp_; 136 137 // The time-date stamp when the process was created (time_t format) 138 uint32_t process_create_time_; 139 140 // True if the process crashed, false if the dump was produced outside 141 // of an exception handler. 142 bool crashed_; 143 144 // If the process crashed, the type of crash. OS- and possibly CPU- 145 // specific. For example, "EXCEPTION_ACCESS_VIOLATION" (Windows), 146 // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV" 147 // (other Unix). 148 string crash_reason_; 149 150 // If the process crashed, and if crash_reason implicates memory, 151 // the memory address that caused the crash. For data access errors, 152 // this will be the data address that caused the fault. For code errors, 153 // this will be the address of the instruction that caused the fault. 154 uint64_t crash_address_; 155 156 // If there was an assertion that was hit, a textual representation 157 // of that assertion, possibly including the file and line at which 158 // it occurred. 159 string assertion_; 160 161 // The index of the thread that requested a dump be written in the 162 // threads vector. If a dump was produced as a result of a crash, this 163 // will point to the thread that crashed. If the dump was produced as 164 // by user code without crashing, and the dump contains extended Breakpad 165 // information, this will point to the thread that requested the dump. 166 // If the dump was not produced as a result of an exception and no 167 // extended Breakpad information is present, this field will be set to -1, 168 // indicating that the dump thread is not available. 169 int requesting_thread_; 170 171 // Exception record details: code, flags, address, parameters. 172 ExceptionRecord exception_record_; 173 174 // Stacks for each thread (except possibly the exception handler 175 // thread) at the time of the crash. 176 vector<CallStack*> threads_; 177 vector<MemoryRegion*> thread_memory_regions_; 178 179 // Names of each thread at the time of the crash, one for each entry in 180 // threads_. Note that a thread's name might be empty if there was no 181 // corresponding ThreadNamesStream in the minidump, or if a particular thread 182 // ID was not present in the THREAD_NAME_LIST. 183 vector<string> thread_names_; 184 185 // OS and CPU information. 186 SystemInfo system_info_; 187 188 // The modules that were loaded into the process represented by the 189 // ProcessState. 190 const CodeModules *modules_; 191 192 // The modules that have been unloaded from the process represented by the 193 // ProcessState. 194 const CodeModules *unloaded_modules_; 195 196 // The modules which virtual address ranges were shrunk down due to 197 // virtual address conflicts. 198 vector<linked_ptr<const CodeModule> > shrunk_range_modules_; 199 200 // The modules that didn't have symbols when the report was processed. 201 vector<const CodeModule*> modules_without_symbols_; 202 203 // The modules that had corrupt symbols when the report was processed. 204 vector<const CodeModule*> modules_with_corrupt_symbols_; 205 206 // The exploitability rating as determined by the exploitability 207 // engine. When the exploitability engine is not enabled this 208 // defaults to EXPLOITABILITY_NOT_ANALYZED. 209 ExploitabilityRating exploitability_; 210 }; 211 212 } // namespace google_breakpad 213 214 #endif // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 215