void test_priv_free(void) { Manual mem = (Manual) priv_imalloc(1 Mb, MANUAL + ASCENDING_SIZE); Priv_mem new_mem = style_to_priv((Memory) mem); mem->alloc((Memory) mem, 1 Kb); void *temp = mem->alloc((Memory) mem, 2 Kb); mem->alloc((Memory) mem, 1 Kb); CU_ASSERT(memory_start(search_memory(temp, new_mem->lists->alloclist, FALSE)) == temp); CU_ASSERT(priv_free((Memory) mem, temp) == 2 Kb); CU_ASSERT(memory_start(search_memory(temp, new_mem->lists->alloclist, FALSE)) == NULL); free_lists(new_mem->lists); free(new_mem->as->start); free(new_mem); }
int main(int argc, char **argv) { FILE *out; int pid; size_t start_address, end_address; size_t bufferlength; if (!(argc > 5)) { printf("%s <pid> <start_address> <end_address> -s -[a|u] <string to search>\n", argv[0]); printf("Search for occurrences of string.\nIf -a option, search using plain ASCII\n"); printf("If -u option, convert ASCII string to UTF-16 (for Java strings)\n\n"); printf("%s <pid> <start_address> <end_address> -d <file>\n", argv[0]); printf("dumps memory region to file\n"); printf("Start/end addresses are in hex, without preceding 0x notation\n"); exit(1); } // Extract PID from command line pid = atoi(argv[1]); // start/end addresses sscanf(argv[2], "%x", (unsigned int *)&start_address); sscanf(argv[3], "%x", (unsigned int *)&end_address); bufferlength = end_address - start_address; // Attach to process ptrace(PTRACE_ATTACH, pid, NULL, NULL); wait(NULL); // Open mem file char filename[64]; sprintf(filename, "/proc/%d/mem", pid); char *buffer = malloc(bufferlength); int mem; mem = open(filename, O_RDONLY); pread(mem, buffer, bufferlength, start_address); // Detach from process ptrace(PTRACE_CONT, pid, NULL, NULL); ptrace(PTRACE_DETACH, pid, NULL, NULL); // Determine what we're doing if (strcmp(argv[4], "-d") == 0) { printf("Dumping %zu bytes to file %s\n", bufferlength, argv[5]); // Open binary file out = fopen(argv[5], "wb"); if (out == NULL) { printf("Can't open file for writing.\n"); free(buffer); exit(1); } fwrite(buffer, sizeof(char), bufferlength, out); fflush(out); fclose(out); } else if (strcmp(argv[4], "-s") == 0) { char *findstring = NULL; int findlength; if (strcmp(argv[5], "-u") == 0) { findlength = ascii_to_utf16(argv[6], &findstring); } else if (strcmp(argv[5], "-a") == 0) { findstring = malloc(strlen(argv[6])); findlength = strlen(argv[6]); memcpy(findstring, argv[6], findlength); } else { printf("Need a -a or -u option!\n"); free(buffer); exit(1); } int j; search_memory(buffer, bufferlength, findstring, findlength); free(findstring); } free(buffer); }
T_exeCode C_SetValueActionMethodExtern::execute(T_pCmd_scenario P_pCmd, T_pCallContext P_callCtxt, C_MessageFrame *P_msg, C_MessageFrame *P_ref) { T_exeCode L_exeCode = E_EXE_NOERROR ; int L_ret = 0 ; T_ValueData L_mem ; T_ValueData L_result ; T_ValueData L_value ; bool L_reset_value = false ; if (m_string_expr != NULL) { L_mem = search_memory(P_callCtxt, P_msg, L_reset_value) ; } else { L_mem.m_type = E_TYPE_STRING ; L_mem.m_value.m_val_binary.m_size = 0 ; L_mem.m_value.m_val_binary.m_value = NULL ; } L_value.m_type = E_TYPE_NUMBER ; L_result.m_type = E_TYPE_NUMBER ; if (P_msg->get_buffer(&L_value,m_msg_part_type) == -1) { GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, action_name_table[m_type] << ": error in body of message"); GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, "error on call with session-id [" << P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]"); L_exeCode = E_EXE_ERROR; resetMemory(L_value); return (L_exeCode); } else { L_ret = (*m_external_method)(&L_value, &L_mem, &L_result); if (L_ret != -1) { if (P_msg->set_field_value(&L_result, m_id, m_occurence, m_instance_id, m_sub_id) == false ) { GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, action_name_table[m_type] << ": problem when set field value"); GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, "error on call with session-id [" << P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]"); L_exeCode = E_EXE_ERROR; } } else { GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, action_name_table[m_type] << ": problem when using external method (md5 or AKA)"); GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR, "error on call with session-id [" << P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]"); L_exeCode = E_EXE_ERROR; } resetMemory(L_result); resetMemory(L_value); // Temporary fixed, commented the below line. search_memory method doesnt allocate using malloc, hence free dumps // to be fixed //resetMemory(L_mem); } if (L_reset_value == true) { L_mem.m_type = E_TYPE_NUMBER ; } return (L_exeCode); }
void debugger(void) { extern u_int history[3]; extern int irq0_pending; static int in_debugger = 0; char buf[80], buf2[80], reg[4]; u_int i, j, k; if (in_debugger) return; in_debugger ++; no_exceptions = 1; #if 0 char *textbuf; textbuf = (char*)malloc(TEXT_SIZE); if (!textbuf) { leaveemu(ERR_MEM); } memcpy(textbuf, SCR_STATE.virt_address, TEXT_SIZE); #endif push_debug_flags(); DEBUG_OFF(); for(;;) { printf("\ndbg> "); if (fgets(buf, 80, stdin) == NULL) leaveemu(0); buf[strlen(buf)-1] = 0; /* kill \n */ if (*buf==0) { continue; } else if (!strcmp(buf, "help")) { usage(); } else if (!strcmp(buf, "r")) { show_regs(0, 0); } else if (!strcmp(buf, "logue")) { printf("prologue: 0x%08x\n", UAREA.u_entprologue); printf("epilogue: 0x%08x\n", UAREA.u_entepilogue); } else if (!strcmp(buf, "exc")) { printf("current exception: #0x%x, 0x%x\n", vm86s.trapno, vm86s.err); printf("pending guest exception: "); if (vmstate.exc) printf("#0x%x, 0x%x\n", vmstate.exc_vect, vmstate.exc_erc); else printf("none\n"); } else if (!strcmp(buf, "cr")) { show_cregs(); } else if (!strcmp(buf, "g")) { REG(eflags) &= ~TF_MASK; break; } else if (!strcmp(buf, "q") || !strcmp(buf, "quit")) { leaveemu(0); } else if (!strcmp(buf, "disks")) { print_disks(); } else if (!strcmp(buf, "ptmap")) { /* everything is in k to avoid overflows */ u_int granularity = 4*1024; u_int width = 64; printf("granularity: 0x%08x\n", granularity*1024); for (i=0; i < (4*1024*1024)/(width*granularity); i++) { u_int start = i*width*granularity; printf("0x%08x ", start*1024); for (j=0; j<width; j++) { int gp = 0, hp = 0; for (k=0; k < granularity/NBPG; k++) { u_int pte, err=0; pte = sys_read_pte(k*NBPG + (j*granularity + i*width*granularity)*1024, 0, vmstate.eid, &err); if (err == -E_NOT_FOUND) { err = pte = 0; } if (err == 0) { if (pte&1) { if (pte & PG_GUEST) gp = 1; else hp = 1; } } } if (!gp && !hp) printf("-"); else if (gp && hp) printf("+"); else if (gp && !hp) printf("g"); else printf("h"); } printf("\n"); } #if 0 } else if (!strcmp(buf, "memmap")) { memcheck_dump(); #endif } else if (sscanf(buf, "port %x", &i) == 1) { print_port(i); } else if (sscanf(buf, "int %x", &i) == 1) { pop_debug_flags(); push_debug_flags(); no_exceptions = 0; do_int(i); no_exceptions = 1; DEBUG_OFF(); } else if (sscanf(buf, "gdt %x", &i) == 1) { struct descr *sd; if (set_get_any(&vmstate.g_gdt_base, (u_int*)&sd)) { printf("no gdt is defined\n"); continue; } print_dt_entry(i, sd); } else if (sscanf(buf, "idt %x", &i) == 1) { print_dt_entry(i, (struct descr *)vmstate.g_idt_base); } else if (sscanf(buf, "ro %x", &i) == 1) { protect_range(PGROUNDDOWN(i), NBPG); } else if (sscanf(buf, "rw %x", &i) == 1) { unprotect_range(PGROUNDDOWN(i), NBPG); } else if (!strcmp(buf, "history")) { printf("most recent trap eip: %x %x %x\n", history[2], history[1], history[0]); } else if (!strcmp(buf, "irq")) { struct gate_descr *sg = (struct gate_descr *)vmstate.g_idt_base + hardware_irq_number(0); for (i=0; i<16; i++) { printf("irq %2d %s, handled by idt[%2d], function @ 0x%08x\n", i, irq_disabled(i) ? "disabled" : " enabled", hardware_irq_number(i), GATE_OFFSET(sg+i)); } } else if (sscanf(buf, "dump %x:%x %x", &i, &j, &k) == 2) { dump_memory((i<<4)+j, k); } else if (sscanf(buf, "dump %x:%x", &i, &j) == 2) { dump_memory((i<<4)+j, 0x80); } else if (sscanf(buf, "dump %x %x", &i, &j) == 2) { dump_memory(i, j); } else if (sscanf(buf, "dump %x", &i) == 1) { dump_memory(i, 0x80); } else if (!strcmp(buf, "dump")) { dump_memory(dump_offset, 0x80); } else if (sscanf(buf, "search %x %79s", &i, buf2) == 2) { search_memory(i, buf2); } else if (!strcmp(buf, "debug on")) { pop_debug_flags(); DEBUG_ON(); push_debug_flags(); } else if (!strcmp(buf, "debug off")) { pop_debug_flags(); DEBUG_OFF(); push_debug_flags(); } else if (sscanf(buf, "pte %x", &i) == 1) { Bit32u host_pte = 0; if (! (vmstate.cr[0] & PG_MASK)) { printf("guest paging not enabled\n"); printf("guest_phys_to_host_phys(0x%08x) = 0x%08x\n", i, guest_phys_to_host_phys(i)); } else { Bit32u gpte = guest_pte(i); printf("guest cr3 0x%08x\n", vmstate.cr[3]); printf("guest 0x%08x -> 0x%08x\n", i, gpte); printf("guest_phys_to_host_phys(0x%08x) = 0x%08x\n", gpte & ~PGMASK, guest_phys_to_host_phys(gpte & ~PGMASK)); } get_host_pte(i, &host_pte); printf("host 0x%08x -> 0x%08x\n", i, host_pte); } else if (sscanf(buf, "gp2hp %x", &i) == 1) { printf("&vmstate.gp2hp[0] = %p, 0x%x mappings\n", vmstate.gp2hp, vmstate.ppages); if (i<vmstate.ppages) printf("gp2hp[%x] = 0x%08x\n", i, vmstate.gp2hp[i]); } else if (!strcmp(buf, "cr3")) { u_int cr3; Set *set = &vmstate.cr3; printf("cr3 register: 0x%08x\n", vmstate.cr[3]); printf("cr3 set : "); for(set_iter_init(set); set_iter_get(set, &cr3); set_iter_next(set)) { printf("0x%08x ", cr3); } printf("\n"); } else if (!strcmp(buf, "dt")) { print_dt_mappings(); printf("h gdt base:lim 0x%08x:0x%04x\n", vmstate.h_gdt_base, vmstate.h_gdt_limit); printf("h idt base:lim 0x%08x:0x%04x\n", vmstate.h_idt_base, vmstate.h_idt_limit); } else if (!strcmp(buf, "memory")) { printf("0x%08x real physical pages (%3d megs)\n", PHYSICAL_PAGES, PHYSICAL_MEGS_RAM); printf("0x%08x fake physical pages (%3d megs)\n", vmstate.ppages, config.phys_mem_size/1024); #if 0 printf("Eavesdropping on Linux:\n"); printf("RAM %dk\n", *((Bit32u*)0x901e0)); printf("pointing device? 0x%x\n", *((Bit16u*)0x901ff)); printf("APM? 0x%x\n", *((Bit16u*)0x90040)); #endif ASSERT(vmstate.ppages == config.phys_mem_size*1024/NBPG); } else if (sscanf(buf, "%2s=%x", reg, &i) == 2 || sscanf(buf, "%3s=%x", reg, &i) == 2) { int r = reg_s2i(reg); if (r == -1) { printf("unknown register\n"); } else if (r==14) { REG(eip) = i; } else if (r<=REGNO_EDI) { set_reg(r, i, 4); /* normal regs */ } else { set_reg(r, i, 2); /* segment regs */ } } else { printf("huh?\n"); } } pop_debug_flags(); #if 0 if (debug_flags == 0) memcpy(SCR_STATE.virt_address, textbuf, TEXT_SIZE); free(textbuf); #endif REG(eflags) |= RF; in_debugger --; no_exceptions = 0; irq0_pending = 0; }