void test_priv_free(void) {
Manual mem = (Manual) priv_imalloc(1 Mb, MANUAL + ASCENDING_SIZE);
Priv_mem new_mem = style_to_priv((Memory) mem);
mem->alloc((Memory) mem, 1 Kb);
void *temp = mem->alloc((Memory) mem, 2 Kb);
mem->alloc((Memory) mem, 1 Kb);
CU_ASSERT(memory_start(search_memory(temp, new_mem->lists->alloclist, FALSE)) == temp);
CU_ASSERT(priv_free((Memory) mem, temp) == 2 Kb);
CU_ASSERT(memory_start(search_memory(temp, new_mem->lists->alloclist, FALSE)) == NULL);
free_lists(new_mem->lists);
free(new_mem->as->start);
free(new_mem);
}
int main(int argc, char **argv) {
FILE *out;
int pid;
size_t start_address, end_address;
size_t bufferlength;
if (!(argc > 5)) {
printf("%s <pid> <start_address> <end_address> -s -[a|u] <string to search>\n", argv[0]);
printf("Search for occurrences of string.\nIf -a option, search using plain ASCII\n");
printf("If -u option, convert ASCII string to UTF-16 (for Java strings)\n\n");
printf("%s <pid> <start_address> <end_address> -d <file>\n", argv[0]);
printf("dumps memory region to file\n");
printf("Start/end addresses are in hex, without preceding 0x notation\n");
exit(1);
}
// Extract PID from command line
pid = atoi(argv[1]);
// start/end addresses
sscanf(argv[2], "%x", (unsigned int *)&start_address);
sscanf(argv[3], "%x", (unsigned int *)&end_address);
bufferlength = end_address - start_address;
// Attach to process
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);
// Open mem file
char filename[64];
sprintf(filename, "/proc/%d/mem", pid);
char *buffer = malloc(bufferlength);
int mem;
mem = open(filename, O_RDONLY);
pread(mem, buffer, bufferlength, start_address);
// Detach from process
ptrace(PTRACE_CONT, pid, NULL, NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);
// Determine what we're doing
if (strcmp(argv[4], "-d") == 0) {
printf("Dumping %zu bytes to file %s\n", bufferlength, argv[5]);
// Open binary file
out = fopen(argv[5], "wb");
if (out == NULL) {
printf("Can't open file for writing.\n");
free(buffer);
exit(1);
}
fwrite(buffer, sizeof(char), bufferlength, out);
fflush(out);
fclose(out);
}
else if (strcmp(argv[4], "-s") == 0) {
char *findstring = NULL;
int findlength;
if (strcmp(argv[5], "-u") == 0) {
findlength = ascii_to_utf16(argv[6], &findstring);
}
else if (strcmp(argv[5], "-a") == 0) {
findstring = malloc(strlen(argv[6]));
findlength = strlen(argv[6]);
memcpy(findstring, argv[6], findlength);
}
else {
printf("Need a -a or -u option!\n");
free(buffer);
exit(1);
}
int j;
search_memory(buffer, bufferlength, findstring, findlength);
free(findstring);
}
free(buffer);
}
T_exeCode C_SetValueActionMethodExtern::execute(T_pCmd_scenario P_pCmd,
T_pCallContext P_callCtxt,
C_MessageFrame *P_msg,
C_MessageFrame *P_ref) {
T_exeCode L_exeCode = E_EXE_NOERROR ;
int L_ret = 0 ;
T_ValueData L_mem ;
T_ValueData L_result ;
T_ValueData L_value ;
bool L_reset_value = false ;
if (m_string_expr != NULL) {
L_mem = search_memory(P_callCtxt, P_msg, L_reset_value) ;
} else {
L_mem.m_type = E_TYPE_STRING ;
L_mem.m_value.m_val_binary.m_size = 0 ;
L_mem.m_value.m_val_binary.m_value = NULL ;
}
L_value.m_type = E_TYPE_NUMBER ;
L_result.m_type = E_TYPE_NUMBER ;
if (P_msg->get_buffer(&L_value,m_msg_part_type) == -1) {
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
action_name_table[m_type]
<< ": error in body of message");
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
"error on call with session-id ["
<< P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]");
L_exeCode = E_EXE_ERROR;
resetMemory(L_value);
return (L_exeCode);
} else {
L_ret = (*m_external_method)(&L_value,
&L_mem,
&L_result);
if (L_ret != -1) {
if (P_msg->set_field_value(&L_result,
m_id, m_occurence,
m_instance_id,
m_sub_id) == false ) {
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
action_name_table[m_type]
<< ": problem when set field value");
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
"error on call with session-id ["
<< P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]");
L_exeCode = E_EXE_ERROR;
}
} else {
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
action_name_table[m_type]
<< ": problem when using external method (md5 or AKA)");
GEN_LOG_EVENT(LOG_LEVEL_TRAFFIC_ERR,
"error on call with session-id ["
<< P_callCtxt->m_id_table[P_pCmd->m_channel_id] << "]");
L_exeCode = E_EXE_ERROR;
}
resetMemory(L_result);
resetMemory(L_value);
// Temporary fixed, commented the below line. search_memory method doesnt allocate using malloc, hence free dumps
// to be fixed
//resetMemory(L_mem);
}
if (L_reset_value == true) {
L_mem.m_type = E_TYPE_NUMBER ;
}
return (L_exeCode);
}
void debugger(void)
{
extern u_int history[3];
extern int irq0_pending;
static int in_debugger = 0;
char buf[80], buf2[80], reg[4];
u_int i, j, k;
if (in_debugger)
return;
in_debugger ++;
no_exceptions = 1;
#if 0
char *textbuf;
textbuf = (char*)malloc(TEXT_SIZE);
if (!textbuf) {
leaveemu(ERR_MEM);
}
memcpy(textbuf, SCR_STATE.virt_address, TEXT_SIZE);
#endif
push_debug_flags();
DEBUG_OFF();
for(;;) {
printf("\ndbg> ");
if (fgets(buf, 80, stdin) == NULL)
leaveemu(0);
buf[strlen(buf)-1] = 0; /* kill \n */
if (*buf==0) {
continue;
} else if (!strcmp(buf, "help")) {
usage();
} else if (!strcmp(buf, "r")) {
show_regs(0, 0);
} else if (!strcmp(buf, "logue")) {
printf("prologue: 0x%08x\n", UAREA.u_entprologue);
printf("epilogue: 0x%08x\n", UAREA.u_entepilogue);
} else if (!strcmp(buf, "exc")) {
printf("current exception: #0x%x, 0x%x\n", vm86s.trapno, vm86s.err);
printf("pending guest exception: ");
if (vmstate.exc)
printf("#0x%x, 0x%x\n", vmstate.exc_vect, vmstate.exc_erc);
else
printf("none\n");
} else if (!strcmp(buf, "cr")) {
show_cregs();
} else if (!strcmp(buf, "g")) {
REG(eflags) &= ~TF_MASK;
break;
} else if (!strcmp(buf, "q") || !strcmp(buf, "quit")) {
leaveemu(0);
} else if (!strcmp(buf, "disks")) {
print_disks();
} else if (!strcmp(buf, "ptmap")) {
/* everything is in k to avoid overflows */
u_int granularity = 4*1024;
u_int width = 64;
printf("granularity: 0x%08x\n", granularity*1024);
for (i=0; i < (4*1024*1024)/(width*granularity); i++) {
u_int start = i*width*granularity;
printf("0x%08x ", start*1024);
for (j=0; j<width; j++) {
int gp = 0, hp = 0;
for (k=0; k < granularity/NBPG; k++) {
u_int pte, err=0;
pte = sys_read_pte(k*NBPG + (j*granularity + i*width*granularity)*1024, 0, vmstate.eid, &err);
if (err == -E_NOT_FOUND) {
err = pte = 0;
}
if (err == 0) {
if (pte&1) {
if (pte & PG_GUEST)
gp = 1;
else
hp = 1;
}
}
}
if (!gp && !hp)
printf("-");
else if (gp && hp)
printf("+");
else if (gp && !hp)
printf("g");
else
printf("h");
}
printf("\n");
}
#if 0
} else if (!strcmp(buf, "memmap")) {
memcheck_dump();
#endif
} else if (sscanf(buf, "port %x", &i) == 1) {
print_port(i);
} else if (sscanf(buf, "int %x", &i) == 1) {
pop_debug_flags();
push_debug_flags();
no_exceptions = 0;
do_int(i);
no_exceptions = 1;
DEBUG_OFF();
} else if (sscanf(buf, "gdt %x", &i) == 1) {
struct descr *sd;
if (set_get_any(&vmstate.g_gdt_base, (u_int*)&sd)) {
printf("no gdt is defined\n");
continue;
}
print_dt_entry(i, sd);
} else if (sscanf(buf, "idt %x", &i) == 1) {
print_dt_entry(i, (struct descr *)vmstate.g_idt_base);
} else if (sscanf(buf, "ro %x", &i) == 1) {
protect_range(PGROUNDDOWN(i), NBPG);
} else if (sscanf(buf, "rw %x", &i) == 1) {
unprotect_range(PGROUNDDOWN(i), NBPG);
} else if (!strcmp(buf, "history")) {
printf("most recent trap eip: %x %x %x\n", history[2], history[1], history[0]);
} else if (!strcmp(buf, "irq")) {
struct gate_descr *sg = (struct gate_descr *)vmstate.g_idt_base + hardware_irq_number(0);
for (i=0; i<16; i++) {
printf("irq %2d %s, handled by idt[%2d], function @ 0x%08x\n", i, irq_disabled(i) ? "disabled" : " enabled",
hardware_irq_number(i), GATE_OFFSET(sg+i));
}
} else if (sscanf(buf, "dump %x:%x %x", &i, &j, &k) == 2) {
dump_memory((i<<4)+j, k);
} else if (sscanf(buf, "dump %x:%x", &i, &j) == 2) {
dump_memory((i<<4)+j, 0x80);
} else if (sscanf(buf, "dump %x %x", &i, &j) == 2) {
dump_memory(i, j);
} else if (sscanf(buf, "dump %x", &i) == 1) {
dump_memory(i, 0x80);
} else if (!strcmp(buf, "dump")) {
dump_memory(dump_offset, 0x80);
} else if (sscanf(buf, "search %x %79s", &i, buf2) == 2) {
search_memory(i, buf2);
} else if (!strcmp(buf, "debug on")) {
pop_debug_flags();
DEBUG_ON();
push_debug_flags();
} else if (!strcmp(buf, "debug off")) {
pop_debug_flags();
DEBUG_OFF();
push_debug_flags();
} else if (sscanf(buf, "pte %x", &i) == 1) {
Bit32u host_pte = 0;
if (! (vmstate.cr[0] & PG_MASK)) {
printf("guest paging not enabled\n");
printf("guest_phys_to_host_phys(0x%08x) = 0x%08x\n", i, guest_phys_to_host_phys(i));
} else {
Bit32u gpte = guest_pte(i);
printf("guest cr3 0x%08x\n", vmstate.cr[3]);
printf("guest 0x%08x -> 0x%08x\n", i, gpte);
printf("guest_phys_to_host_phys(0x%08x) = 0x%08x\n", gpte & ~PGMASK, guest_phys_to_host_phys(gpte & ~PGMASK));
}
get_host_pte(i, &host_pte);
printf("host 0x%08x -> 0x%08x\n", i, host_pte);
} else if (sscanf(buf, "gp2hp %x", &i) == 1) {
printf("&vmstate.gp2hp[0] = %p, 0x%x mappings\n", vmstate.gp2hp, vmstate.ppages);
if (i<vmstate.ppages)
printf("gp2hp[%x] = 0x%08x\n", i, vmstate.gp2hp[i]);
} else if (!strcmp(buf, "cr3")) {
u_int cr3;
Set *set = &vmstate.cr3;
printf("cr3 register: 0x%08x\n", vmstate.cr[3]);
printf("cr3 set : ");
for(set_iter_init(set); set_iter_get(set, &cr3); set_iter_next(set)) {
printf("0x%08x ", cr3);
}
printf("\n");
} else if (!strcmp(buf, "dt")) {
print_dt_mappings();
printf("h gdt base:lim 0x%08x:0x%04x\n", vmstate.h_gdt_base, vmstate.h_gdt_limit);
printf("h idt base:lim 0x%08x:0x%04x\n", vmstate.h_idt_base, vmstate.h_idt_limit);
} else if (!strcmp(buf, "memory")) {
printf("0x%08x real physical pages (%3d megs)\n", PHYSICAL_PAGES, PHYSICAL_MEGS_RAM);
printf("0x%08x fake physical pages (%3d megs)\n", vmstate.ppages, config.phys_mem_size/1024);
#if 0
printf("Eavesdropping on Linux:\n");
printf("RAM %dk\n", *((Bit32u*)0x901e0));
printf("pointing device? 0x%x\n", *((Bit16u*)0x901ff));
printf("APM? 0x%x\n", *((Bit16u*)0x90040));
#endif
ASSERT(vmstate.ppages == config.phys_mem_size*1024/NBPG);
} else if (sscanf(buf, "%2s=%x", reg, &i) == 2 ||
sscanf(buf, "%3s=%x", reg, &i) == 2) {
int r = reg_s2i(reg);
if (r == -1) {
printf("unknown register\n");
} else if (r==14) {
REG(eip) = i;
} else if (r<=REGNO_EDI) {
set_reg(r, i, 4); /* normal regs */
} else {
set_reg(r, i, 2); /* segment regs */
}
} else {
printf("huh?\n");
}
}
pop_debug_flags();
#if 0
if (debug_flags == 0)
memcpy(SCR_STATE.virt_address, textbuf, TEXT_SIZE);
free(textbuf);
#endif
REG(eflags) |= RF;
in_debugger --;
no_exceptions = 0;
irq0_pending = 0;
}
