Пример #1
0
/**
 * Signal handler for SIGTRAP 
 * @param signum
 * @param info
 * @param pcontext
 * @return
 */
void            e2dbg_sigtrap_handler(int signum, siginfo_t *info, void *pcontext)
{
  char		*argv[2];
  //ucontext_t	*context;
  e2dbgparams_t	params;

  CLRSIG;
  e2dbg_presence_set();

#if (__DEBUG_THREADS__ || __DEBUG_E2DBG__ || __DEBUG_MUTEX__)
  if (!e2dbg_presence_get())
    e2dbg_output(" [*] Debuggee in SIGTRAP handler\n");
  else 
    e2dbg_output(" [*] Debugger in SIGTRAP handler\n");
#endif

  //context = (ucontext_t *) pcontext;
  argv[0] = E2DBG_ARGV0;
  argv[1] = NULL;
  e2dbg_output(" [*] SIGTRAP : Entering E2dbg.\n");
  params.ac = 1;
  params.av = argv;
  e2dbg_entry(&params);
  e2dbg_presence_reset();
  SETSIG;
}
Пример #2
0
/**
 * Resolve symbol in one file or all (mapped) if we are in e2dbg
 * Runtime compatible.
 * @param file
 * @param addr
 * @param roffset
 * @return
*/
char		*revm_resolve(elfshobj_t *file, eresi_Addr addr, elfsh_SAddr *roffset)
{
    int		index;
    elfshobj_t	*actual;
    char		*name = NULL;
    char		*dname = NULL;
    elfsh_SAddr	offset = 0;
    elfsh_SAddr	doffset = 0;
    char		*bestname = NULL;
    elfsh_SAddr	bestoffset;
    elfshobj_t	*bestfile;
    char		buf[BUFSIZ];
    char		*str;
    char		**keys;
    int		keynbr;

    PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
    if (!file)
        PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
                     "Invalid NULL argument", NULL);

    actual = file;
    name = elfsh_reverse_symbol(actual, addr, &offset);
    dname = elfsh_reverse_dynsymbol(actual, addr, &doffset);

#if __DEBUG_RESOLVE__
    printf("[elfsh:resolve] First found file : %s name = %s:%d / dname = %s:%d ("XFMT") \n",
           actual->name, name, offset, dname, doffset, addr);
#endif

    if (!name || (dname && !strcmp(name, ELFSH_SECTION_NAME_PLT)) ||
            (offset < 0) || (dname && doffset < offset && doffset >= 0))
    {
        name = dname;
        offset = doffset;
    }
    else if (name && dname && doffset == offset)
        name = dname;

    bestname = name;
    bestoffset = offset;
    bestfile = actual;

    /* Find the best symbol by searching in all the objects of the process */
    if (e2dbg_presence_get())
    {
        keys = hash_get_keys(&world.curjob->loaded, &keynbr);
        for (index = 0; index < keynbr; index++)
        {
            actual = hash_get(&world.curjob->loaded, keys[index]);
            if (!actual->linkmap)
                continue;

            name = elfsh_reverse_symbol(actual, addr, &offset);
            dname = elfsh_reverse_dynsymbol(actual, addr, &doffset);

            if (!name || (offset < 0) ||
                    (dname && doffset < offset && doffset >= 0))
            {
                name = dname;
                offset = doffset;
            }

            if (!bestname ||
                    (bestoffset < 0) || (name && (offset < bestoffset) && offset >= 0))
            {
                bestname = name;
                bestoffset = offset;
                bestfile = actual;

#if __DEBUG_RESOLVE__
                fprintf(stderr, "[elfsh:resolve] Changed best : file %s name %s %d\n",
                        actual->name, name, offset);
#endif

            }

        }
    }

#if __DEBUG_RESOLVE__
    printf("[elfsh:resolve] BEST name %s %d\n", bestname, bestoffset);
#endif

    if (roffset)
        *roffset = bestoffset;

    if (bestname == NULL)
        PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
                     "Unable to resolve best name", (NULL));

    if (elfsh_is_runtime_mode())
    {
        str = revm_basename(bestfile->name);
        snprintf(buf, BUFSIZ, "%s@%s",
                 bestname, (str ? str : "CORRUPTED"));
    }
    else
        snprintf(buf, BUFSIZ, "%s", bestname);

    PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, strdup(buf));

}