1  // Copyright 2006 Google LLC
  2  //
  3  // Redistribution and use in source and binary forms, with or without
  4  // modification, are permitted provided that the following conditions are
  5  // met:
  6  //
  7  //     * Redistributions of source code must retain the above copyright
  8  // notice, this list of conditions and the following disclaimer.
  9  //     * Redistributions in binary form must reproduce the above
 10  // copyright notice, this list of conditions and the following disclaimer
 11  // in the documentation and/or other materials provided with the
 12  // distribution.
 13  //     * Neither the name of Google LLC nor the names of its
 14  // contributors may be used to endorse or promote products derived from
 15  // this software without specific prior written permission.
 16  //
 17  // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 18  // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 19  // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 20  // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 21  // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 22  // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 23  // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 24  // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 25  // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 26  // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 27  // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 28  
 29  // process_state.h: A snapshot of a process, in a fully-digested state.
 30  //
 31  // Author: Mark Mentovai
 32  
 33  #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
 34  #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
 35  
 36  #include <string>
 37  #include <vector>
 38  
 39  #include "common/using_std_string.h"
 40  #include "google_breakpad/common/breakpad_types.h"
 41  #include "google_breakpad/processor/code_modules.h"
 42  #include "google_breakpad/processor/exception_record.h"
 43  #include "google_breakpad/processor/minidump.h"
 44  #include "google_breakpad/processor/system_info.h"
 45  #include "processor/linked_ptr.h"
 46  
 47  namespace google_breakpad {
 48  
 49  using std::vector;
 50  
 51  class CallStack;
 52  class CodeModules;
 53  
 54  enum ExploitabilityRating {
 55    EXPLOITABILITY_HIGH,                 // The crash likely represents
 56                                         // a exploitable memory corruption
 57                                         // vulnerability.
 58  
 59    EXPLOITABILITY_MEDIUM,               // The crash appears to corrupt
 60                                         // memory in a way which may be
 61                                         // exploitable in some situations.
 62  
 63    EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM,  // an old misspelling
 64  
 65    EXPLOITABILITY_LOW,                  // The crash either does not corrupt
 66                                         // memory directly or control over
 67                                         // the affected data is limited. The
 68                                         // issue may still be exploitable
 69                                         // on certain platforms or situations.
 70  
 71    EXPLOITABILITY_INTERESTING,          // The crash does not appear to be
 72                                         // directly exploitable. However it
 73                                         // represents a condition which should
 74                                         // be further analyzed.
 75  
 76    EXPLOITABILITY_NONE,                 // The crash does not appear to represent
 77                                         // an exploitable condition.
 78  
 79    EXPLOITABILITY_NOT_ANALYZED,         // The crash was not analyzed for
 80                                         // exploitability because the engine
 81                                         // was disabled.
 82  
 83    EXPLOITABILITY_ERR_NOENGINE,         // The supplied minidump's platform does
 84                                         // not have a exploitability engine
 85                                         // associated with it.
 86  
 87    EXPLOITABILITY_ERR_PROCESSING        // An error occured within the
 88                                         // exploitability engine and no rating
 89                                         // was calculated.
 90  };
 91  
 92  class ProcessState {
 93   public:
 94    ProcessState() : modules_(NULL), unloaded_modules_(NULL) { Clear(); }
 95    ~ProcessState();
 96  
 97    // Resets the ProcessState to its default values
 98    void Clear();
 99  
100    // Accessors.  See the data declarations below.
101    uint32_t time_date_stamp() const { return time_date_stamp_; }
102    uint32_t process_create_time() const { return process_create_time_; }
103    bool crashed() const { return crashed_; }
104    string crash_reason() const { return crash_reason_; }
105    uint64_t crash_address() const { return crash_address_; }
106    string assertion() const { return assertion_; }
107    int requesting_thread() const { return requesting_thread_; }
108    const ExceptionRecord* exception_record() const { return &exception_record_; }
109    const vector<CallStack*>* threads() const { return &threads_; }
110    const vector<MemoryRegion*>* thread_memory_regions() const {
111      return &thread_memory_regions_;
112    }
113    const vector<string>* thread_names() const { return &thread_names_; }
114    const SystemInfo* system_info() const { return &system_info_; }
115    const CodeModules* modules() const { return modules_; }
116    const CodeModules* unloaded_modules() const { return unloaded_modules_; }
117    const vector<linked_ptr<const CodeModule> >* shrunk_range_modules() const {
118      return &shrunk_range_modules_;
119    }
120    const vector<const CodeModule*>* modules_without_symbols() const {
121      return &modules_without_symbols_;
122    }
123    const vector<const CodeModule*>* modules_with_corrupt_symbols() const {
124      return &modules_with_corrupt_symbols_;
125    }
126    ExploitabilityRating exploitability() const { return exploitability_; }
127  
128   private:
129    // MinidumpProcessor and MicrodumpProcessor are responsible for building
130    // ProcessState objects.
131    friend class MinidumpProcessor;
132    friend class MicrodumpProcessor;
133  
134    // The time-date stamp of the minidump (time_t format)
135    uint32_t time_date_stamp_;
136  
137    // The time-date stamp when the process was created (time_t format)
138    uint32_t process_create_time_;
139  
140    // True if the process crashed, false if the dump was produced outside
141    // of an exception handler.
142    bool crashed_;
143  
144    // If the process crashed, the type of crash.  OS- and possibly CPU-
145    // specific.  For example, "EXCEPTION_ACCESS_VIOLATION" (Windows),
146    // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV"
147    // (other Unix).
148    string crash_reason_;
149  
150    // If the process crashed, and if crash_reason implicates memory,
151    // the memory address that caused the crash.  For data access errors,
152    // this will be the data address that caused the fault.  For code errors,
153    // this will be the address of the instruction that caused the fault.
154    uint64_t crash_address_;
155  
156    // If there was an assertion that was hit, a textual representation
157    // of that assertion, possibly including the file and line at which
158    // it occurred.
159    string assertion_;
160  
161    // The index of the thread that requested a dump be written in the
162    // threads vector.  If a dump was produced as a result of a crash, this
163    // will point to the thread that crashed.  If the dump was produced as
164    // by user code without crashing, and the dump contains extended Breakpad
165    // information, this will point to the thread that requested the dump.
166    // If the dump was not produced as a result of an exception and no
167    // extended Breakpad information is present, this field will be set to -1,
168    // indicating that the dump thread is not available.
169    int requesting_thread_;
170  
171    // Exception record details: code, flags, address, parameters.
172    ExceptionRecord exception_record_;
173  
174    // Stacks for each thread (except possibly the exception handler
175    // thread) at the time of the crash.
176    vector<CallStack*> threads_;
177    vector<MemoryRegion*> thread_memory_regions_;
178  
179    // Names of each thread at the time of the crash, one for each entry in
180    // threads_. Note that a thread's name might be empty if there was no
181    // corresponding ThreadNamesStream in the minidump, or if a particular thread
182    // ID was not present in the THREAD_NAME_LIST.
183    vector<string> thread_names_;
184  
185    // OS and CPU information.
186    SystemInfo system_info_;
187  
188    // The modules that were loaded into the process represented by the
189    // ProcessState.
190    const CodeModules *modules_;
191  
192    // The modules that have been unloaded from the process represented by the
193    // ProcessState.
194    const CodeModules *unloaded_modules_;
195  
196    // The modules which virtual address ranges were shrunk down due to
197    // virtual address conflicts.
198    vector<linked_ptr<const CodeModule> > shrunk_range_modules_;
199  
200    // The modules that didn't have symbols when the report was processed.
201    vector<const CodeModule*> modules_without_symbols_;
202  
203    // The modules that had corrupt symbols when the report was processed.
204    vector<const CodeModule*> modules_with_corrupt_symbols_;
205  
206    // The exploitability rating as determined by the exploitability
207    // engine. When the exploitability engine is not enabled this
208    // defaults to EXPLOITABILITY_NOT_ANALYZED.
209    ExploitabilityRating exploitability_;
210  };
211  
212  }  // namespace google_breakpad
213  
214  #endif  // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__