Cradicle Explorer
breakpad
/ src / processor / exploitability_linux.h
exploitability_linux.h
 1  // Copyright 2013 Google LLC
 2  //
 3  // Redistribution and use in source and binary forms, with or without
 4  // modification, are permitted provided that the following conditions are
 5  // met:
 6  //
 7  //     * Redistributions of source code must retain the above copyright
 8  // notice, this list of conditions and the following disclaimer.
 9  //     * Redistributions in binary form must reproduce the above
10  // copyright notice, this list of conditions and the following disclaimer
11  // in the documentation and/or other materials provided with the
12  // distribution.
13  //     * Neither the name of Google LLC nor the names of its
14  // contributors may be used to endorse or promote products derived from
15  // this software without specific prior written permission.
16  //
17  // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20  // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21  // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22  // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23  // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24  // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25  // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27  // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  
29  // exploitability_linux.h: Linux specific exploitability engine.
30  //
31  // Provides a guess at the exploitability of the crash for the Linux
32  // platform given a minidump and process_state.
33  //
34  // Author: Matthew Riley
35  
36  #ifndef GOOGLE_BREAKPAD_PROCESSOR_EXPLOITABILITY_LINUX_H_
37  #define GOOGLE_BREAKPAD_PROCESSOR_EXPLOITABILITY_LINUX_H_
38  
39  #include "google_breakpad/common/breakpad_types.h"
40  #include "google_breakpad/processor/exploitability.h"
41  
42  namespace google_breakpad {
43  
44  class ExploitabilityLinux : public Exploitability {
45   public:
46    ExploitabilityLinux(Minidump* dump,
47                        ProcessState* process_state);
48  
49    // Parameters are the minidump to analyze, the object representing process
50    // state, and whether to enable objdump disassembly.
51    // Enabling objdump will allow exploitability analysis to call out to
52    // objdump for diassembly. It is used to check the identity of the
53    // instruction that caused the program to crash. If there are any
54    // portability concerns, this should not be enabled.
55    ExploitabilityLinux(Minidump* dump,
56                        ProcessState* process_state,
57                        bool enable_objdump);
58  
59    virtual ExploitabilityRating CheckPlatformExploitability();
60  
61   private:
62    friend class ExploitabilityLinuxTest;
63  
64    // Takes the address of the instruction pointer and returns
65    // whether the instruction pointer lies in a valid instruction region.
66    bool InstructionPointerInCode(uint64_t instruction_ptr);
67  
68    // Checks the exception that triggered the creation of the
69    // minidump and reports whether the exception suggests no exploitability.
70    bool BenignCrashTrigger(const MDRawExceptionStream* raw_exception_stream);
71  
72    // This method checks if the crash occurred during a write to read-only or
73    // invalid memory. It does so by checking if the instruction at the
74    // instruction pointer is a write instruction, and if the target of the
75    // instruction is at a spot in memory that prohibits writes.
76    bool EndedOnIllegalWrite(uint64_t instruction_ptr);
77  
78    // Checks if the stack pointer points to a memory mapping that is not
79    // labelled as the stack.
80    bool StackPointerOffStack(uint64_t stack_ptr);
81  
82    // Checks if the stack or heap are marked executable according
83    // to the memory mappings.
84    bool ExecutableStackOrHeap();
85  
86    // Whether this exploitability engine is permitted to shell out to objdump
87    // to disassemble raw bytes.
88    bool enable_objdump_;
89  };
90  
91  }  // namespace google_breakpad
92  
93  #endif  // GOOGLE_BREAKPAD_PROCESSOR_EXPLOITABILITY_LINUX_H_