1 // Copyright (c) 2006, Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 //     * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 //     * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 //     * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 
30 // process_state.h: A snapshot of a process, in a fully-digested state.
31 //
32 // Author: Mark Mentovai
33 
34 #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
35 #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
36 
37 #include <string>
38 #include <vector>
39 
40 #include "common/using_std_string.h"
41 #include "google_breakpad/common/breakpad_types.h"
42 #include "google_breakpad/processor/code_modules.h"
43 #include "google_breakpad/processor/exception_record.h"
44 #include "google_breakpad/processor/minidump.h"
45 #include "google_breakpad/processor/system_info.h"
46 #include "processor/linked_ptr.h"
47 
48 namespace google_breakpad {
49 
50 using std::vector;
51 
52 class CallStack;
53 class CodeModules;
54 
55 enum ExploitabilityRating {
56   EXPLOITABILITY_HIGH,                 // The crash likely represents
57                                        // a exploitable memory corruption
58                                        // vulnerability.
59 
60   EXPLOITABILITY_MEDIUM,               // The crash appears to corrupt
61                                        // memory in a way which may be
62                                        // exploitable in some situations.
63 
64   EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM,  // an old misspelling
65 
66   EXPLOITABILITY_LOW,                  // The crash either does not corrupt
67                                        // memory directly or control over
68                                        // the affected data is limited. The
69                                        // issue may still be exploitable
70                                        // on certain platforms or situations.
71 
72   EXPLOITABILITY_INTERESTING,          // The crash does not appear to be
73                                        // directly exploitable. However it
74                                        // represents a condition which should
75                                        // be further analyzed.
76 
77   EXPLOITABILITY_NONE,                 // The crash does not appear to represent
78                                        // an exploitable condition.
79 
80   EXPLOITABILITY_NOT_ANALYZED,         // The crash was not analyzed for
81                                        // exploitability because the engine
82                                        // was disabled.
83 
84   EXPLOITABILITY_ERR_NOENGINE,         // The supplied minidump's platform does
85                                        // not have a exploitability engine
86                                        // associated with it.
87 
88   EXPLOITABILITY_ERR_PROCESSING        // An error occured within the
89                                        // exploitability engine and no rating
90                                        // was calculated.
91 };
92 
93 class ProcessState {
94  public:
ProcessState()95   ProcessState() : modules_(NULL), unloaded_modules_(NULL) { Clear(); }
96   ~ProcessState();
97 
98   // Resets the ProcessState to its default values
99   void Clear();
100 
101   // Accessors.  See the data declarations below.
time_date_stamp()102   uint32_t time_date_stamp() const { return time_date_stamp_; }
process_create_time()103   uint32_t process_create_time() const { return process_create_time_; }
crashed()104   bool crashed() const { return crashed_; }
crash_reason()105   string crash_reason() const { return crash_reason_; }
crash_address()106   uint64_t crash_address() const { return crash_address_; }
assertion()107   string assertion() const { return assertion_; }
requesting_thread()108   int requesting_thread() const { return requesting_thread_; }
exception_record()109   const ExceptionRecord* exception_record() const { return &exception_record_; }
threads()110   const vector<CallStack*>* threads() const { return &threads_; }
thread_memory_regions()111   const vector<MemoryRegion*>* thread_memory_regions() const {
112     return &thread_memory_regions_;
113   }
system_info()114   const SystemInfo* system_info() const { return &system_info_; }
modules()115   const CodeModules* modules() const { return modules_; }
unloaded_modules()116   const CodeModules* unloaded_modules() const { return unloaded_modules_; }
shrunk_range_modules()117   const vector<linked_ptr<const CodeModule> >* shrunk_range_modules() const {
118     return &shrunk_range_modules_;
119   }
modules_without_symbols()120   const vector<const CodeModule*>* modules_without_symbols() const {
121     return &modules_without_symbols_;
122   }
modules_with_corrupt_symbols()123   const vector<const CodeModule*>* modules_with_corrupt_symbols() const {
124     return &modules_with_corrupt_symbols_;
125   }
exploitability()126   ExploitabilityRating exploitability() const { return exploitability_; }
127 
128  private:
129   // MinidumpProcessor and MicrodumpProcessor are responsible for building
130   // ProcessState objects.
131   friend class MinidumpProcessor;
132   friend class MicrodumpProcessor;
133 
134   // The time-date stamp of the minidump (time_t format)
135   uint32_t time_date_stamp_;
136 
137   // The time-date stamp when the process was created (time_t format)
138   uint32_t process_create_time_;
139 
140   // True if the process crashed, false if the dump was produced outside
141   // of an exception handler.
142   bool crashed_;
143 
144   // If the process crashed, the type of crash.  OS- and possibly CPU-
145   // specific.  For example, "EXCEPTION_ACCESS_VIOLATION" (Windows),
146   // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV"
147   // (other Unix).
148   string crash_reason_;
149 
150   // If the process crashed, and if crash_reason implicates memory,
151   // the memory address that caused the crash.  For data access errors,
152   // this will be the data address that caused the fault.  For code errors,
153   // this will be the address of the instruction that caused the fault.
154   uint64_t crash_address_;
155 
156   // If there was an assertion that was hit, a textual representation
157   // of that assertion, possibly including the file and line at which
158   // it occurred.
159   string assertion_;
160 
161   // The index of the thread that requested a dump be written in the
162   // threads vector.  If a dump was produced as a result of a crash, this
163   // will point to the thread that crashed.  If the dump was produced as
164   // by user code without crashing, and the dump contains extended Breakpad
165   // information, this will point to the thread that requested the dump.
166   // If the dump was not produced as a result of an exception and no
167   // extended Breakpad information is present, this field will be set to -1,
168   // indicating that the dump thread is not available.
169   int requesting_thread_;
170 
171   // Exception record details: code, flags, address, parameters.
172   ExceptionRecord exception_record_;
173 
174   // Stacks for each thread (except possibly the exception handler
175   // thread) at the time of the crash.
176   vector<CallStack*> threads_;
177   vector<MemoryRegion*> thread_memory_regions_;
178 
179   // OS and CPU information.
180   SystemInfo system_info_;
181 
182   // The modules that were loaded into the process represented by the
183   // ProcessState.
184   const CodeModules *modules_;
185 
186   // The modules that have been unloaded from the process represented by the
187   // ProcessState.
188   const CodeModules *unloaded_modules_;
189 
190   // The modules which virtual address ranges were shrunk down due to
191   // virtual address conflicts.
192   vector<linked_ptr<const CodeModule> > shrunk_range_modules_;
193 
194   // The modules that didn't have symbols when the report was processed.
195   vector<const CodeModule*> modules_without_symbols_;
196 
197   // The modules that had corrupt symbols when the report was processed.
198   vector<const CodeModule*> modules_with_corrupt_symbols_;
199 
200   // The exploitability rating as determined by the exploitability
201   // engine. When the exploitability engine is not enabled this
202   // defaults to EXPLOITABILITY_NOT_ANALYZED.
203   ExploitabilityRating exploitability_;
204 };
205 
206 }  // namespace google_breakpad
207 
208 #endif  // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
209