1 // Copyright (c) 2006, Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 //     * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 //     * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 //     * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 
30 // process_state.h: A snapshot of a process, in a fully-digested state.
31 //
32 // Author: Mark Mentovai
33 
34 #ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
35 #define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
36 
37 #include <string>
38 #include <vector>
39 
40 #include "common/using_std_string.h"
41 #include "google_breakpad/common/breakpad_types.h"
42 #include "google_breakpad/processor/system_info.h"
43 #include "google_breakpad/processor/minidump.h"
44 
45 namespace google_breakpad {
46 
47 using std::vector;
48 
49 class CallStack;
50 class CodeModules;
51 
52 enum ExploitabilityRating {
53   EXPLOITABILITY_HIGH,                 // The crash likely represents
54                                        // a exploitable memory corruption
55                                        // vulnerability.
56 
57   EXPLOITABILITY_MEDIUM,               // The crash appears to corrupt
58                                        // memory in a way which may be
59                                        // exploitable in some situations.
60 
61   EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM,  // an old misspelling
62 
63   EXPLOITABILITY_LOW,                  // The crash either does not corrupt
64                                        // memory directly or control over
65                                        // the affected data is limited. The
66                                        // issue may still be exploitable
67                                        // on certain platforms or situations.
68 
69   EXPLOITABILITY_INTERESTING,          // The crash does not appear to be
70                                        // directly exploitable. However it
71                                        // represents a condition which should
72                                        // be further analyzed.
73 
74   EXPLOITABILITY_NONE,                 // The crash does not appear to represent
75                                        // an exploitable condition.
76 
77   EXPLOITABILITY_NOT_ANALYZED,         // The crash was not analyzed for
78                                        // exploitability because the engine
79                                        // was disabled.
80 
81   EXPLOITABILITY_ERR_NOENGINE,         // The supplied minidump's platform does
82                                        // not have a exploitability engine
83                                        // associated with it.
84 
85   EXPLOITABILITY_ERR_PROCESSING        // An error occured within the
86                                        // exploitability engine and no rating
87                                        // was calculated.
88 };
89 
90 class ProcessState {
91  public:
ProcessState()92   ProcessState() : modules_(NULL) { Clear(); }
93   ~ProcessState();
94 
95   // Resets the ProcessState to its default values
96   void Clear();
97 
98   // Accessors.  See the data declarations below.
time_date_stamp()99   uint32_t time_date_stamp() const { return time_date_stamp_; }
process_create_time()100   uint32_t process_create_time() const { return process_create_time_; }
crashed()101   bool crashed() const { return crashed_; }
crash_reason()102   string crash_reason() const { return crash_reason_; }
crash_address()103   uint64_t crash_address() const { return crash_address_; }
assertion()104   string assertion() const { return assertion_; }
requesting_thread()105   int requesting_thread() const { return requesting_thread_; }
threads()106   const vector<CallStack*>* threads() const { return &threads_; }
thread_memory_regions()107   const vector<MemoryRegion*>* thread_memory_regions() const {
108     return &thread_memory_regions_;
109   }
system_info()110   const SystemInfo* system_info() const { return &system_info_; }
modules()111   const CodeModules* modules() const { return modules_; }
modules_without_symbols()112   const vector<const CodeModule*>* modules_without_symbols() const {
113     return &modules_without_symbols_;
114   }
modules_with_corrupt_symbols()115   const vector<const CodeModule*>* modules_with_corrupt_symbols() const {
116     return &modules_with_corrupt_symbols_;
117   }
exploitability()118   ExploitabilityRating exploitability() const { return exploitability_; }
119 
120  private:
121   // MinidumpProcessor and MicrodumpProcessor are responsible for building
122   // ProcessState objects.
123   friend class MinidumpProcessor;
124   friend class MicrodumpProcessor;
125 
126   // The time-date stamp of the minidump (time_t format)
127   uint32_t time_date_stamp_;
128 
129   // The time-date stamp when the process was created (time_t format)
130   uint32_t process_create_time_;
131 
132   // True if the process crashed, false if the dump was produced outside
133   // of an exception handler.
134   bool crashed_;
135 
136   // If the process crashed, the type of crash.  OS- and possibly CPU-
137   // specific.  For example, "EXCEPTION_ACCESS_VIOLATION" (Windows),
138   // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV"
139   // (other Unix).
140   string crash_reason_;
141 
142   // If the process crashed, and if crash_reason implicates memory,
143   // the memory address that caused the crash.  For data access errors,
144   // this will be the data address that caused the fault.  For code errors,
145   // this will be the address of the instruction that caused the fault.
146   uint64_t crash_address_;
147 
148   // If there was an assertion that was hit, a textual representation
149   // of that assertion, possibly including the file and line at which
150   // it occurred.
151   string assertion_;
152 
153   // The index of the thread that requested a dump be written in the
154   // threads vector.  If a dump was produced as a result of a crash, this
155   // will point to the thread that crashed.  If the dump was produced as
156   // by user code without crashing, and the dump contains extended Breakpad
157   // information, this will point to the thread that requested the dump.
158   // If the dump was not produced as a result of an exception and no
159   // extended Breakpad information is present, this field will be set to -1,
160   // indicating that the dump thread is not available.
161   int requesting_thread_;
162 
163   // Stacks for each thread (except possibly the exception handler
164   // thread) at the time of the crash.
165   vector<CallStack*> threads_;
166   vector<MemoryRegion*> thread_memory_regions_;
167 
168   // OS and CPU information.
169   SystemInfo system_info_;
170 
171   // The modules that were loaded into the process represented by the
172   // ProcessState.
173   const CodeModules *modules_;
174 
175   // The modules that didn't have symbols when the report was processed.
176   vector<const CodeModule*> modules_without_symbols_;
177 
178   // The modules that had corrupt symbols when the report was processed.
179   vector<const CodeModule*> modules_with_corrupt_symbols_;
180 
181   // The exploitability rating as determined by the exploitability
182   // engine. When the exploitability engine is not enabled this
183   // defaults to EXPLOITABILITY_NONE.
184   ExploitabilityRating exploitability_;
185 };
186 
187 }  // namespace google_breakpad
188 
189 #endif  // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__
190