vdb.extensions.gdbstub

1 2 import vtrace 3 import vdb.extensions.windows as vdb_windows 4

5 -def ethread(db, line):

6 ''' 7 Display information about the currently stopped ethread. 8 9 Usage: ethread 10 #FIXME support listing them 11 #FIXME support ethread interp arbitrary address 12 ''' 13 t = db.getTrace() 14 t.requireNotRunning() 15 fsbase = t.getVariable('fsbase') 16 kpcr = t.getStruct('nt.KPCR', fsbase) 17 ethraddr = kpcr.PrcbData.CurrentThread 18 ethr = t.getStruct('nt.ETHREAD', ethraddr) 19 db.vprint(ethr.tree(va=ethraddr))

20

21 -def eprocess(db, line):

22 ''' 23 Display information about the currently stopped eprocess. 24 25 Usage: eprocess 26 #FIXME support listing 27 #FIXME support eprocess interp address 28 ''' 29 t = db.getTrace() 30 t.requireNotRunning() 31 fsbase = t.getVariable('fsbase') 32 kpcr = t.getStruct('nt.KPCR', fsbase) 33 ethraddr = kpcr.PrcbData.CurrentThread 34 ethr = t.getStruct('nt.ETHREAD', ethraddr) 35 eprocaddr = ethr.Tcb.ApcState.Process 36 eproc = t.getStruct('nt.EPROCESS', eprocaddr) 37 db.vprint(eproc.tree(va=eprocaddr))

38

39 -def kpcr(db, line):

40 ''' 41 Show the kpcr structure for the currently stopped kernel. 42 43 Usage: kpcr 44 ''' 45 t = db.getTrace() 46 t.requireNotRunning() 47 fsbase = t._getVmwareReg('fs') 48 kpcr = t.getStruct('nt.KPCR', fsbase) 49 db.vprint(kpcr.tree(va=fsbase))

50 51 # FIXME do we need to make gdbstub a package so it can have subs? 52

53 -def armcore(db, line):

54 ''' 55 Show / set the 'mode' of the arm core between arm and thumb. 56 57 Usage: armcore [arm|thumb] 58 ''' 59 t = db.getTrace() 60 t.requireNotRunning() 61 62 if line: 63 if line not in ('arm','thumb'): 64 return db.do_help('armcore') 65 cmdstr = t._monitorCommand('arm core_state %s' % line) 66 else: 67 cmdstr = t._monitorCommand('arm core_state') 68 69 mode = cmdstr.split(':')[1].strip() 70 db.vprint('Arm Core Mode: %s' % mode)

71

72 -class GdbStubNotifier(vtrace.Notifier):

73

74 - def __init__(self, db):

75 vtrace.Notifier.__init__(self) 76 self._db = db

77

78 - def notify(self, event, trace):

79 if event != vtrace.NOTIFY_ATTACH: 80 return 81 82 targarch = trace.getMeta('Architecture') 83 gdbplatform = trace.getMeta('GdbPlatform') 84 targplatform = trace.getMeta('GdbTargetPlatform') 85 86 #print 'Target Architecture: %s' % targarch 87 #print 'Gdb Platform: %s' % gdbplatform 88 #print 'Target Platform: %s' % targplatform 89 90 if gdbplatform in ('VMware32','Qemu32'): 91 92 if targplatform == 'Windows': 93 self._db.registerCmdExtension(vdb_windows.aslr) 94 self._db.registerCmdExtension(vdb_windows.pe) 95 self._db.registerCmdExtension(ethread) 96 self._db.registerCmdExtension(eprocess) 97 98 elif gdbplatform == 'OpenOCD': 99 100 # If we are openocd, lets add some commands for jtag etc.. 101 if targarch == 'arm': 102 #import vdb.extensions.arm as vdb_arm 103 self._db.registerCmdExtension(armcore)

104 #self._db.registerCmdExtension(vdb_arm.thumb) 105

106 -def gdbmon(db, line):

107 ''' 108 Issue a gdb "monitor" command which allows access to the extensions 109 inside the gdb stub. 110 111 Example: gdbmon r fs 112 113 (try: "gdbmon help" for info on supported commands in the target stub) 114 ''' 115 if len(line) == 0: 116 return db.do_help('gdbmon') 117 t = db.getTrace() 118 #t.requireNotRunning() 119 resp = t._monitorCommand(line) 120 db.vprint('gdb> %s' % line) 121 db.vprint(resp)

122

123 -def vdbExtension(db, trace):

124 notif = GdbStubNotifier(db) 125 db.registerCmdExtension(gdbmon) 126 db.registerNotifier(vtrace.NOTIFY_ATTACH, notif)

127

Source Code for Module vdb.extensions.gdbstub