Source Code for Module vdb.recon.sniper

 1  '''
 
 2  Specialized breakpoints which identify dangerous calling
 
 3  mechanisms and tag them.
 
 4  ''' 
 5  import envi.memory as e_mem 
 6  import vtrace.breakpoints as vt_breakpoints 
 7  
 
 8 -def getStackArg(trace, argidx): 
 9      '''
 
10      Assuming we are at the instruction after
 
11      a call, grab the stack argument at the specified
 
12      index (skipping the saved instruction pointer).
 
13      ''' 
14      stack = trace.getStackCounter() 
15      fmt = '<P' + ('P' * (argidx+1)) 
16      args = trace.readMemoryFormat(stack, fmt) 
17      return args[-1] 
18  
 
19 -class SniperDynArgBreak(vt_breakpoints.Breakpoint): 
20      '''
 
21      A breakpoint for use in determining if an API was called
 
22      with a dynamic pointer.
 
23      ''' 
24  
 
25 -    def __init__(self, symname, argidx): 
26          vt_breakpoints.Breakpoint.__init__(self, None, expression=symname) 
27          self.fastbreak = True 
28          self._argidx = argidx 
29          self._symname = symname 
30  
 
31 -    def getName(self): 
32          return '%s argidx: %d' % (self._symname, self._argidx) 
33  
 
34 -    def notify(self, event, trace): 
35          arg = getStackArg(trace, self._argidx) 
36          self.fastbreak = True 
37          if trace.probeMemory(arg, 1, e_mem.MM_WRITE): 
38              print 'SNIPER: %s TOOK DYNAMIC ARG IDX %d (0x%.8x)' % (self._symname, self._argidx, arg) 
39              self.fastbreak = False 
40  
 
41 -class SniperArgValueBreak(vt_breakpoints.Breakpoint): 
42      '''
 
43      A breakpoint for monitoring an API for being called with a particular
 
44      value.
 
45      ''' 
46 -    def __init__(self, symname, argidx, argval): 
47          pass 
48  
 
49 -def snipeDynArg(trace, symname, argidx): 
50      '''
 
51      Construct a SnyperDynArgBreak and snap it in.
 
52      ''' 
53      bp = SniperDynArgBreak(symname, argidx) 
54      bpid = trace.addBreakpoint(bp) 
55      return bpid 
56