1// Copyright (c) 2006, Google Inc. 2// All rights reserved. 3// 4// Redistribution and use in source and binary forms, with or without 5// modification, are permitted provided that the following conditions are 6// met: 7// 8// * Redistributions of source code must retain the above copyright 9// notice, this list of conditions and the following disclaimer. 10// * Redistributions in binary form must reproduce the above 11// copyright notice, this list of conditions and the following disclaimer 12// in the documentation and/or other materials provided with the 13// distribution. 14// * Neither the name of Google Inc. nor the names of its 15// contributors may be used to endorse or promote products derived from 16// this software without specific prior written permission. 17// 18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 30// process_state.h: A snapshot of a process, in a fully-digested state. 31// 32// Author: Mark Mentovai 33 34#ifndef GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 35#define GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 36 37#include <string> 38#include <vector> 39 40#include "common/using_std_string.h" 41#include "google_breakpad/common/breakpad_types.h" 42#include "google_breakpad/processor/system_info.h" 43#include "google_breakpad/processor/minidump.h" 44 45namespace google_breakpad { 46 47using std::vector; 48 49class CallStack; 50class CodeModules; 51 52enum ExploitabilityRating { 53 EXPLOITABILITY_HIGH, // The crash likely represents 54 // a exploitable memory corruption 55 // vulnerability. 56 57 EXPLOITABILITY_MEDIUM, // The crash appears to corrupt 58 // memory in a way which may be 59 // exploitable in some situations. 60 61 EXPLOITABLITY_MEDIUM = EXPLOITABILITY_MEDIUM, // an old misspelling 62 63 EXPLOITABILITY_LOW, // The crash either does not corrupt 64 // memory directly or control over 65 // the affected data is limited. The 66 // issue may still be exploitable 67 // on certain platforms or situations. 68 69 EXPLOITABILITY_INTERESTING, // The crash does not appear to be 70 // directly exploitable. However it 71 // represents a condition which should 72 // be further analyzed. 73 74 EXPLOITABILITY_NONE, // The crash does not appear to represent 75 // an exploitable condition. 76 77 EXPLOITABILITY_NOT_ANALYZED, // The crash was not analyzed for 78 // exploitability because the engine 79 // was disabled. 80 81 EXPLOITABILITY_ERR_NOENGINE, // The supplied minidump's platform does 82 // not have a exploitability engine 83 // associated with it. 84 85 EXPLOITABILITY_ERR_PROCESSING // An error occured within the 86 // exploitability engine and no rating 87 // was calculated. 88}; 89 90class ProcessState { 91 public: 92 ProcessState() : modules_(NULL) { Clear(); } 93 ~ProcessState(); 94 95 // Resets the ProcessState to its default values 96 void Clear(); 97 98 // Accessors. See the data declarations below. 99 uint32_t time_date_stamp() const { return time_date_stamp_; } 100 uint32_t process_create_time() const { return process_create_time_; } 101 bool crashed() const { return crashed_; } 102 string crash_reason() const { return crash_reason_; } 103 uint64_t crash_address() const { return crash_address_; } 104 string assertion() const { return assertion_; } 105 int requesting_thread() const { return requesting_thread_; } 106 const vector<CallStack*>* threads() const { return &threads_; } 107 const vector<MemoryRegion*>* thread_memory_regions() const { 108 return &thread_memory_regions_; 109 } 110 const SystemInfo* system_info() const { return &system_info_; } 111 const CodeModules* modules() const { return modules_; } 112 const vector<const CodeModule*>* modules_without_symbols() const { 113 return &modules_without_symbols_; 114 } 115 const vector<const CodeModule*>* modules_with_corrupt_symbols() const { 116 return &modules_with_corrupt_symbols_; 117 } 118 ExploitabilityRating exploitability() const { return exploitability_; } 119 120 private: 121 // MinidumpProcessor and MicrodumpProcessor are responsible for building 122 // ProcessState objects. 123 friend class MinidumpProcessor; 124 friend class MicrodumpProcessor; 125 126 // The time-date stamp of the minidump (time_t format) 127 uint32_t time_date_stamp_; 128 129 // The time-date stamp when the process was created (time_t format) 130 uint32_t process_create_time_; 131 132 // True if the process crashed, false if the dump was produced outside 133 // of an exception handler. 134 bool crashed_; 135 136 // If the process crashed, the type of crash. OS- and possibly CPU- 137 // specific. For example, "EXCEPTION_ACCESS_VIOLATION" (Windows), 138 // "EXC_BAD_ACCESS / KERN_INVALID_ADDRESS" (Mac OS X), "SIGSEGV" 139 // (other Unix). 140 string crash_reason_; 141 142 // If the process crashed, and if crash_reason implicates memory, 143 // the memory address that caused the crash. For data access errors, 144 // this will be the data address that caused the fault. For code errors, 145 // this will be the address of the instruction that caused the fault. 146 uint64_t crash_address_; 147 148 // If there was an assertion that was hit, a textual representation 149 // of that assertion, possibly including the file and line at which 150 // it occurred. 151 string assertion_; 152 153 // The index of the thread that requested a dump be written in the 154 // threads vector. If a dump was produced as a result of a crash, this 155 // will point to the thread that crashed. If the dump was produced as 156 // by user code without crashing, and the dump contains extended Breakpad 157 // information, this will point to the thread that requested the dump. 158 // If the dump was not produced as a result of an exception and no 159 // extended Breakpad information is present, this field will be set to -1, 160 // indicating that the dump thread is not available. 161 int requesting_thread_; 162 163 // Stacks for each thread (except possibly the exception handler 164 // thread) at the time of the crash. 165 vector<CallStack*> threads_; 166 vector<MemoryRegion*> thread_memory_regions_; 167 168 // OS and CPU information. 169 SystemInfo system_info_; 170 171 // The modules that were loaded into the process represented by the 172 // ProcessState. 173 const CodeModules *modules_; 174 175 // The modules that didn't have symbols when the report was processed. 176 vector<const CodeModule*> modules_without_symbols_; 177 178 // The modules that had corrupt symbols when the report was processed. 179 vector<const CodeModule*> modules_with_corrupt_symbols_; 180 181 // The exploitability rating as determined by the exploitability 182 // engine. When the exploitability engine is not enabled this 183 // defaults to EXPLOITABILITY_NONE. 184 ExploitabilityRating exploitability_; 185}; 186 187} // namespace google_breakpad 188 189#endif // GOOGLE_BREAKPAD_PROCESSOR_PROCESS_STATE_H__ 190