ROSE 0.11.145.287
Linux.h
1#ifndef ROSE_BinaryAnalysis_Debugger_Linux_H
2#define ROSE_BinaryAnalysis_Debugger_Linux_H
3#include <featureTests.h>
4#ifdef ROSE_ENABLE_DEBUGGER_LINUX
5#include <Rose/BinaryAnalysis/Debugger/Base.h>
6
7#include <Rose/BinaryAnalysis/AddressIntervalSet.h>
8#include <Rose/BinaryAnalysis/SystemCall.h>
9
10#include <Sawyer/Optional.h>
11#include <sys/ptrace.h>
12
13namespace Rose {
14namespace BinaryAnalysis {
15namespace Debugger {
16
18class Linux: public Base {
20 // Types
22public:
24 using Ptr = LinuxPtr;
25
27 enum class DetachMode {
28 KILL,
29 DETACH,
30 CONTINUE,
31 NOTHING
32 };
33
35 enum class Flag {
36 ATTACH = 0x00000001,
37 REDIRECT_INPUT = 0x00000002,
38 REDIRECT_OUTPUT = 0x00000004,
39 REDIRECT_ERROR = 0x00000008,
40 CLOSE_FILES = 0x00000010,
41 DEFAULT_FLAGS = 0x00000013
42 };
43
47 class Specimen {
48 BitFlags<Flag> flags_; // operational flags
49 unsigned long persona_; // personality(2) flags
50 Architecture::BaseConstPtr arch_; // optional architecture
51
52 // Members for running a program
53 boost::filesystem::path program_; // full path of executable program
54 std::vector<std::string> arguments_; // command-line arguments of executable program
55 boost::filesystem::path workingDirectory_; // name or working directory, or use CWD if empty
56 std::vector<boost::regex> clearEnvVars_; // clear environment variables matching these patterns
57 std::map<std::string, std::string> setEnvVars_; // environment variables to be set
58
59 // Members for attaching to a process
60 int pid_ = -1; // process ID (int instead of pid_t for portability)
61
62 public:
64 Specimen();
65
67 Specimen(int pid); // implicit
68
70 Specimen(const boost::filesystem::path&); // implicit
71
73 Specimen(const boost::filesystem::path &name, const std::vector<std::string> &args);
74
76 Specimen(const std::vector<std::string> &nameAndArgs); // implicit
77
78 public:
85 const boost::filesystem::path& program() const;
86 void program(const boost::filesystem::path&);
95 const std::vector<std::string>& arguments() const;
96 void arguments(const std::vector<std::string>&);
104 void eraseEnvironmentVariable(const std::string&);
105
111 void eraseMatchingEnvironmentVariables(const boost::regex&);
112
116 void eraseAllEnvironmentVariables();
117
123 void insertEnvironmentVariable(const std::string &name, const std::string &value);
124
132 boost::filesystem::path workingDirectory() const;
133 void workingDirectory(const boost::filesystem::path&);
141 const BitFlags<Flag>& flags() const;
142 BitFlags<Flag>& flags();
152 unsigned long persona() const;
153 void persona(unsigned long bits);
161 Architecture::BaseConstPtr architecture() const;
162 void architecture(const Architecture::BaseConstPtr&);
173 bool randomizedAddresses() const;
174 void randomizedAddresses(bool);
183 int process() const;
184 void process(int pid);
188 void print(std::ostream &out) const;
189
190 // Used internally.
191 char** prepareEnvAdjustments() const;
192 };
193
195 // Private types
197private:
198 using UserRegDefs = Sawyer::Container::Map<RegisterDescriptor, size_t>;
199
200 // What type of register values are cached?
201 enum class RegCacheType { NONE, REGS, FPREGS };
202
203 // Low-level collection of register values.
204 using RegPage = std::array<uint8_t, 512>;
205
206 // Low-level structure containing values for all registers.
207 struct AllRegValues {
208 RegPage regs; // integer registers
209 RegPage fpregs; // floating-point registers
210 };
211
212
214 // Data members
216private:
217 Specimen specimen_; // description of specimen being debugged
218 int child_ = 0; // process being debugged (int, not pid_t, for Windows portability)
219 DetachMode autoDetach_ = DetachMode::KILL; // how to detach from the subordinate when deleting this debugger
220 int wstat_ = -1; // last status from waitpid
221 AddressIntervalSet breakPoints_; // list of break point addresses
222 int sendSignal_ = 0; // pending signal
223 UserRegDefs userRegDefs_; // how registers map to user_regs_struct in <sys/user.h>
224 UserRegDefs userFpRegDefs_; // how registers map to user_fpregs_struct in <sys/user.h>
225 size_t kernelWordSize_ = 0; // cached width in bits of kernel's words
226 RegPage regCache_; // latest register information read from subordinate
227 RegCacheType regCacheType_ = RegCacheType::NONE; // what are the contents of regsPage_?
228 Sawyer::Optional<Address> syscallVa_; // address of some executable system call instruction.
229 SystemCall syscallDecls_; // to get declarations for system calls
230
232 // Initialization and destruction.
234public:
238 static Ptr instance();
239
241 static Ptr instance(const Specimen &specimen, Sawyer::Optional<DetachMode> onDelete = Sawyer::Nothing());
242
243 Linux();
244 ~Linux();
245
247 // Attaching and detaching
249public:
257 void attach(const Specimen&, Sawyer::Optional<DetachMode> onDelete = Sawyer::Nothing());
258
260 Sawyer::Optional<int> processId() const;
261
267 DetachMode detachMode() const;
268 void detachMode(DetachMode);
274 size_t kernelWordSize();
275
277 int waitpidStatus() const;
278
280 // Running
282public:
284 void stepIntoSystemCall(ThreadId);
285
290 void runToSystemCall(ThreadId);
291
296 int pendingSignal() const;
297
299 // System calls
301public:
305 int64_t remoteSystemCall(ThreadId, int syscallNumber);
306 int64_t remoteSystemCall(ThreadId, int syscallNumber,
307 uint64_t arg1);
308 int64_t remoteSystemCall(ThreadId, int syscallNumber,
309 uint64_t arg1, uint64_t arg2);
310 int64_t remoteSystemCall(ThreadId, int syscallNumber,
311 uint64_t arg1, uint64_t arg2, uint64_t arg3);
312 int64_t remoteSystemCall(ThreadId, int syscallNumber,
313 uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4);
314 int64_t remoteSystemCall(ThreadId, int syscallNumber,
315 uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5);
316 int64_t remoteSystemCall(ThreadId, int syscallNumber,
317 uint64_t arg1, uint64_t arg2, uint64_t arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6);
318 int64_t remoteSystemCall(ThreadId, int syscallNumber, std::vector<uint64_t> args);
325 int remoteOpenFile(ThreadId, const boost::filesystem::path &fileName, unsigned flags, mode_t mode);
326
328 int remoteCloseFile(ThreadId, unsigned remoteFd);
329
333 Address remoteMmap(ThreadId, Address va, size_t nBytes, unsigned prot, unsigned flags, const boost::filesystem::path&,
334 off_t offset);
335
337 // Overrides for methods declared and documented in the super class.
339public:
340 virtual bool isAttached() override;
341 virtual void detach() override;
342 virtual void terminate() override;
343 virtual std::vector<ThreadId> threadIds() override;
344 virtual void executionAddress(ThreadId, Address) override;
345 virtual Address executionAddress(ThreadId) override;
346 virtual void setBreakPoint(const AddressInterval&) override;
347 virtual void setBreakPoints(const AddressIntervalSet&) override;
348 virtual AddressIntervalSet breakPoints() override;
349 virtual void clearBreakPoint(const AddressInterval&) override;
350 virtual void clearBreakPoints() override;
351 virtual void singleStep(ThreadId) override;
352 virtual void runToBreakPoint(ThreadId) override;
353 virtual Sawyer::Container::BitVector readRegister(ThreadId, RegisterDescriptor) override;
354 virtual void writeRegister(ThreadId, RegisterDescriptor, const Sawyer::Container::BitVector&) override;
355 virtual void writeRegister(ThreadId, RegisterDescriptor, uint64_t value) override;
356 virtual size_t readMemory(Address va, size_t nBytes, uint8_t *buffer) override;
357 virtual std::vector<uint8_t> readMemory(Address va, size_t nBytes) override;
358 virtual Sawyer::Container::BitVector readMemory(Address va, size_t nBytes, ByteOrder::Endianness order) override;
359 virtual size_t writeMemory(Address va, size_t nBytes, const uint8_t *bytes) override;
360 virtual bool isTerminated() override;
361 virtual std::string howTerminated() override;
362 virtual std::vector<RegisterDescriptor> availableRegisters() override;
363 virtual Sawyer::Container::BitVector readAllRegisters(ThreadId) override;
364 virtual void writeAllRegisters(ThreadId, const Sawyer::Container::BitVector&) override;
365
366private:
367 // Initialize after construction
368 void init();
369
370 // Wait for subordinate or throw on error
371 void waitForChild();
372
373 // Open /dev/null with the specified flags as the indicated file descriptor, closing what was previously on that
374 // descriptor. If an error occurs, the targetFd is closed anyway.
375 void devNullTo(int targetFd, int openFlags);
376
377 // Get/set personality in a portable way
378 static unsigned long getPersonality();
379 static void setPersonality(unsigned long);
380
381 // Address of a system call instruction. The initial search can be expensive, so the result is cached.
382 Sawyer::Optional<Address> findSystemCall();
383
384 // Low-level methods to read and write data for all known registers.
385 AllRegValues loadAllRegisters(ThreadId);
386 void saveAllRegisters(ThreadId, const AllRegValues&);
387
388 // Update the register cache to contain the specified register. Return the offset to the start of the register
389 // inside the register cache.
390 size_t updateRegCache(RegisterDescriptor);
391
392 // Send a ptrace command
393 long sendCommand(__ptrace_request, void *addr = nullptr, void *data = nullptr);
394 long sendCommandInt(__ptrace_request, void *addr, int i);
395
396 // Load system call declarations from the appropriate header file
397 void declareSystemCalls();
398
399 // Return the known specimen architecture from the `specimenArchitecture` property, or guess something. Returns null if a guess
400 // isn't even possible.
401 Architecture::BaseConstPtr guessSpecimenArchitecture() const;
402};
403
404std::ostream& operator<<(std::ostream&, const Linux::Specimen&);
405
406} // namespace
407} // namespace
408} // namespace
409
410#endif
411#endif
Sawyer::Container::Map
Container associating values with keys.
Definition Sawyer/Map.h:72
Sawyer::Nothing
Represents no value.
Definition Optional.h:36
Sawyer::Optional
Holds a value or nothing.
Definition Optional.h:56
Rose::BinaryAnalysis::SymbolicExpression::TypeStyle::Flag
Flag
Flag to pass as type stringification style.
Definition SymbolicExpression.h:63
Rose::BinaryAnalysis::SymbolicExpression::Ptr
Sawyer::SharedPointer< Node > Ptr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:114
Rose::BinaryAnalysis::SymbolicExpression::CONTINUE
@ CONTINUE
Continue the traversal as normal.
Definition SymbolicExpression.h:188
Rose::BinaryAnalysis::Variables::print
void print(const GlobalVariables &, const Partitioner2::PartitionerConstPtr &, std::ostream &out, const std::string &prefix="")
Print info about multiple global variables.
Rose::BinaryAnalysis::AddressIntervalSet
Sawyer::Container::IntervalSet< AddressInterval > AddressIntervalSet
A set of virtual addresses.
Definition AddressIntervalSet.h:13
Rose::BinaryAnalysis::Address
std::uint64_t Address
Address.
Definition Address.h:11
Rose
The ROSE library.
Definition BinaryTutorial.dox:3
stringify::Rose::BinaryAnalysis::Debugger::Linux::RegCacheType
const char * RegCacheType(int64_t)
Convert Rose::BinaryAnalysis::Debugger::Linux::RegCacheType enum constant to a string.
stringify::Rose::BinaryAnalysis::Debugger::Linux::DetachMode
const char * DetachMode(int64_t)
Convert Rose::BinaryAnalysis::Debugger::Linux::DetachMode enum constant to a string.
Generated on Mon Jun 30 2025 00:19:21 for ROSE by doxygen 1.9.8