-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathfenris.h
145 lines (116 loc) · 6.3 KB
/
fenris.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/*
fenris - program execution path analysis tool
---------------------------------------------
Copyright (C) 2001, 2002 by Bindview Corporation Portions copyright (C)
2001, 2002 by their respective contributors Developed and maintained by
Michal Zalewski <[email protected]>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef _HAVE_FENRIS_H
#define _HAVE_FENRIS_H
#include "config.h"
struct fenris_mem {
unsigned int addr, // Start addr of memory block (0 -
// unused)
len; // End addr of memory block
int owner; // Owner ID (fnaddr[] offset), 0 -
// main
char auth; // size is authoritative?
char *descr; // Human-readable description
char *lasti; // Last input
};
struct fenris_fd {
unsigned char special; // socket or such?
char *descr; // who opened and when?
char *name; // filename?
unsigned short p; // port?
};
struct fenris_map {
char *name; // mapped filename
char *descr; // map description (fd + creator)
unsigned int addr; // start address
unsigned int len; // map length
char *lasti; // Last input
};
struct fenris_process {
int pid, // process id
nest; // call nesting level
// FIXME:NIX removed unsigned'ness from register vars
struct signed_user_regs_struct pr; // saved regs (syscall)
unsigned char atret, // atret counter for prolog detection
intercept, // delayed display_libcall() counter
getname, // look for library function names
anything, // did anything happen?
Owarn, // optimization warning displayed?
checkc2, // check for a result of c2 ret
checka3, // check for a result of ff a3 jmp
doret, // display \n on task exit
jmplibc, // jmp into plt?
donottouch, // pause PLT lookup detection
is_static; // is it static?
unsigned int cycles, // statistics: cpu cycles
fncalls, // statistics: local calls
bopt, gopt, // statistics: good and bad pcnts
libcalls, // statistics: libc calls
syscalls, // statistics: syscalls
ncalls, // normal calls, prolog detector check
syscall, // waiting for given syscall to ret?
lentry, // where did we enter PLT?
curpcnt, // current parameter count (call)
memtop, // mem[] top pointer
idtop, // fnaddr[] top pointer
fdtop, // fd[] top pointer
mtop; // map[] top pointer
unsigned char retpar; // return clock
unsigned char isfnct[MAXNEST]; // Is a local function?
struct fenris_mem (*mem)[]; // memory region tracing dbase
struct fenris_fd (*fd)[]; // file descriptor tracing dbase
struct fenris_map (*map)[]; // linking map dbase
unsigned int (*fnaddr)[]; // unique local functions list
bfd *b; // BFD handle
asymbol **syms; // BFD symtab
unsigned int symcnt; // symtab count
unsigned char symfail; // symbol table load failed?
unsigned int fntop, // top of function stacks
fnid[MAXNEST], // function ID stack
fnrip[MAXNEST], // function call rip
frstart[MAXNEST], // function frame start stack
frend[MAXNEST]; // function frame end stack
unsigned char *wlog[MAXNEST]; // function writelog stack
char pstack[MAXNEST][MFNN]; // parameter count stacks
int pst_top[MAXNEST]; // parameter count stack tops
unsigned int lcpar[MAXPARS]; // libcall parameters
unsigned char lcname[MAXNAME]; // libcall name
unsigned int lcpcnt; // old pcount
unsigned int sh[MAXSIG]; // signal handlers
char shret[MAXSIG]; // signal handler with leading ret?
char justcalled; // just called a local fn?
unsigned int signals; // top signal?
char syscalldone; // returning from sighandler?
};
#define debug(x...) do { snprintf(verybigbuf,sizeof(verybigbuf)-1,x); fprintf(ostream,"%s",verybigbuf); if (T_dostep) break_append(verybigbuf); } while (0)
#define AS_UINT(x) (*((unsigned int*)&(x)))
#define AS_USHORT(x) (*((unsigned short int*)&(x)))
#define AS_SSHORT(x) (*((signed short int*)&(x)))
#define PRETTYSMALL -1234567890
#define F_CARRY 1
#define F_PARITY (1<<2)
#define F_AUX (1<<4)
#define F_ZERO (1<<6)
#define F_SIGN (1<<7)
#define F_OVER (1<<11)
#define FSET(f) ((r.eflags & (f)) == (f))
// This most likely shouldn't be hardcoded, but well. Should be
// good for now.
#define INLIBC(f) ((((f) >> 24) >= LIBCSEG) && (((f) >> 24) <= (LIBCSEG+5)))
#endif /* not _HAVE_FENRIS_H */