core

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2018 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const NT_FILE elf.NType = 0x46494c45 // "FILE".
View Source
const NT_X86_XSTATE elf.NType = 0x202 // Note type for notes containing X86 XSAVE area.

Variables

View Source
var ErrContinueCore = errors.New("can not continue execution of core process")
View Source
var ErrShortRead = errors.New("short read")
View Source
var ErrWriteCore = errors.New("can not to core process")

Functions

This section is empty.

Types

type Core

type Core struct {
	proc.MemoryReader
	Threads map[int]*Thread
	Pid     int
}

type ELFNotesHdr

type ELFNotesHdr struct {
	Namesz uint32
	Descsz uint32
	Type   uint32
}

ELF Notes header. Same size on 64 and 32-bit machines.

type LinuxCoreRegisters

type LinuxCoreRegisters struct {
	R15      uint64
	R14      uint64
	R13      uint64
	R12      uint64
	Rbp      uint64
	Rbx      uint64
	R11      uint64
	R10      uint64
	R9       uint64
	R8       uint64
	Rax      uint64
	Rcx      uint64
	Rdx      uint64
	Rsi      uint64
	Rdi      uint64
	Orig_rax uint64
	Rip      uint64
	Cs       uint64
	Eflags   uint64
	Rsp      uint64
	Ss       uint64
	Fs_base  uint64
	Gs_base  uint64
	Ds       uint64
	Es       uint64
	Fs       uint64
	Gs       uint64
}

Copied from golang.org/x/sys/unix.PtraceRegs since it's not available on all systems.

func (*LinuxCoreRegisters) BP

func (r *LinuxCoreRegisters) BP() uint64

func (*LinuxCoreRegisters) CX

func (r *LinuxCoreRegisters) CX() uint64

func (*LinuxCoreRegisters) GAddr

func (r *LinuxCoreRegisters) GAddr() (uint64, bool)

func (*LinuxCoreRegisters) Get

func (r *LinuxCoreRegisters) Get(n int) (uint64, error)

func (*LinuxCoreRegisters) PC

func (r *LinuxCoreRegisters) PC() uint64

func (*LinuxCoreRegisters) SP

func (r *LinuxCoreRegisters) SP() uint64

func (*LinuxCoreRegisters) TLS

func (r *LinuxCoreRegisters) TLS() uint64

type LinuxCoreTimeval

type LinuxCoreTimeval struct {
	Sec  int64
	Usec int64
}

Copied from golang.org/x/sys/unix.Timeval since it's not available on all systems.

type LinuxNTFile

type LinuxNTFile struct {
	LinuxNTFileHdr
	// contains filtered or unexported fields
}

type LinuxNTFileEntry

type LinuxNTFileEntry struct {
	Start   uint64
	End     uint64
	FileOfs uint64
}

type LinuxNTFileHdr

type LinuxNTFileHdr struct {
	Count    uint64
	PageSize uint64
}

type LinuxPrPsInfo

type LinuxPrPsInfo struct {
	State uint8
	Sname int8
	Zomb  uint8
	Nice  int8

	Flag                 uint64
	Uid, Gid             uint32
	Pid, Ppid, Pgrp, Sid int32
	Fname                [16]uint8
	Args                 [80]uint8
	// contains filtered or unexported fields
}

Various structures from the ELF spec and the Linux kernel. AMD64 specific primarily because of unix.PtraceRegs, but also because some of the fields are word sized. See http://lxr.free-electrons.com/source/include/uapi/linux/elfcore.h

type LinuxPrStatus

type LinuxPrStatus struct {
	Siginfo LinuxSiginfo
	Cursig  uint16

	Sigpend                      uint64
	Sighold                      uint64
	Pid, Ppid, Pgrp, Sid         int32
	Utime, Stime, CUtime, CStime LinuxCoreTimeval
	Reg                          LinuxCoreRegisters
	Fpvalid                      int32
	// contains filtered or unexported fields
}

type LinuxSiginfo

type LinuxSiginfo struct {
	Signo int32
	Code  int32
	Errno int32
}

type Note

type Note struct {
	Type elf.NType
	Name string
	Desc interface{} // Decoded Desc from the
}

Note is a note from the PT_NOTE prog. Relevant types: - NT_FILE: File mapping information, e.g. program text mappings. Desc is a LinuxNTFile. - NT_PRPSINFO: Information about a process, including PID and signal. Desc is a LinuxPrPsInfo. - NT_PRSTATUS: Information about a thread, including base registers, state, etc. Desc is a LinuxPrStatus. - NT_FPREGSET (Not implemented): x87 floating point registers. - NT_X86_XSTATE: Other registers, including AVX and such.

type OffsetReaderAt

type OffsetReaderAt struct {
	// contains filtered or unexported fields
}

OffsetReaderAt wraps a ReaderAt into a MemoryReader, subtracting a fixed offset from the address. This is useful to represent a mapping in an address space. For example, if program text is mapped in at 0x400000, an OffsetReaderAt with offset 0x400000 can be wrapped around file.Open(program) to return the results of a read in that part of the address space.

func (*OffsetReaderAt) ReadMemory

func (r *OffsetReaderAt) ReadMemory(buf []byte, addr uintptr) (n int, err error)

type Process

type Process struct {
	// contains filtered or unexported fields
}

func OpenCore

func OpenCore(corePath, exePath string) (*Process, error)

func (*Process) BinInfo

func (p *Process) BinInfo() *proc.BinaryInfo

func (*Process) Breakpoints

func (p *Process) Breakpoints() *proc.BreakpointMap

func (*Process) CheckAndClearManualStopRequest

func (p *Process) CheckAndClearManualStopRequest() bool

func (*Process) Checkpoint

func (p *Process) Checkpoint(string) (int, error)

func (*Process) Checkpoints

func (p *Process) Checkpoints() ([]proc.Checkpoint, error)

func (*Process) ClearBreakpoint

func (p *Process) ClearBreakpoint(addr uint64) (*proc.Breakpoint, error)

func (*Process) ClearCheckpoint

func (p *Process) ClearCheckpoint(int) error

func (*Process) ClearInternalBreakpoints

func (p *Process) ClearInternalBreakpoints() error

func (*Process) Common

func (p *Process) Common() *proc.CommonProcess

func (*Process) ContinueOnce

func (p *Process) ContinueOnce() (proc.Thread, error)

func (*Process) CurrentThread

func (p *Process) CurrentThread() proc.Thread

func (*Process) Detach

func (p *Process) Detach(bool) error

func (*Process) Direction

func (p *Process) Direction(proc.Direction) error

func (*Process) FindThread

func (p *Process) FindThread(threadID int) (proc.Thread, bool)

func (*Process) Pid

func (p *Process) Pid() int

func (*Process) Recorded

func (p *Process) Recorded() (bool, string)

func (*Process) RequestManualStop

func (p *Process) RequestManualStop() error

func (*Process) Restart

func (p *Process) Restart(string) error

func (*Process) ResumeNotify

func (p *Process) ResumeNotify(chan<- struct{})

func (*Process) SelectedGoroutine

func (p *Process) SelectedGoroutine() *proc.G

func (*Process) SetBreakpoint

func (p *Process) SetBreakpoint(addr uint64, kind proc.BreakpointKind, cond ast.Expr) (*proc.Breakpoint, error)

func (*Process) StepInstruction

func (p *Process) StepInstruction() error

func (*Process) SwitchGoroutine

func (p *Process) SwitchGoroutine(gid int) error

func (*Process) SwitchThread

func (p *Process) SwitchThread(tid int) error

func (*Process) ThreadList

func (p *Process) ThreadList() []proc.Thread

func (*Process) Valid

func (p *Process) Valid() (bool, error)

func (*Process) When

func (p *Process) When() (string, error)

type Registers

type Registers struct {
	*LinuxCoreRegisters
	// contains filtered or unexported fields
}

func (*Registers) Save

func (r *Registers) Save() proc.SavedRegisters

func (*Registers) Slice

func (r *Registers) Slice() []proc.Register

type SplicedMemory

type SplicedMemory struct {
	// contains filtered or unexported fields
}

A SplicedMemory represents a memory space formed from multiple regions, each of which may override previously regions. For example, in the following core, the program text was loaded at 0x400000: Start End Page Offset 0x0000000000400000 0x000000000044f000 0x0000000000000000 but then it's partially overwritten with an RW mapping whose data is stored in the core file: Type Offset VirtAddr PhysAddr

FileSiz            MemSiz              Flags  Align

LOAD 0x0000000000004000 0x000000000049a000 0x0000000000000000

0x0000000000002000 0x0000000000002000  RW     1000

This can be represented in a SplicedMemory by adding the original region, then putting the RW mapping on top of it.

func (*SplicedMemory) Add

func (r *SplicedMemory) Add(reader proc.MemoryReader, off, length uintptr)

Add adds a new region to the SplicedMemory, which may override existing regions.

func (*SplicedMemory) ReadMemory

func (r *SplicedMemory) ReadMemory(buf []byte, addr uintptr) (n int, err error)

ReadMemory implements MemoryReader.ReadMemory.

type Thread

type Thread struct {
	// contains filtered or unexported fields
}

func (*Thread) Arch

func (t *Thread) Arch() proc.Arch

func (*Thread) BinInfo

func (t *Thread) BinInfo() *proc.BinaryInfo

func (*Thread) Blocked

func (t *Thread) Blocked() bool

func (*Thread) Breakpoint

func (t *Thread) Breakpoint() proc.BreakpointState

func (*Thread) Common

func (t *Thread) Common() *proc.CommonThread

func (*Thread) Location

func (t *Thread) Location() (*proc.Location, error)

func (*Thread) ReadMemory

func (thread *Thread) ReadMemory(data []byte, addr uintptr) (n int, err error)

func (*Thread) Registers

func (t *Thread) Registers(floatingPoint bool) (proc.Registers, error)

func (*Thread) RestoreRegisters

func (t *Thread) RestoreRegisters(proc.SavedRegisters) error

func (*Thread) SetCurrentBreakpoint

func (t *Thread) SetCurrentBreakpoint() error

func (*Thread) SetDX

func (t *Thread) SetDX(uint64) error

func (*Thread) SetPC

func (t *Thread) SetPC(uint64) error

func (*Thread) SetSP

func (t *Thread) SetSP(uint64) error

func (*Thread) StepInstruction

func (t *Thread) StepInstruction() error

func (*Thread) ThreadID

func (t *Thread) ThreadID() int

func (*Thread) WriteMemory

func (thread *Thread) WriteMemory(addr uintptr, data []byte) (int, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL