2 #include "ReallocObserver.h"
3 #include "BreakpointReference.h"
4 #include "platform/BlockEvent.h"
5 #include "Initializer.h"
11 bool ReallocObserver::handle_breakpoint(const BreakpointReference
&breakpoint
) {
12 std::cout
<< "ReallocObserver::handle_breakpoint(): asked to handle breakpoint ID #" << breakpoint
->get_id() << std::endl
;
13 Misc::SmartPointer
<Portal
> portal
= Initializer::get_instance()->get_program_manager()->get_ptrace_portal();
15 static Word last_size
= 0;
16 static Word last_address
= 0;
18 if(breakpoint
->get_id() != Initializer::get_instance()->get_program_manager()->get_realloc_breakpoint_id()) {
19 std::cout
<< "* ReallocObserver::handle_breakpoint(): return value from realloc() is 0x"
20 << std::hex
<< portal
->get_register(ASM::Register::RAX
) << std::endl
;
21 breakpoint
->remove_observer(this);
22 Initializer::get_instance()->get_event_queue()->push_event(
23 new Platform::BlockEvent(Platform::BlockEvent::REALLOC_EVENT
,
24 last_address
, last_size
, portal
->get_register(ASM::Register::RAX
)));
27 std::cout
<< "ReallocObserver::handle_breakpoint(): realloc breakpoint found . . ." << std::endl
;
28 Word rsp
= portal
->get_register(ASM::Register::RSP
);
29 std::cout
<< "\tRBP is: " << std::hex
<< rsp
<< std::endl
;
30 Word return_address
= portal
->read_memory(rsp
);
31 /* NOTE: qword [rsp] is where the return address is stored in libc 2.10.2-5, but don't rely on it! */
32 return_address
= portal
->read_memory(rsp
);
33 std::cout
<< "\tReturn address: " << return_address
<< std::endl
;
34 portal
->place_breakpoint(return_address
, this);
35 std::cout
<< "\tMemory block size will be " << portal
->get_register(ASM::Register::RSI
) << std::endl
;
36 last_size
= portal
->get_register(ASM::Register::RSI
);
37 last_address
= portal
->get_register(ASM::Register::RDI
);
42 } // namespace Monitor
43 } // namespace Aesalon
