1 #include "MallocObserver.h"
2 #include "Initializer.h"
3 #include "misc/BlockEvent.h"
4 #include "BreakpointReference.h"
10 void MallocObserver::handle_breakpoint(const BreakpointReference
&breakpoint
) {
11 std::cout
<< "MallocObserver::handle_breakpoint(): asked to handle breakpoint ID #" << breakpoint
->get_id() << std::endl
;
12 Misc::SmartPointer
<ELF::Symbol
> malloc_symbol
= Initializer::get_instance()->get_program_manager()->get_libc_parser()->get_symbol("malloc");
13 Misc::SmartPointer
<Portal
> portal
= Initializer::get_instance()->get_program_manager()->get_ptrace_portal();
15 static Word last_size
= 0;
17 if(breakpoint
->get_id() != Initializer::get_instance()->get_program_manager()->get_malloc_breakpoint_id()) {
18 std::cout
<< "* MallocObserver::handle_breakpoint(): return value from malloc() is 0x"
19 << std::hex
<< portal
->get_register(ASM::Register::RAX
) << std::endl
;
20 breakpoint
->remove_observer(this);
21 Initializer::get_instance()->get_event_queue()->push_event(
22 new Misc::BlockEvent(Misc::BlockEvent::ALLOC_EVENT
,
23 portal
->get_register(ASM::Register::RAX
), last_size
));
26 std::cout
<< "MallocObserver::handle_breakpoint(): malloc breakpoint found . . ." << std::endl
;
27 Word rsp
= portal
->get_register(ASM::Register::RSP
);
28 std::cout
<< "\tRBP is: " << std::hex
<< rsp
<< std::endl
;
29 Word return_address
= portal
->read_memory(rsp
);
30 /* NOTE: qword [rsp] is where the return address is stored in libc 2.10.2-5, but don't rely on it! */
31 return_address
= portal
->read_memory(rsp
);
32 std::cout
<< "\tReturn address: " << return_address
<< std::endl
;
33 portal
->place_breakpoint(return_address
, this);
34 std::cout
<< "\tMemory block size will be " << portal
->get_register(ASM::Register::RDI
) << std::endl
;
35 last_size
= portal
->get_register(ASM::Register::RDI
);
41 } // namespace Monitor
42 } // namespace Aesalon
