search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Time for a major overhaul of aesalon, again.
[aesalon.git] / src / monitor / ptrace / MallocObserver.cpp
blobbfe13f4b761ac6eacef9cea1a34846c9ce83d728
1 #include "MallocObserver.h"
2 #include "Initializer.h"
3 #include "platform/MemoryEvent.h"
4
5 namespace Aesalon {
6 namespace Monitor {
7 namespace PTrace {
8
9 bool MallocObserver::handle_breakpoint(Misc::SmartPointer<Breakpoint> breakpoint) {
10 Misc::SmartPointer<ELF::Symbol> malloc_symbol = Initializer::get_instance()->get_program_manager()->get_libc_parser()->get_symbol("malloc");
11 Misc::SmartPointer<Portal> portal = Initializer::get_instance()->get_program_manager()->get_ptrace_portal();
12
13 static Word last_size = 0;
14
15 if(malloc_symbol.is_valid() && breakpoint->get_address() != (malloc_symbol->get_address()
16 + Initializer::get_instance()->get_program_manager()->get_ptrace_portal()->get_libc_offset())) {
17
18 breakpoint_set_t::iterator i = breakpoints.find(breakpoint->get_id());
19 if(i == breakpoints.end()) return false;
20
21 std::cout << "Return value from malloc() is:" << std::hex << portal->get_register(ASM::Register::RAX) << std::endl;
22 breakpoint->set_valid(false);
23 Initializer::get_instance()->get_event_queue()->push_event(new Platform::MemoryBlockAllocEvent(portal->get_register(ASM::Register::RAX), last_size));
24
25 return true;
26 }
27 static int called_times = 0;
28 /* NOTE: malloc() calls malloc() for some reason, so skip it. */
29 /* TODO: figure out why this happens, and find a workaround. */
30 if(called_times++ % 2) return true;
31 std::cout << "MallocObserver::handle_breakpoint(): malloc breakpoint found . . ." << std::endl;
32 Word rbp = portal->get_register(ASM::Register::RBP);
33 std::cout << "\tRBP is: " << std::hex << rbp << std::endl;
34 Word return_address = portal->read_memory(rbp);
35 /* NOTE: rbp-40 is *AN EXTEREMELY BAD IDEA*! *don't* trust it . . . */
36 /* TODO: find where the return address is really being stored . . . */
37 return_address = portal->read_memory(rbp-40);
38 std::cout << "\tReturn address: " << return_address << std::endl;
39 breakpoints.insert(portal->place_breakpoint(return_address));
40 std::cout << "\tMemory block size will be " << portal->get_register(ASM::Register::RDI) << std::endl;
41 last_size = portal->get_register(ASM::Register::RDI);
42
43 return true;
44 }
45
46 } // namespace PTrace
47 } // namespace Monitor
48 } // namespace Aesalon
A program to collect, store, and visualize various data on a program in real-time.