LIEF: Library to Instrument Executable Formats Version 1.0.0
Loading...
Searching...
No Matches
CorePrStatus.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2026 R. Thomas
2 * Copyright 2017 - 2026 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_ELF_CORE_PRSTATUS_H
17#define LIEF_ELF_CORE_PRSTATUS_H
18
19#include <vector>
20#include <ostream>
21#include <utility>
22
23#include "LIEF/visibility.h"
24#include "LIEF/ELF/enums.hpp"
25#include "LIEF/ELF/Note.hpp"
26
27namespace LIEF {
28namespace ELF {
29
30class Parser;
31class Builder;
32class Binary;
33
35class LIEF_API CorePrStatus : public Note {
36 public:
37 struct siginfo_t {
38 int32_t signo = 0;
39 int32_t code = 0;
40 int32_t err = 0;
41 };
42
43 struct timeval_t {
44 uint64_t sec = 0;
45 uint64_t usec = 0;
46 };
47
48 struct pr_status_t {
49 siginfo_t info;
50
51 uint16_t cursig = 0;
52 uint16_t reserved = 0;
53
54 uint64_t sigpend = 0;
55 uint64_t sighold = 0;
56
57 int32_t pid = 0;
58 int32_t ppid = 0;
59 int32_t pgrp = 0;
60 int32_t sid = 0;
61
62 timeval_t utime;
63 timeval_t stime;
64 timeval_t cutime;
65 timeval_t cstime;
66 };
67
68 struct Registers {
70 enum class X86 {
71 EBX = 0,
72 ECX,
73 EDX,
74 ESI,
75 EDI,
76 EBP,
77 EAX,
78 DS,
79 ES,
80 FS,
81 GS,
82 ORIG_EAX,
83 EIP,
84 CS,
85 EFLAGS,
86 ESP,
87 SS,
88 _COUNT,
89 };
90
92 enum class X86_64 {
93 R15 = 0,
94 R14,
95 R13,
96 R12,
97 RBP,
98 RBX,
99 R11,
100 R10,
101 R9,
102 R8,
103 RAX,
104 RCX,
105 RDX,
106 RSI,
107 RDI,
108 ORIG_RAX,
109 RIP,
110 CS,
111 EFLAGS,
112 RSP,
113 SS,
114 FS_BASE,
115 GS_BASE,
116 DS,
117 ES,
118 _COUNT,
119 };
120
122 enum class ARM {
123 R0 = 0,
124 R1,
125 R2,
126 R3,
127 R4,
128 R5,
129 R6,
130 R7,
131 R8,
132 R9,
133 R10,
134 R11,
135 R12,
136 R13,
137 R14,
138 R15,
139 CPSR,
140 _COUNT,
141 };
142
144 enum class AARCH64 {
145 X0 = 0,
146 X1,
147 X2,
148 X3,
149 X4,
150 X5,
151 X6,
152 X7,
153 X8,
154 X9,
155 X10,
156 X11,
157 X12,
158 X13,
159 X14,
160 X15,
161 X16,
162 X17,
163 X18,
164 X19,
165 X20,
166 X21,
167 X22,
168 X23,
169 X24,
170 X25,
171 X26,
172 X27,
173 X28,
174 X29,
175 X30,
176 X31,
177 PC,
178 PSTATE,
179 _COUNT,
180 };
181 };
182
183 public:
184 CorePrStatus(ARCH arch, Header::CLASS cls, std::string name, uint32_t type,
185 description_t description) :
186 Note(std::move(name), TYPE::CORE_PRSTATUS, type, std::move(description), ""),
187 arch_(arch),
188 class_(cls) {}
189
190 std::unique_ptr<Note> clone() const override {
191 return std::unique_ptr<CorePrStatus>(new CorePrStatus(*this));
192 }
193
195 pr_status_t status() const;
196 void status(const pr_status_t& status);
197
198 ARCH architecture() const {
199 return arch_;
200 }
201
203 result<uint64_t> pc() const;
204
206 result<uint64_t> sp() const;
207
210 result<uint64_t> return_value() const;
211
213 result<uint64_t> get(Registers::X86 reg) const;
215 result<uint64_t> get(Registers::X86_64 reg) const;
217 result<uint64_t> get(Registers::ARM reg) const;
219 result<uint64_t> get(Registers::AARCH64 reg) const;
220
221 ok_error_t set(Registers::X86 reg, uint64_t value);
222 ok_error_t set(Registers::X86_64 reg, uint64_t value);
223 ok_error_t set(Registers::ARM reg, uint64_t value);
224 ok_error_t set(Registers::AARCH64 reg, uint64_t value);
225
238 std::vector<uint64_t> register_values() const;
239
240 result<uint64_t> operator[](Registers::X86 reg) const {
241 return get(reg);
242 }
243
244 result<uint64_t> operator[](Registers::X86_64 reg) const {
245 return get(reg);
246 }
247
248 result<uint64_t> operator[](Registers::ARM reg) const {
249 return get(reg);
250 }
251
252 result<uint64_t> operator[](Registers::AARCH64 reg) const {
253 return get(reg);
254 }
255
256 void dump(std::ostream& os) const override;
257 void accept(Visitor& visitor) const override;
258
259 static bool classof(const Note* note) {
260 return note->type() == Note::TYPE::CORE_PRSTATUS;
261 }
262
263 ~CorePrStatus() override = default;
264
265 LIEF_API friend std::ostream& operator<<(std::ostream& os,
266 const CorePrStatus& note) {
267 note.dump(os);
268 return os;
269 }
270
271 private:
272 ARCH arch_ = ARCH::NONE;
273 Header::CLASS class_ = Header::CLASS::NONE;
274};
275
276LIEF_API const char* to_string(CorePrStatus::Registers::X86 e);
277LIEF_API const char* to_string(CorePrStatus::Registers::X86_64 e);
278LIEF_API const char* to_string(CorePrStatus::Registers::ARM e);
279LIEF_API const char* to_string(CorePrStatus::Registers::AARCH64 e);
280
281} // namepsace ELF
282} // namespace LIEF
283
284#endif
LIEF::ELF::Binary
Class which represents an ELF binary.
Definition ELF/Binary.hpp:59
LIEF::ELF::Builder
Class which takes an ELF::Binary object and reconstructs a valid binary.
Definition ELF/Builder.hpp:48
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::AARCH64 reg, uint64_t value)
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::X86 reg) const
Get the value for the given X86 register or return an error.
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::ARM reg) const
Definition CorePrStatus.hpp:248
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::X86 reg, uint64_t value)
LIEF::ELF::CorePrStatus::dump
void dump(std::ostream &os) const override
LIEF::ELF::CorePrStatus::status
pr_status_t status() const
Return the pr_status_t structure.
LIEF::ELF::CorePrStatus::status
void status(const pr_status_t &status)
LIEF::ELF::CorePrStatus::~CorePrStatus
~CorePrStatus() override=default
LIEF::ELF::CorePrStatus::operator<<
friend std::ostream & operator<<(std::ostream &os, const CorePrStatus &note)
Definition CorePrStatus.hpp:265
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::X86_64 reg, uint64_t value)
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::ARM reg, uint64_t value)
LIEF::ELF::CorePrStatus::clone
std::unique_ptr< Note > clone() const override
Clone the current note and keep its polymorphic type.
Definition CorePrStatus.hpp:190
LIEF::ELF::CorePrStatus::accept
void accept(Visitor &visitor) const override
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::X86_64 reg) const
Get the value for the given X86_64 register or return an error.
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::AARCH64 reg) const
Get the value for the given AARCH64 register or return an error.
LIEF::ELF::CorePrStatus::classof
static bool classof(const Note *note)
Definition CorePrStatus.hpp:259
LIEF::ELF::CorePrStatus::CorePrStatus
CorePrStatus(ARCH arch, Header::CLASS cls, std::string name, uint32_t type, description_t description)
Definition CorePrStatus.hpp:184
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::X86 reg) const
Definition CorePrStatus.hpp:240
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::ARM reg) const
Get the value for the given ARM register or return an error.
LIEF::ELF::CorePrStatus::register_values
std::vector< uint64_t > register_values() const
A list of the register values. This list is guarantee to be as long as the Registers::ARM::_COUNT or ...
LIEF::ELF::CorePrStatus::return_value
result< uint64_t > return_value() const
The value of the register that holds the return value according to the calling convention.
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::AARCH64 reg) const
Definition CorePrStatus.hpp:252
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::X86_64 reg) const
Definition CorePrStatus.hpp:244
LIEF::ELF::CorePrStatus::sp
result< uint64_t > sp() const
The stack pointer or an error if not found.
LIEF::ELF::CorePrStatus::pc
result< uint64_t > pc() const
The program counter or an error if not found.
LIEF::ELF::CorePrStatus::architecture
ARCH architecture() const
Definition CorePrStatus.hpp:198
LIEF::ELF::Header::CLASS
CLASS
Match the result of Elfxx_Ehdr.e_ident[EI_CLASS].
Definition ELF/Header.hpp:74
LIEF::ELF::Header::CLASS::NONE
@ NONE
Definition ELF/Header.hpp:75
LIEF::ELF::Note::description_t
std::vector< uint8_t > description_t
Container used to handle the description data.
Definition Note.hpp:46
LIEF::ELF::Note::TYPE
TYPE
LIEF representation of the ELF NT_ values.
Definition Note.hpp:49
LIEF::ELF::Note::TYPE::CORE_PRSTATUS
@ CORE_PRSTATUS
Coredump that wraps the elf_prstatus structure.
Definition Note.hpp:72
LIEF::ELF::Note::type
TYPE type() const
Return the type of the note. This type does not match the NT_ type value. For accessing the original ...
Definition Note.hpp:196
LIEF::ELF::Note::name
const std::string & name() const
Return the name of the note (also known as 'owner' ).
Definition Note.hpp:185
LIEF::ELF::Note::Note
Note(const Note &copy)=default
LIEF::ELF::Note::description
span< const uint8_t > description() const
Return the description associated with the note.
Definition Note.hpp:207
LIEF::ELF::Parser
Class which parses and transforms an ELF file into a ELF::Binary object.
Definition ELF/Parser.hpp:45
LIEF::Visitor
Definition Visitor.hpp:212
LIEF::ok_error_t
Opaque structure that is used by LIEF to avoid writing result<void> f(...). Instead,...
Definition errors.hpp:114
LIEF::result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:77
LIEF::ELF
Namespace related to the LIEF's ELF module.
Definition Abstract/Header.hpp:28
LIEF::ELF::to_string
const char * to_string(DynamicEntry::TAG e)
LIEF::ELF::ARCH
ARCH
Definition ELF/enums.hpp:30
LIEF::ELF::ARCH::NONE
@ NONE
Definition ELF/enums.hpp:31
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:40
std
Definition string.h:155
LIEF::ELF::CorePrStatus::Registers
Definition CorePrStatus.hpp:68
LIEF::ELF::CorePrStatus::Registers::ARM
ARM
Register for the ARM architecture (ARCH::ARM).
Definition CorePrStatus.hpp:122
LIEF::ELF::CorePrStatus::Registers::X86_64
X86_64
Register for the x86-64 architecture (ARCH::X86_64).
Definition CorePrStatus.hpp:92
LIEF::ELF::CorePrStatus::Registers::AARCH64
AARCH64
Register for the AARCH64 architecture (ARCH::AARCH64).
Definition CorePrStatus.hpp:144
LIEF::ELF::CorePrStatus::Registers::X86
X86
Register for the x86 architecture (ARCH::I386).
Definition CorePrStatus.hpp:70
LIEF::ELF::CorePrStatus::pr_status_t
Definition CorePrStatus.hpp:48
LIEF::ELF::CorePrStatus::pr_status_t::cursig
uint16_t cursig
Definition CorePrStatus.hpp:51
LIEF::ELF::CorePrStatus::pr_status_t::info
siginfo_t info
Definition CorePrStatus.hpp:49
LIEF::ELF::CorePrStatus::pr_status_t::cstime
timeval_t cstime
Definition CorePrStatus.hpp:65
LIEF::ELF::CorePrStatus::pr_status_t::ppid
int32_t ppid
Definition CorePrStatus.hpp:58
LIEF::ELF::CorePrStatus::pr_status_t::reserved
uint16_t reserved
Definition CorePrStatus.hpp:52
LIEF::ELF::CorePrStatus::pr_status_t::sighold
uint64_t sighold
Definition CorePrStatus.hpp:55
LIEF::ELF::CorePrStatus::pr_status_t::pid
int32_t pid
Definition CorePrStatus.hpp:57
LIEF::ELF::CorePrStatus::pr_status_t::stime
timeval_t stime
Definition CorePrStatus.hpp:63
LIEF::ELF::CorePrStatus::pr_status_t::sigpend
uint64_t sigpend
Definition CorePrStatus.hpp:54
LIEF::ELF::CorePrStatus::pr_status_t::sid
int32_t sid
Definition CorePrStatus.hpp:60
LIEF::ELF::CorePrStatus::pr_status_t::utime
timeval_t utime
Definition CorePrStatus.hpp:62
LIEF::ELF::CorePrStatus::pr_status_t::cutime
timeval_t cutime
Definition CorePrStatus.hpp:64
LIEF::ELF::CorePrStatus::pr_status_t::pgrp
int32_t pgrp
Definition CorePrStatus.hpp:59
LIEF::ELF::CorePrStatus::siginfo_t
Definition CorePrStatus.hpp:37
LIEF::ELF::CorePrStatus::siginfo_t::code
int32_t code
Definition CorePrStatus.hpp:39
LIEF::ELF::CorePrStatus::siginfo_t::signo
int32_t signo
Definition CorePrStatus.hpp:38
LIEF::ELF::CorePrStatus::siginfo_t::err
int32_t err
Definition CorePrStatus.hpp:40
LIEF::ELF::CorePrStatus::timeval_t
Definition CorePrStatus.hpp:43
LIEF::ELF::CorePrStatus::timeval_t::sec
uint64_t sec
Definition CorePrStatus.hpp:44
LIEF::ELF::CorePrStatus::timeval_t::usec
uint64_t usec
Definition CorePrStatus.hpp:45
LIEF_API
#define LIEF_API
Definition visibility.h:43
Generated by doxygen 1.17.0