LIEF: Library to Instrument Executable Formats Version 1.0.0
Loading...
Searching...
No Matches
CorePrStatus.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2026 R. Thomas
2 * Copyright 2017 - 2026 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_ELF_CORE_PRSTATUS_H
17#define LIEF_ELF_CORE_PRSTATUS_H
18
19#include <vector>
20#include <ostream>
21#include <utility>
22
23#include "LIEF/visibility.h"
24#include "LIEF/ELF/enums.hpp"
25#include "LIEF/ELF/Note.hpp"
26
27namespace LIEF {
28namespace ELF {
29
30class Parser;
31class Builder;
32class Binary;
33
35class LIEF_API CorePrStatus : public Note {
36 public:
37 struct siginfo_t {
38 int32_t signo = 0;
39 int32_t code = 0;
40 int32_t err = 0;
41 };
42
43 struct timeval_t {
44 uint64_t sec = 0;
45 uint64_t usec = 0;
46 };
47
53 struct pr_status_t {
54 siginfo_t info;
55
56 uint16_t cursig = 0;
57 uint16_t reserved = 0;
58
59 uint64_t sigpend = 0;
60 uint64_t sighold = 0;
61
62 int32_t pid = 0;
63 int32_t ppid = 0;
64 int32_t pgrp = 0;
65 int32_t sid = 0;
66
67 timeval_t utime;
68 timeval_t stime;
69 timeval_t cutime;
70 timeval_t cstime;
71 };
72
73 struct Registers {
75 enum class X86 {
76 EBX = 0,
77 ECX,
78 EDX,
79 ESI,
80 EDI,
81 EBP,
82 EAX,
83 DS,
84 ES,
85 FS,
86 GS,
87 ORIG_EAX,
88 EIP,
89 CS,
90 EFLAGS,
91 ESP,
92 SS,
93 _COUNT,
94 };
95
97 enum class X86_64 {
98 R15 = 0,
99 R14,
100 R13,
101 R12,
102 RBP,
103 RBX,
104 R11,
105 R10,
106 R9,
107 R8,
108 RAX,
109 RCX,
110 RDX,
111 RSI,
112 RDI,
113 ORIG_RAX,
114 RIP,
115 CS,
116 EFLAGS,
117 RSP,
118 SS,
119 FS_BASE,
120 GS_BASE,
121 DS,
122 ES,
123 _COUNT,
124 };
125
127 enum class ARM {
128 R0 = 0,
129 R1,
130 R2,
131 R3,
132 R4,
133 R5,
134 R6,
135 R7,
136 R8,
137 R9,
138 R10,
139 R11,
140 R12,
141 R13,
142 R14,
143 R15,
144 CPSR,
145 _COUNT,
146 };
147
149 enum class AARCH64 {
150 X0 = 0,
151 X1,
152 X2,
153 X3,
154 X4,
155 X5,
156 X6,
157 X7,
158 X8,
159 X9,
160 X10,
161 X11,
162 X12,
163 X13,
164 X14,
165 X15,
166 X16,
167 X17,
168 X18,
169 X19,
170 X20,
171 X21,
172 X22,
173 X23,
174 X24,
175 X25,
176 X26,
177 X27,
178 X28,
179 X29,
180 X30,
181 X31,
182 PC,
183 PSTATE,
184 _COUNT,
185 };
186 };
187
188 public:
189 CorePrStatus(ARCH arch, Header::CLASS cls, std::string name, uint32_t type,
190 description_t description) :
191 Note(std::move(name), TYPE::CORE_PRSTATUS, type, std::move(description), ""),
192 arch_(arch),
193 class_(cls) {}
194
195 std::unique_ptr<Note> clone() const override {
196 return std::unique_ptr<CorePrStatus>(new CorePrStatus(*this));
197 }
198
200 pr_status_t status() const;
201 void status(const pr_status_t& status);
202
203 ARCH architecture() const {
204 return arch_;
205 }
206
208 result<uint64_t> pc() const;
209
211 result<uint64_t> sp() const;
212
215 result<uint64_t> return_value() const;
216
218 result<uint64_t> get(Registers::X86 reg) const;
220 result<uint64_t> get(Registers::X86_64 reg) const;
222 result<uint64_t> get(Registers::ARM reg) const;
224 result<uint64_t> get(Registers::AARCH64 reg) const;
225
226 ok_error_t set(Registers::X86 reg, uint64_t value);
227 ok_error_t set(Registers::X86_64 reg, uint64_t value);
228 ok_error_t set(Registers::ARM reg, uint64_t value);
229 ok_error_t set(Registers::AARCH64 reg, uint64_t value);
230
243 std::vector<uint64_t> register_values() const;
244
245 result<uint64_t> operator[](Registers::X86 reg) const {
246 return get(reg);
247 }
248
249 result<uint64_t> operator[](Registers::X86_64 reg) const {
250 return get(reg);
251 }
252
253 result<uint64_t> operator[](Registers::ARM reg) const {
254 return get(reg);
255 }
256
257 result<uint64_t> operator[](Registers::AARCH64 reg) const {
258 return get(reg);
259 }
260
261 void dump(std::ostream& os) const override;
262 void accept(Visitor& visitor) const override;
263
264 static bool classof(const Note* note) {
265 return note->type() == Note::TYPE::CORE_PRSTATUS;
266 }
267
268 ~CorePrStatus() override = default;
269
270 LIEF_API friend std::ostream& operator<<(std::ostream& os,
271 const CorePrStatus& note) {
272 note.dump(os);
273 return os;
274 }
275
276 private:
277 ARCH arch_ = ARCH::NONE;
278 Header::CLASS class_ = Header::CLASS::NONE;
279};
280
281LIEF_API const char* to_string(CorePrStatus::Registers::X86 e);
282LIEF_API const char* to_string(CorePrStatus::Registers::X86_64 e);
283LIEF_API const char* to_string(CorePrStatus::Registers::ARM e);
284LIEF_API const char* to_string(CorePrStatus::Registers::AARCH64 e);
285
286} // namespace ELF
287} // namespace LIEF
288
289#endif
LIEF::ELF::Binary
Class which represents an ELF binary.
Definition ELF/Binary.hpp:59
LIEF::ELF::Builder
Class which takes an ELF::Binary object and reconstructs a valid binary.
Definition ELF/Builder.hpp:48
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::AARCH64 reg, uint64_t value)
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::X86 reg) const
Get the value for the given X86 register or return an error.
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::ARM reg) const
Definition CorePrStatus.hpp:253
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::X86 reg, uint64_t value)
LIEF::ELF::CorePrStatus::dump
void dump(std::ostream &os) const override
LIEF::ELF::CorePrStatus::status
pr_status_t status() const
Return the pr_status_t structure.
LIEF::ELF::CorePrStatus::status
void status(const pr_status_t &status)
LIEF::ELF::CorePrStatus::~CorePrStatus
~CorePrStatus() override=default
LIEF::ELF::CorePrStatus::operator<<
friend std::ostream & operator<<(std::ostream &os, const CorePrStatus &note)
Definition CorePrStatus.hpp:270
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::X86_64 reg, uint64_t value)
LIEF::ELF::CorePrStatus::set
ok_error_t set(Registers::ARM reg, uint64_t value)
LIEF::ELF::CorePrStatus::clone
std::unique_ptr< Note > clone() const override
Clone the current note and keep its polymorphic type.
Definition CorePrStatus.hpp:195
LIEF::ELF::CorePrStatus::accept
void accept(Visitor &visitor) const override
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::X86_64 reg) const
Get the value for the given X86_64 register or return an error.
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::AARCH64 reg) const
Get the value for the given AARCH64 register or return an error.
LIEF::ELF::CorePrStatus::classof
static bool classof(const Note *note)
Definition CorePrStatus.hpp:264
LIEF::ELF::CorePrStatus::CorePrStatus
CorePrStatus(ARCH arch, Header::CLASS cls, std::string name, uint32_t type, description_t description)
Definition CorePrStatus.hpp:189
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::X86 reg) const
Definition CorePrStatus.hpp:245
LIEF::ELF::CorePrStatus::get
result< uint64_t > get(Registers::ARM reg) const
Get the value for the given ARM register or return an error.
LIEF::ELF::CorePrStatus::register_values
std::vector< uint64_t > register_values() const
A list of the register values. This list is guarantee to be as long as the Registers::ARM::_COUNT or ...
LIEF::ELF::CorePrStatus::return_value
result< uint64_t > return_value() const
The value of the register that holds the return value according to the calling convention.
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::AARCH64 reg) const
Definition CorePrStatus.hpp:257
LIEF::ELF::CorePrStatus::operator[]
result< uint64_t > operator[](Registers::X86_64 reg) const
Definition CorePrStatus.hpp:249
LIEF::ELF::CorePrStatus::sp
result< uint64_t > sp() const
The stack pointer or an error if not found.
LIEF::ELF::CorePrStatus::pc
result< uint64_t > pc() const
The program counter or an error if not found.
LIEF::ELF::CorePrStatus::architecture
ARCH architecture() const
Definition CorePrStatus.hpp:203
LIEF::ELF::Header::CLASS
CLASS
Match the result of Elfxx_Ehdr.e_ident[EI_CLASS].
Definition ELF/Header.hpp:74
LIEF::ELF::Header::CLASS::NONE
@ NONE
Invalid class.
Definition ELF/Header.hpp:75
LIEF::ELF::Note::description_t
std::vector< uint8_t > description_t
Container used to handle the description data.
Definition Note.hpp:46
LIEF::ELF::Note::TYPE
TYPE
LIEF representation of the ELF NT_ values.
Definition Note.hpp:49
LIEF::ELF::Note::TYPE::CORE_PRSTATUS
@ CORE_PRSTATUS
Coredump that wraps the elf_prstatus structure.
Definition Note.hpp:72
LIEF::ELF::Note::type
TYPE type() const
Return the type of the note. This type does not match the NT_ type value. For accessing the original ...
Definition Note.hpp:196
LIEF::ELF::Note::name
const std::string & name() const
Return the name of the note (also known as 'owner' ).
Definition Note.hpp:185
LIEF::ELF::Note::Note
Note(const Note &copy)=default
LIEF::ELF::Note::description
span< const uint8_t > description() const
Return the description associated with the note.
Definition Note.hpp:207
LIEF::ELF::Parser
Class which parses and transforms an ELF file into a ELF::Binary object.
Definition ELF/Parser.hpp:45
LIEF::Visitor
Definition Visitor.hpp:212
LIEF::ok_error_t
Opaque structure that is used by LIEF to avoid writing result<void> f(...). Instead,...
Definition errors.hpp:117
LIEF::result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:77
LIEF::ELF
Namespace related to the LIEF's ELF module.
Definition Abstract/Header.hpp:28
LIEF::ELF::to_string
const char * to_string(DynamicEntry::TAG e)
LIEF::ELF::ARCH
ARCH
Definition ELF/enums.hpp:30
LIEF::ELF::ARCH::NONE
@ NONE
Definition ELF/enums.hpp:31
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:40
LIEF::ELF::CorePrStatus::Registers
Definition CorePrStatus.hpp:73
LIEF::ELF::CorePrStatus::Registers::ARM
ARM
Register for the ARM architecture (ARCH::ARM).
Definition CorePrStatus.hpp:127
LIEF::ELF::CorePrStatus::Registers::X86_64
X86_64
Register for the x86-64 architecture (ARCH::X86_64).
Definition CorePrStatus.hpp:97
LIEF::ELF::CorePrStatus::Registers::AARCH64
AARCH64
Register for the AARCH64 architecture (ARCH::AARCH64).
Definition CorePrStatus.hpp:149
LIEF::ELF::CorePrStatus::Registers::X86
X86
Register for the x86 architecture (ARCH::I386).
Definition CorePrStatus.hpp:75
LIEF::ELF::CorePrStatus::pr_status_t
Status information from a core dump.
Definition CorePrStatus.hpp:53
LIEF::ELF::CorePrStatus::pr_status_t::cursig
uint16_t cursig
Definition CorePrStatus.hpp:56
LIEF::ELF::CorePrStatus::pr_status_t::info
siginfo_t info
Definition CorePrStatus.hpp:54
LIEF::ELF::CorePrStatus::pr_status_t::cstime
timeval_t cstime
Definition CorePrStatus.hpp:70
LIEF::ELF::CorePrStatus::pr_status_t::ppid
int32_t ppid
Definition CorePrStatus.hpp:63
LIEF::ELF::CorePrStatus::pr_status_t::reserved
uint16_t reserved
Definition CorePrStatus.hpp:57
LIEF::ELF::CorePrStatus::pr_status_t::sighold
uint64_t sighold
Definition CorePrStatus.hpp:60
LIEF::ELF::CorePrStatus::pr_status_t::pid
int32_t pid
Definition CorePrStatus.hpp:62
LIEF::ELF::CorePrStatus::pr_status_t::stime
timeval_t stime
Definition CorePrStatus.hpp:68
LIEF::ELF::CorePrStatus::pr_status_t::sigpend
uint64_t sigpend
Definition CorePrStatus.hpp:59
LIEF::ELF::CorePrStatus::pr_status_t::sid
int32_t sid
Definition CorePrStatus.hpp:65
LIEF::ELF::CorePrStatus::pr_status_t::utime
timeval_t utime
Definition CorePrStatus.hpp:67
LIEF::ELF::CorePrStatus::pr_status_t::cutime
timeval_t cutime
Definition CorePrStatus.hpp:69
LIEF::ELF::CorePrStatus::pr_status_t::pgrp
int32_t pgrp
Definition CorePrStatus.hpp:64
LIEF::ELF::CorePrStatus::siginfo_t
Definition CorePrStatus.hpp:37
LIEF::ELF::CorePrStatus::siginfo_t::code
int32_t code
Definition CorePrStatus.hpp:39
LIEF::ELF::CorePrStatus::siginfo_t::signo
int32_t signo
Definition CorePrStatus.hpp:38
LIEF::ELF::CorePrStatus::siginfo_t::err
int32_t err
Definition CorePrStatus.hpp:40
LIEF::ELF::CorePrStatus::timeval_t
Definition CorePrStatus.hpp:43
LIEF::ELF::CorePrStatus::timeval_t::sec
uint64_t sec
Definition CorePrStatus.hpp:44
LIEF::ELF::CorePrStatus::timeval_t::usec
uint64_t usec
Definition CorePrStatus.hpp:45
LIEF_API
#define LIEF_API
Definition visibility.h:45
Generated by doxygen 1.17.0