linutil

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2021 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

This package contains functions and data structures used by both the linux implementation of the native backend and the core backend to deal with structures used by the linux kernel.

Index

Constants

This section is empty.

Variables

View Source 
var ErrTooManyLibraries = errors.New("number of loaded libraries exceeds maximum")

Functions

func AMD64XstateRead 

func AMD64XstateRead(xstateargs []byte, readLegacy bool, regset *AMD64Xstate) error

LinuxX86XstateRead reads a byte array containing an XSAVE area into regset. If readLegacy is true regset.PtraceFpRegs will be filled with the contents of the legacy region of the XSAVE area. See Section 13.1 (and following) of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic Architecture.

func ElfUpdateSharedObjects 

func ElfUpdateSharedObjects(p proc.Process) error

ElfUpdateSharedObjects reads the list of dynamic libraries loaded by the dynamic linker from the .dynamic section and uses it to update p.BinInfo(). See the SysV ABI for a description of how the .dynamic section works: http://www.sco.com/developers/gabi/latest/contents.html

func EntryPointFromAuxv 

func EntryPointFromAuxv(auxv []byte, ptrSize int) uint64

EntryPointFromAuxv searches the elf auxiliary vector for the entry point address. For a description of the auxiliary vector (auxv) format see: System V Application Binary Interface, AMD64 Architecture Processor Supplement, section 3.4.3. System V Application Binary Interface, Intel386 Architecture Processor Supplement (fourth edition), section 3-28.

func I386XstateRead 

func I386XstateRead(xstateargs []byte, readLegacy bool, regset *I386Xstate) error

LinuxX86XstateRead reads a byte array containing an XSAVE area into regset. If readLegacy is true regset.PtraceFpRegs will be filled with the contents of the legacy region of the XSAVE area. See Section 13.1 (and following) of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic Architecture.

Types

type AMD64PtraceFpRegs 

type AMD64PtraceFpRegs struct {
	Cwd      uint16
	Swd      uint16
	Ftw      uint16
	Fop      uint16
	Rip      uint64
	Rdp      uint64
	Mxcsr    uint32
	MxcrMask uint32
	StSpace  [32]uint32
	XmmSpace [256]byte
	Padding  [24]uint32
}

AMD64PtraceFpRegs tracks user_fpregs_struct in /usr/include/x86_64-linux-gnu/sys/user.h

type AMD64PtraceRegs 

type AMD64PtraceRegs struct {
	R15      uint64
	R14      uint64
	R13      uint64
	R12      uint64
	Rbp      uint64
	Rbx      uint64
	R11      uint64
	R10      uint64
	R9       uint64
	R8       uint64
	Rax      uint64
	Rcx      uint64
	Rdx      uint64
	Rsi      uint64
	Rdi      uint64
	Orig_rax uint64
	Rip      uint64
	Cs       uint64
	Eflags   uint64
	Rsp      uint64
	Ss       uint64
	Fs_base  uint64
	Gs_base  uint64
	Ds       uint64
	Es       uint64
	Fs       uint64
	Gs       uint64
}

AMD64PtraceRegs is the struct used by the linux kernel to return the general purpose registers for AMD64 CPUs.

type AMD64Registers 

type AMD64Registers struct {
	Regs     *AMD64PtraceRegs
	Fpregs   []proc.Register
	Fpregset *AMD64Xstate
	// contains filtered or unexported fields
}

AMD64Registers implements the proc.Registers interface for the native/linux backend and core/linux backends, on AMD64.

func NewAMD64Registers 

func NewAMD64Registers(regs *AMD64PtraceRegs, loadFpRegs func(*AMD64Registers) error) *AMD64Registers

func (*AMD64Registers) BP 

func (r *AMD64Registers) BP() uint64

func (*AMD64Registers) Copy 

func (r *AMD64Registers) Copy() (proc.Registers, error)

Copy returns a copy of these registers that is guarenteed not to change.

func (*AMD64Registers) GAddr 

func (r *AMD64Registers) GAddr() (uint64, bool)

GAddr returns the address of the G variable if it is known, 0 and false otherwise.

func (*AMD64Registers) Get 

func (r *AMD64Registers) Get(n int) (uint64, error)

Get returns the value of the n-th register (in x86asm order).

func (*AMD64Registers) PC 

func (r *AMD64Registers) PC() uint64

PC returns the value of RIP register.

func (*AMD64Registers) SP 

func (r *AMD64Registers) SP() uint64

SP returns the value of RSP register.

func (*AMD64Registers) Slice 

func (r *AMD64Registers) Slice(floatingPoint bool) ([]proc.Register, error)

Slice returns the registers as a list of (name, value) pairs.

func (*AMD64Registers) TLS 

func (r *AMD64Registers) TLS() uint64

TLS returns the address of the thread local storage memory segment.

type AMD64Xstate 

type AMD64Xstate struct {
	AMD64PtraceFpRegs
	Xsave    []byte // raw xsave area
	AvxState bool   // contains AVX state
	YmmSpace [256]byte
}

AMD64Xstate represents amd64 XSAVE area. See Section 13.1 (and following) of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic Architecture.

func (*AMD64Xstate) Decode 

func (xsave *AMD64Xstate) Decode() (regs []proc.Register)

Decode decodes an XSAVE area to a list of name/value pairs of registers.

type ARM64PtraceFpRegs 

type ARM64PtraceFpRegs struct {
	Vregs []byte
	Fpsr  uint32
	Fpcr  uint32
}

func (*ARM64PtraceFpRegs) Byte 

func (fpregs *ARM64PtraceFpRegs) Byte() []byte

func (*ARM64PtraceFpRegs) Decode 

func (fpregs *ARM64PtraceFpRegs) Decode() (regs []proc.Register)

type ARM64PtraceRegs 

type ARM64PtraceRegs struct {
	Regs   [31]uint64
	Sp     uint64
	Pc     uint64
	Pstate uint64
}

ARM64PtraceRegs is the struct used by the linux kernel to return the general purpose registers for ARM64 CPUs. copy from sys/unix/ztypes_linux_arm64.go:735

type ARM64Registers 

type ARM64Registers struct {
	Regs     *ARM64PtraceRegs //general-purpose registers
	Fpregs   []proc.Register  //Formatted floating point registers
	Fpregset []byte           //holding all floating point register values
	// contains filtered or unexported fields
}

Regs is a wrapper for sys.PtraceRegs.

func NewARM64Registers 

func NewARM64Registers(regs *ARM64PtraceRegs, loadFpRegs func(*ARM64Registers) error) *ARM64Registers

func (*ARM64Registers) BP 

func (r *ARM64Registers) BP() uint64

func (*ARM64Registers) Copy 

func (r *ARM64Registers) Copy() (proc.Registers, error)

Copy returns a copy of these registers that is guarenteed not to change.

func (*ARM64Registers) GAddr 

func (r *ARM64Registers) GAddr() (uint64, bool)

GAddr returns the address of the G variable if it is known, 0 and false otherwise.

func (*ARM64Registers) Get 

func (r *ARM64Registers) Get(n int) (uint64, error)

Get returns the value of the n-th register (in arm64asm order).

func (*ARM64Registers) PC 

func (r *ARM64Registers) PC() uint64

PC returns the value of RIP register.

func (*ARM64Registers) SP 

func (r *ARM64Registers) SP() uint64

SP returns the value of RSP register.

func (*ARM64Registers) Slice 

func (r *ARM64Registers) Slice(floatingPoint bool) ([]proc.Register, error)

Slice returns the registers as a list of (name, value) pairs.

func (*ARM64Registers) TLS 

func (r *ARM64Registers) TLS() uint64

TLS returns the address of the thread local storage memory segment.

type I386PtraceFpRegs 

type I386PtraceFpRegs struct {
	Cwd      uint16
	Swd      uint16
	Ftw      uint16
	Fop      uint16
	Rip      uint64
	Rdp      uint64
	Mxcsr    uint32
	MxcrMask uint32
	StSpace  [32]uint32
	XmmSpace [256]byte
	Padding  [24]uint32
}

I386PtraceFpRegs tracks user_fpregs_struct in /usr/include/x86_64-linux-gnu/sys/user.h

type I386PtraceRegs 

type I386PtraceRegs struct {
	Ebx      int32
	Ecx      int32
	Edx      int32
	Esi      int32
	Edi      int32
	Ebp      int32
	Eax      int32
	Xds      int32
	Xes      int32
	Xfs      int32
	Xgs      int32
	Orig_eax int32
	Eip      int32
	Xcs      int32
	Eflags   int32
	Esp      int32
	Xss      int32
}

I386PtraceRegs is the struct used by the linux kernel to return the general purpose registers for I386 CPUs.

type I386Registers 

type I386Registers struct {
	Regs     *I386PtraceRegs
	Fpregs   []proc.Register
	Fpregset *I386Xstate
	Tls      uint64
	// contains filtered or unexported fields
}

I386Registers implements the proc.Registers interface for the native/linux backend and core/linux backends, on I386.

func NewI386Registers 

func NewI386Registers(regs *I386PtraceRegs, loadFpRegs func(*I386Registers) error) *I386Registers

func (*I386Registers) BP 

func (r *I386Registers) BP() uint64

func (*I386Registers) CX 

func (r *I386Registers) CX() uint64

CX returns the value of ECX register.

func (*I386Registers) Copy 

func (r *I386Registers) Copy() (proc.Registers, error)

Copy returns a copy of these registers that is guarenteed not to change.

func (*I386Registers) GAddr 

func (r *I386Registers) GAddr() (uint64, bool)

GAddr returns the address of the G variable if it is known, 0 and false otherwise.

func (*I386Registers) Get 

func (r *I386Registers) Get(n int) (uint64, error)

Get returns the value of the n-th register (in x86asm order).

func (*I386Registers) PC 

func (r *I386Registers) PC() uint64

PC returns the value of EIP register.

func (*I386Registers) SP 

func (r *I386Registers) SP() uint64

SP returns the value of ESP register.

func (*I386Registers) Slice 

func (r *I386Registers) Slice(floatingPoint bool) ([]proc.Register, error)

Slice returns the registers as a list of (name, value) pairs.

func (I386Registers) TLS 

func (r I386Registers) TLS() uint64

TLS returns the address of the thread local storage memory segment.

type I386Xstate 

type I386Xstate struct {
	I386PtraceFpRegs
	Xsave    []byte // raw xsave area
	AvxState bool   // contains AVX state
	YmmSpace [256]byte
}

I386Xstate represents amd64 XSAVE area. See Section 13.1 (and following) of Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1: Basic Architecture.

func (*I386Xstate) Decode 

func (xsave *I386Xstate) Decode() (regs []proc.Register)

Decode decodes an XSAVE area to a list of name/value pairs of registers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.