Merge branch 'master' into procmon-upgrades

jtpereyda · Apr 30, 2017 · 37ea667 · 37ea667
2 parents 234c291 + 6dfa4ba
commit 37ea667
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 5 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -3,13 +3,14 @@ Next
 Features
 --------
 -  Console output - now with colors!
+-  process_monitor_unix.py: added option to move coredumps for later analysis
 -  The process monitor (procmon) now tracks processes by PID rather than searching by name. Therefore, stop_commands
    and proc_name are no longer required.
--  Added `--help` parameter to process monitor.
 -  SIGINT (AKA Ctrl+C) now works to close both boofuzz and process_monitor.py (usually).
 -  Made Unix procmon more compatible with Windows.
 -  Improved procmon debugger error handling, e.g., when running 64-bit apps.
 -  Windows procmon now runs even if pydbg fails.
+-  Added `--help` parameter to process monitor.
 -  Target class now takes `procmon` and `procmon_options` in constructor.
 
 Fixes

diff --git a/process_monitor_unix.py b/process_monitor_unix.py
@@ -42,7 +42,9 @@
 USAGE = "USAGE: process_monitor_unix.py"\
         "\n    -c|--crash_bin             File to record crash info too" \
         "\n    [-P|--port PORT]             TCP port to bind this agent too"\
-        "\n    [-l|--log_level LEVEL]       log level (default 1), increase for more verbosity"
+        "\n    [-l|--log_level LEVEL]       log level (default 1), increase for more verbosity"\
+        "\n    [-d|--coredump_dir dir]      directory where coredumps are moved to "\
+        "\n                                 (you may need to adjust ulimits to create coredumps)"
 
 ERR   = lambda msg: sys.stderr.write("ERR> " + msg + "\n") or sys.exit(1)
 
@@ -95,7 +97,7 @@ def is_alive(self):
 
 
 class NIXProcessMonitorPedrpcServer(pedrpc.Server):
-    def __init__(self, host, port, cbin, level=1):
+    def __init__(self, host, port, cbin, coredump_dir, level=1):
         """
         @type host: str
         @param host: Hostname or IP address
@@ -114,6 +116,7 @@ def __init__(self, host, port, cbin, level=1):
         self.start_commands = []
         self.stop_commands  = []
         self.proc_name      = None
+        self.coredump_dir   = coredump_dir
         self.log("Process Monitor PED-RPC server initialized:")
         self.log("Listening on %s:%s" % (host, port))
         self.log("awaiting requests...")
@@ -167,8 +170,27 @@ def post_send(self):
             rec_file.write(self.last_synopsis)
             rec_file.close()
 
+            if self.coredump_dir is not None:
+                dest = os.path.join(self.coredump_dir, str(self.test_number))
+                src = self._get_coredump_path()
+
+                if src is not None:
+                    self.log("moving core dump %s -> %s" % (src, dest))
+                    os.rename(src, dest)
+
         return self.dbg.is_alive()
 
+    def _get_coredump_path(self):
+        """
+        This method returns the path to the coredump file if one was created
+        """
+        if sys.platform == 'linux' or sys.platform == 'linux2':
+            path = './core'
+            if os.path.isfile(path):
+                return path
+
+        return None
+
     def pre_send(self, test_number):
         """
         This routine is called before the fuzzer transmits a test case and ensure the debugger thread is operational.
@@ -190,6 +212,7 @@ def start_target(self):
         @returns True if successful. No failure detection yet.
         """
 
+
         self.log("starting target process")
 
         self.dbg = DebuggerThread(self.start_commands[0])
@@ -268,29 +291,36 @@ def get_crash_synopsis(self):
     # parse command line options.
     opts = None
     try:
-        opts, args = getopt.getopt(sys.argv[1:], "c:P:l:", ["crash_bin=", "port=", "log_level="])
+        opts, args = getopt.getopt(sys.argv[1:], "c:P:l:d:", ["crash_bin=", "port=", "log_level=", "coredump_dir="])
     except getopt.GetoptError:
         ERR(USAGE)
 
     log_level = 1
     PORT = None
     crash_bin = None
+    coredump_dir = None
     for opt, arg in opts:
         if opt in ("-c", "--crash_bin"):
             crash_bin  = arg
         if opt in ("-P", "--port"):
             PORT = int(arg)
         if opt in ("-l", "--log_level"):
             log_level  = int(arg)
+        if opt in ("-d", "--coredump_dir"):
+            coredump_dir = arg
 
     if not crash_bin:
         ERR(USAGE)
 
     if not PORT:
         PORT = 26002
 
+    if coredump_dir is not None and not os.path.isdir(coredump_dir):
+        ERR("coredump_dir must be an existing directory")
+
     # spawn the PED-RPC servlet.
 
-    servlet = NIXProcessMonitorPedrpcServer("0.0.0.0", PORT, crash_bin, log_level)
+    servlet = NIXProcessMonitorPedrpcServer("0.0.0.0", PORT, crash_bin, coredump_dir, log_level)
     servlet.serve_forever()
 
+