Skip to content
Permalink
Browse files

Merge pull request #1181 from jonasbb/coredumpctl-support

Add support for coredumps which are stored using systemd-coredump
  • Loading branch information...
Arusekk committed Feb 22, 2019
2 parents f5062f7 + e625fc2 commit 224ddb411b8927533d7b3122a992e04f99a3508d
Showing with 58 additions and 16 deletions.
  1. +58 −16 pwnlib/elf/corefile.py
@@ -71,6 +71,7 @@
import os
import socket
import StringIO
import subprocess
import tempfile

import elftools
@@ -1314,12 +1315,42 @@ def apport_read_crash_data(self):

return data

def systemd_coredump_corefile(self):
"""Find the systemd-coredump crash for the process and dump it to a file.
Arguments:
process(process): Process object we're looking for.
Returns:
`str`: Filename of core file, if coredump was found.
"""
filename = "core.%s.%i.coredumpctl" % (self.basename, self.pid)
try:
subprocess.check_call(
[
"coredumpctl",
"dump",
"--output=%s" % filename,
# Filter coredump by pid and filename
str(self.pid),
self.basename,
],
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT,
shell=False,
)
return filename
except subprocess.CalledProcessError as e:
log.debug("coredumpctl failed with status: %d" % e.returncode)

def native_corefile(self):
"""Find the corefile for a native crash.
Arguments:
process(process): Process whose crash we should find.
Returns:
`str`: Filename of core file.
"""
if self.kernel_core_pattern.startswith('|'):
log.debug("Checking for corefile (piped)")
@@ -1329,25 +1360,36 @@ def native_corefile(self):
return self.native_corefile_pattern()

def native_corefile_pipe(self):
"""native_corefile_pipe(self) -> str
"""
# We only support apport
if '/apport' not in self.kernel_core_pattern:
log.warn_once("Unsupported core_pattern: %r" % self.kernel_core_pattern)
return None
"""Find the corefile for a piped core_pattern
apport_core = self.apport_corefile()
Supports apport and systemd-coredump.
if apport_core:
# Write the corefile to the local directory
filename = 'core.%s.%i.apport' % (self.basename, self.pid)
with open(filename, 'wb+') as f:
f.write(apport_core)
return filename
Arguments:
process(process): Process whose crash we should find.
# Pretend core_pattern was just 'core', and see if we come up with anything
self.kernel_core_pattern = 'core'
return self.native_corefile_pattern()
Returns:
`str`: Filename of core file.
"""
if '/apport' in self.kernel_core_pattern:
log.debug("Found apport in core_pattern")
apport_core = self.apport_corefile()

if apport_core:
# Write the corefile to the local directory
filename = 'core.%s.%i.apport' % (self.basename, self.pid)
with open(filename, 'wb+') as f:
f.write(apport_core)
return filename

# Pretend core_pattern was just 'core', and see if we come up with anything
self.kernel_core_pattern = 'core'
return self.native_corefile_pattern()
elif 'systemd-coredump' in self.kernel_core_pattern:
log.debug("Found systemd-coredump in core_pattern")
return self.systemd_coredump_corefile()
else:
log.warn_once("Unsupported core_pattern: %r", self.kernel_core_pattern)
return None

def native_corefile_pattern(self):
"""

0 comments on commit 224ddb4

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.