Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for coredumps which are stored using systemd-coredump #1181

Merged
merged 1 commit into from
Feb 22, 2019
Merged

Add support for coredumps which are stored using systemd-coredump #1181

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 58 additions & 16 deletions pwnlib/elf/corefile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@
import os
import socket
import StringIO
import subprocess
import tempfile

import elftools
Expand Down Expand Up @@ -1314,12 +1315,42 @@ def apport_read_crash_data(self):

return data

def systemd_coredump_corefile(self):
"""Find the systemd-coredump crash for the process and dump it to a file.

Arguments:
process(process): Process object we're looking for.

Returns:
`str`: Filename of core file, if coredump was found.
"""
filename = "core.%s.%i.coredumpctl" % (self.basename, self.pid)
try:
subprocess.check_call(
[
"coredumpctl",
"dump",
"--output=%s" % filename,
# Filter coredump by pid and filename
str(self.pid),
self.basename,
],
stdout=open(os.devnull, 'w'),
stderr=subprocess.STDOUT,
shell=False,
)
return filename
except subprocess.CalledProcessError as e:
log.debug("coredumpctl failed with status: %d" % e.returncode)

def native_corefile(self):
"""Find the corefile for a native crash.

Arguments:
process(process): Process whose crash we should find.

Returns:
`str`: Filename of core file.
"""
if self.kernel_core_pattern.startswith('|'):
log.debug("Checking for corefile (piped)")
Expand All @@ -1329,25 +1360,36 @@ def native_corefile(self):
return self.native_corefile_pattern()

def native_corefile_pipe(self):
"""native_corefile_pipe(self) -> str
"""
# We only support apport
if '/apport' not in self.kernel_core_pattern:
log.warn_once("Unsupported core_pattern: %r" % self.kernel_core_pattern)
return None
"""Find the corefile for a piped core_pattern

apport_core = self.apport_corefile()
Supports apport and systemd-coredump.

if apport_core:
# Write the corefile to the local directory
filename = 'core.%s.%i.apport' % (self.basename, self.pid)
with open(filename, 'wb+') as f:
f.write(apport_core)
return filename
Arguments:
process(process): Process whose crash we should find.

# Pretend core_pattern was just 'core', and see if we come up with anything
self.kernel_core_pattern = 'core'
return self.native_corefile_pattern()
Returns:
`str`: Filename of core file.
"""
if '/apport' in self.kernel_core_pattern:
log.debug("Found apport in core_pattern")
apport_core = self.apport_corefile()

if apport_core:
# Write the corefile to the local directory
filename = 'core.%s.%i.apport' % (self.basename, self.pid)
with open(filename, 'wb+') as f:
f.write(apport_core)
return filename

# Pretend core_pattern was just 'core', and see if we come up with anything
self.kernel_core_pattern = 'core'
return self.native_corefile_pattern()
elif 'systemd-coredump' in self.kernel_core_pattern:
log.debug("Found systemd-coredump in core_pattern")
return self.systemd_coredump_corefile()
else:
log.warn_once("Unsupported core_pattern: %r", self.kernel_core_pattern)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switching to a , instead of the % fixes #1177.

return None

def native_corefile_pattern(self):
"""
Expand Down