| /* ********************************************************** |
| * Copyright (c) 2007-2010 VMware, Inc. All rights reserved. |
| * **********************************************************/ |
| |
| /* |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are met: |
| * |
| * * Redistributions of source code must retain the above copyright notice, |
| * this list of conditions and the following disclaimer. |
| * |
| * * Redistributions in binary form must reproduce the above copyright notice, |
| * this list of conditions and the following disclaimer in the documentation |
| * and/or other materials provided with the distribution. |
| * |
| * * Neither the name of VMware, Inc. nor the names of its contributors may be |
| * used to endorse or promote products derived from this software without |
| * specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
| * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| * ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE |
| * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH |
| * DAMAGE. |
| */ |
| |
| #include "dr_api.h" |
| |
| static |
| void security_event(void *drcontext, void *source_tag, |
| app_pc source_pc, app_pc target_pc, |
| dr_security_violation_type_t violation, |
| dr_mcontext_t *mcontext, |
| dr_security_violation_action_t *action) |
| { |
| static int violations = 0; |
| |
| const char *violation_str = NULL; |
| switch (violation) { |
| case DR_RCO_STACK_VIOLATION: |
| violation_str = "stack execution violation"; |
| break; |
| case DR_RCO_HEAP_VIOLATION: |
| violation_str = "heap execution violation"; |
| break; |
| case DR_RCT_RETURN_VIOLATION: |
| violation_str = "return target violation"; |
| break; |
| case DR_RCT_INDIRECT_CALL_VIOLATION: |
| violation_str = "call rct violation"; |
| break; |
| case DR_RCT_INDIRECT_JUMP_VIOLATION: |
| violation_str = "jump rct violation"; |
| break; |
| default: |
| violation_str = "unknown"; |
| break; |
| } |
| |
| dr_fprintf(STDERR, "security violation: \"%s\"\n", violation_str); |
| #if 0 |
| dr_fprintf(STDERR, "Source tag="PFX" pc="PFX" Target pc="PFX"\n", |
| source_tag, source_pc, target_pc); |
| #endif |
| |
| violations++; |
| |
| if (violations == 1) { |
| dr_fprintf(STDERR, "continuing...\n"); |
| *action = DR_VIOLATION_ACTION_CONTINUE; |
| } |
| else { |
| dr_fprintf(STDERR, "terminating...\n"); |
| *action = DR_VIOLATION_ACTION_KILL_PROCESS; |
| #if 0 |
| dr_write_forensics_report(drcontext, dr_get_stdout_file(), violation, |
| *action, "Fatal Violation"); |
| #endif |
| } |
| } |
| |
| DR_EXPORT |
| void dr_init(client_id_t id) |
| { |
| dr_register_security_event(security_event); |
| } |
