libs2eplugins: MemoryMap doesn't contain stack mapping?

5 views
Skip to first unread message

Marco Wang

unread,
Sep 27, 2021, 4:28:26 AMSep 27
to S2E Developer Forum
Hi,

I want to use BaseLinuxMonitor::getCurrentStack() determine the memory region of [stack].

The function cannot find the stack region, so I try to iterate over all the mapped regions for the target process and dump each of them, but I notice that the stack mapping is not present.

Printing out the value of RSP gives: 0x7ffedd9db790
However, as shown below, such region is not recorded by the MemoryMap plugin.

----------------------------------------------------------
9 [State 1] RSP = 0x7ffedd9db790
9 [State 1] 0x400000 - 0x400fff R--
9 [State 1] 0x401000 - 0x401fff R-X
9 [State 1] 0x402000 - 0x403fff R--
9 [State 1] 0x404000 - 0x404fff RW-
9 [State 1] 0x7fa1990dd000 - 0x7fa199271fff R-X
9 [State 1] 0x7fa199272000 - 0x7fa199471fff ---
9 [State 1] 0x7fa199472000 - 0x7fa199475fff R--
9 [State 1] 0x7fa199476000 - 0x7fa19947bfff RW-
9 [State 1] 0x7fa19947c000 - 0x7fa19949efff R-X
9 [State 1] 0x7fa199695000 - 0x7fa199696fff RW-
9 [State 1] 0x7fa19969f000 - 0x7fa19969ffff R--
9 [State 1] 0x7fa1996a0000 - 0x7fa1996a0fff RW-
9 [State 1] Unable to get stack mapping

----------------------------------------------------------

Here's my code producing the above output.
----------------------------------------------------------
g_s2e->getWarningsStream(state)
        << "Detected symbolic RIP: " << klee::hexval(concreteAddress)
        << ", original value is: " << klee::hexval(state->regs()->getPc())
        << "\n";

    g_s2e->getWarningsStream(state)
        << "RSP = "
        << klee::hexval(state->regs()->read<uint64_t>(CPU_OFFSET(regs[R_ESP])))
        << "\n";

    // Dump virtual memory mappings.
    MemoryMap* m = g_s2e->getPlugin<MemoryMap>();

    auto dump_vmmap = [state](uint64_t start, uint64_t stop, const MemoryMapRegionType &r) {
        g_s2e->getWarningsStream(state)
            << klee::hexval(start) << " - "
            << klee::hexval(stop) << " "
            << (r & MM_READ ? 'R' : '-')
            << (r & MM_WRITE ? 'W' : '-')
            << (r & MM_EXEC ? 'X' : '-')
            << "\n";
        return true;
    };

    m->iterateRegions(state, m_target_process_pid, dump_vmmap);

    uint64_t base, size;
    if (m_monitor->getCurrentStack(state, &base, &size)) {
        g_s2e->getWarningsStream(state)
            << "stack:\n"
            << klee::hexval(base) << " - "
            << klee::hexval(base + size) << "\n";
    } else {
        g_s2e->getWarningsStream(state)
            << "Unable to get stack mapping\n";
    }
----------------------------------------------------------

What should I do if I want to get the stack region from the MemoryMap plugin?
Thanks in advance.
Reply all
Reply to author
Forward
0 new messages