Advertisement
dioseph

crash_test.cpp

Oct 18th, 2012
145
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 5.17 KB | None | 0 0
  1. // <copyright file="crash_test.cpp" company="Binamuse">
  2. // Copyright (c) 2007, 2008 All Right Reserved, http://www.binamuse.com/
  3. //
  4. // This source is subject to the Microsoft Permissive License.
  5. // Please see the License.txt file for more information.
  6. // All other rights reserved.
  7. //
  8. // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
  9. // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
  10. // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
  11. // PARTICULAR PURPOSE.
  12. //
  13. // </copyright>
  14. // <author>Felipe Andres Manzano</author>
  15. // <email>feliam@binamuse.com</email>
  16. // <date>2012-09-10</date>
  17. // <summary>Generate child process with user defined behavior like crash</summary>
  18. //
  19. //crash_test.cpp : Defines the entry point for the console application.
  20.  
  21. #include "stdafx.h"
  22. #include "string.h"
  23. #include <windows.h>
  24.  
  25. int _tmain(int argc, TCHAR* argv[])
  26. {
  27.     DWORD PID;
  28.    
  29.     PID = GetCurrentProcessId();
  30.     _cwprintf(L"[%6d] Hi!\n",PID);
  31.  
  32.     // First commandline argument is the "command".
  33.     // It can be "crash" or "spawn".
  34.     if (argc < 2){
  35.         _cwprintf(L"[%6d] No command exiting nicely\n",PID);
  36.         goto bye;
  37.     }
  38.    
  39.  
  40.     if (wcscmp(argv[1], L"SPAWN") == 0){
  41.             STARTUPINFO si;
  42.         PROCESS_INFORMATION pi;
  43.  
  44.         ZeroMemory( &si, sizeof(si) );
  45.         si.cb = sizeof(si);
  46.         ZeroMemory( &pi, sizeof(pi) );
  47.  
  48.         TCHAR * commandline = (TCHAR*)malloc((wcslen(argv[0])+2)*2); //LEAK
  49.         swprintf(commandline,L"%s \x00\x00", argv[0]);
  50.         for (int i=2;i<argc;i++){
  51.             commandline = (TCHAR*)realloc(commandline,  (wcslen(commandline)+wcslen(argv[i])+2) *2);
  52.             wcscat(commandline,argv[i]);
  53.             wcscat(commandline,L" ");
  54.         }
  55.         _cwprintf(L"[%6d] Executing a new instance: <%s>\n", PID, commandline);
  56.         // Start the child process.
  57.         if( CreateProcess( NULL,   // No module name (use command line)
  58.             commandline,        // Command line
  59.             NULL,           // Process handle not inheritable
  60.             NULL,           // Thread handle not inheritable
  61.             FALSE,          // Set handle inheritance to FALSE
  62.             0,              // No creation flags
  63.             NULL,           // Use parent's environment block
  64.             NULL,           // Use parent's starting directory
  65.             &si,            // Pointer to STARTUPINFO structure
  66.             &pi )           // Pointer to PROCESS_INFORMATION structure
  67.         )
  68.         {
  69.             // Wait until child process exits.
  70.             WaitForSingleObject( pi.hProcess, INFINITE );
  71.  
  72.             // Close process and thread handles.
  73.             CloseHandle( pi.hProcess );
  74.             CloseHandle( pi.hThread ); 
  75.         }
  76.         else
  77.             _cwprintf(L"[%6d] CreateProcess failed (%d).\n", PID, GetLastError() );
  78.    
  79.         goto bye;
  80.     }
  81.  
  82.  
  83.     // There are several ways to crash the second argument selects the
  84.     // crashing flavor. (If argc < 3 it will crash anyway)
  85.     // Process should thrw one of the exeption specified here:
  86.     // http://msdn.microsoft.com/en-us/library/windows/desktop/aa363082(v=vs.85).aspx
  87.     _cwprintf(L"[%6d] This is a crashing process!\n",PID);
  88.     //EXCEPTION_ACCESS_VIOLATION
  89.     if (wcscmp(argv[1], L"EXCEPTION_ACCESS_VIOLATION") == 0 ||
  90.         wcscmp(argv[1], L"EXCEPTION_ACCESS_VIOLATION_R") == 0){
  91.         int *p = (int*)0x12345678;
  92.         int value;
  93.         _cwprintf(L"[%6d] Read memory @ %p\n",PID, p);
  94.         value = *p;
  95.     }
  96.     //EXCEPTION_ACCESS_VIOLATION
  97.     if (wcscmp(argv[1], L"EXCEPTION_ACCESS_VIOLATION_W") == 0){
  98.         int *p = (int*)0x12345678;
  99.         _cwprintf(L"[%6d] Write memory @ %p\n",PID,p);
  100.         *p = 0x41424344;
  101.     }
  102.     //EXCEPTION_ACCESS_VIOLATION
  103.     if (wcscmp(argv[1], L"EXCEPTION_ACCESS_VIOLATION_X") == 0){
  104.         _cwprintf(L"[%6d] Executing at not executable memory\n",PID);
  105.         ((void (*)())  ((void*)"notexec"))();
  106.     }
  107.     //EXCEPTION_ARRAY_BOUNDS_EXCEEDED ??
  108.     //EXCEPTION_BREAKPOINT
  109.     if (wcscmp(argv[1], L"EXCEPTION_BREAKPOINT") == 0){
  110.         _cwprintf(L"[%6d] Executing invalid instruction\n",PID);
  111.         __asm { __emit 0xCC;
  112.         };
  113.     }
  114.     //EXCEPTION_FLT_.* ??
  115.     //EXCEPTION_FLT_DIVIDE_BY_ZERO
  116.     if (wcscmp(argv[1], L"EXCEPTION_FLT_DIVIDE_BY_ZERO") == 0){
  117.         float value=0.0;
  118.         _cwprintf(L"[%6d] Division by zero(float) @ %p\n",PID);
  119.         value = 100/value;
  120.     }
  121.     //EXCEPTION_DATATYPE_MISALIGNMENT ??
  122.     //EXCEPTION_ILLEGAL_INSTRUCTION
  123.     if (wcscmp(argv[1], L"EXCEPTION_ILLEGAL_INSTRUCTION") == 0){
  124.         _cwprintf(L"[%6d] Executing invalid instruction\n",PID);
  125.         __asm { __emit 0xff;
  126.                 __emit 0xff;
  127.                 __emit 0xff;           
  128.         };
  129.     }
  130.     //EXCEPTION_IN_PAGE_ERROR ??
  131.     //EXCEPTION_INT_DIVIDE_BY_ZERO
  132.     if (wcscmp(argv[1], L"EXCEPTION_INT_DIVIDE_BY_ZERO") == 0){
  133.         int value=0;
  134.         _cwprintf(L"[%6d] Division by zero @ %p\n",PID);
  135.         value = 100/value;
  136.     }
  137.     //EXCEPTION_INVALID_DISPOSITION  ??
  138.     //EXCEPTION_NONCONTINUABLE_EXCEPTION ??
  139.     //EXCEPTION_PRIV_INSTRUCTION
  140.     /*if (wcscmp(argv[1], L"EXCEPTION_PRIV_INSTRUCTION") == 0){
  141.         _cwprintf(L"[%6d] Executing invalid instruction\n",PID);
  142.         __asm { in $0x123, $0x123;}
  143.     }*/
  144.     //EXCEPTION_SINGLE_STEP ??
  145.     //EXCEPTION_STACK_OVERFLOW
  146.     /*if (wcscmp(argv[1], L"EXCEPTION_STACK_OVERFLOW") == 0){
  147.         _cwprintf(L"[%6d] Exausting the stack\n",PID);
  148.         for(;;)
  149.             __asm { pushl 0x12345678; }
  150.     }*/
  151.     //This will loop for ever, used to exercise debugger timeout
  152.     if (wcscmp(argv[1], L"TIMEOUT") == 0){
  153.         _cwprintf(L"[%6d] Looping forever and ever\n",PID);
  154.         for(;;)
  155.             ;
  156.     }
  157.  
  158. bye:
  159.     _cwprintf(L"[%6d] Bye!\n",PID);
  160.     return 0;
  161. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement