VOID Instruction(INS ins, VOID *v) { //if (RTN_Valid(INS_Rtn(ins)) && RTN_Name(INS_Rtn(ins)) == "__SEH_epilog4") { // cerr << "image " << IMG_Name(SEC_Img(RTN_Sec(INS_Rtn(ins)))) << endl; //} if ( leaflag && INS_IsLea(ins) ) { INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(LeaAdd), IARG_THREAD_ID, IARG_REG_VALUE, REG_STACK_PTR, IARG_INST_PTR, IARG_REG_VALUE, REG_GBP, IARG_END); } if ( INS_IsBranch(ins) && !(INS_IsCall(ins)) && !(INS_IsRet(ins)) ) { INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(Branch), IARG_THREAD_ID, IARG_REG_VALUE, REG_STACK_PTR, IARG_BRANCH_TARGET_ADDR, IARG_INST_PTR, IARG_END); } else if (INS_IsRet(ins)) { INS prev = INS_Prev(ins); //cout<< "CALL TO RET" << endl; INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Ret), IARG_THREAD_ID, IARG_REG_VALUE, REG_STACK_PTR, IARG_BRANCH_TARGET_ADDR, IARG_INST_PTR, IARG_UINT32, (INS_Valid(prev) && INS_Opcode(prev) == XED_CATEGORY_PUSH), IARG_END); } else if (INS_IsCall(ins)) { //cout << "CALL TO CALL" << endl; INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(Call), IARG_THREAD_ID, IARG_REG_VALUE, REG_STACK_PTR, IARG_BRANCH_TARGET_ADDR, IARG_INST_PTR, IARG_END); } else if (INS_IsMemoryWrite(ins)) { //cout<< "CALL TO MEWRITE" << endl; INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(MemWrite), IARG_THREAD_ID, IARG_MEMORYWRITE_EA, IARG_END); } }
VOID Instruction(INS ins, VOID *v){ /** * INS_InsertCall(INS ins, IPOINT action, AFUNPTR funptr, ...) * * insert a call to 'docount' relative to instruction 'ins' * * ins: instruction to instrument * action: specifies before/after, etc. IPOINT_BEFORE is always valid for all instructions. * funptr: insert a call to funptr. * ...: list of arguments to pass funptr, terminated with IARG_END */ //INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)stat_ins, IARG_END); InsCount ++; //string ins_cat = CATEGORY_StringShort(INS_Category(ins)); int num_ops = INS_OperandCount(ins); //total #operands int memOperands = INS_MemoryOperandCount(ins); //#mem_operands string op_string = ""; //string to record all operands stringstream sstm; //string stream int num_mems = 0; for(int ii=0; ii<num_ops; ii++){ //iterate each operand if(INS_OperandIsImmediate(ins, ii)){ //immediate auto value = INS_OperandImmediate(ins, ii); sstm.str(""); //empty sstm << "$" << value; op_string += " " + sstm.str(); } else if(INS_OperandIsReg(ins, ii)){ //register auto reg = REG_StringShort(INS_OperandReg(ins, ii)); sstm.str(""); sstm << "%" << reg; op_string += " " + sstm.str(); } else if(INS_OperandIsMemory(ins, ii) && memOperands>0){ //memory string mem_type = "memXX"; if(INS_MemoryOperandIsRead(ins, num_mems)) { mem_type = "memR"; } else if(INS_MemoryOperandIsWritten(ins, num_mems)) { mem_type = "memW"; } if(INS_MemoryOperandIsRead(ins, num_mems) && INS_MemoryOperandIsWritten(ins, num_mems)) { mem_type = "memRW"; } ++ num_mems; op_string += " " + mem_type; //true if this operand is a memory reference, //Note: this does not include LEA operands. } else if(INS_OperandIsMemory(ins, ii) && memOperands==0){ //NOP assert(INS_IsNop(ins)); } else { //TRUE if memory operand uses predefined base register and this register can not be changed //Example: movs ds:(esi), es:(edi) There are two fixed operands string other_type = ""; if(INS_OperandIsFixedMemop(ins, ii)) other_type = "FM"; //true if this operand is a displacement (e.g. branch offset) else if(INS_OperandIsBranchDisplacement(ins, ii)) other_type = "BD"; //true if this operand is implied by the opcode (e.g. the stack write in a push instruction) else if(INS_OperandIsImplicit(ins, ii)) other_type = "IM"; else { assert(INS_IsLea(ins)); other_type = "lea"; } op_string += " " + other_type; } } assert(num_mems == memOperands); assert(num_ops <= 6); //record ins INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)record_ins, IARG_THREAD_ID, IARG_UINT32, INS_Opcode(ins), IARG_UINT32, num_ops, IARG_PTR, new string(op_string), IARG_END); if (INS_IsXchg(ins) && INS_OperandReg(ins, 0)==REG_BX && INS_OperandReg(ins, 1)==REG_BX) { //INS_InsertPredictedCall() is used to call analysis functions. //This API function prevents pollution of the memory analysis by calling an analysis function only if a particular //instruction is actualy executed, i.e., only if the instruction is executed. INS_InsertPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR)handleHook, IARG_THREAD_ID, IARG_REG_VALUE, REG_GAX, #ifdef TARGET_IA32 IARG_REG_VALUE, REG_GDX, #else IARG_REG_VALUE, REG_GBX, #endif IARG_REG_VALUE, REG_GCX, IARG_END); } }