VOID Instruction(INS ins, VOID *v)
{
if (INS_OperandCount(ins) > 1 && INS_MemoryOperandIsRead(ins, 0) && INS_OperandIsReg(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)ReadMem,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_UINT32, INS_OperandCount(ins),
IARG_UINT32, INS_OperandReg(ins, 0),
IARG_MEMORYOP_EA, 0,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END);
}
else if (INS_OperandCount(ins) > 1 && INS_MemoryOperandIsWritten(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)WriteMem,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_UINT32, INS_OperandCount(ins),
IARG_UINT32, INS_OperandReg(ins, 1),
IARG_MEMORYOP_EA, 0,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END);
}
else if (INS_OperandCount(ins) > 1 && INS_OperandIsReg(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)spreadRegTaint,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_UINT32, INS_OperandCount(ins),
IARG_UINT32, INS_RegR(ins, 0),
IARG_UINT32, INS_RegW(ins, 0),
IARG_END);
}
if (INS_OperandCount(ins) > 1 && INS_OperandIsReg(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)followData,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_UINT32, INS_RegR(ins, 0),
IARG_END);
}
}
INT32 RecordRegisters(BBL bbl, UINT16 * stats)
{
INT32 count = 0;
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
const UINT32 max_r = INS_MaxNumRRegs(ins);
for( UINT32 i=0; i < max_r; i++ )
{
const REG reg = INS_RegR(ins, i );
if( REG_is_gr(reg) )
{
stats[count++] = REG_GetStatsIndex(reg,FALSE);
}
#if 0
// This is for arm
else if( REG_is_aggregate(reg) )
{
REGSET regset = INS_RegAggregateR(ins);
for( REG reg = REGSET_PopNext(regset); REG_valid(reg); reg = REGSET_PopNext(regset) )
{
stats[count++] = REG_GetStatsIndex(reg,FALSE);
}
}
#endif
}
const UINT32 max_w = INS_MaxNumWRegs(ins);
for( UINT32 i=0; i < max_w; i++ )
{
const REG reg = INS_RegW(ins, i );
if( REG_is_gr(reg) )
{
stats[count++] = REG_GetStatsIndex(reg,TRUE);
}
#if 0
else if( REG_is_aggregate(reg) )
{
REGSET regset = INS_RegAggregateW(ins);
for( REG reg = REGSET_PopNext(regset); REG_valid(reg); reg = REGSET_PopNext(regset) )
{
stats[count++] = REG_GetStatsIndex(reg,TRUE);
}
}
#endif
}
}
stats[count++] = 0;
return count;
}
/******************************************************************
Title:movzxRRHandler
Function:Handler to handle instruction "movzx reg,reg"
Input:
INS ins:Instruction to be handled.
int srcA:The 1st src operand.
int srcB:The 2nd src operand.
int srcC:The 3rd src operand.
int dstA:The 1st dst operand.
int dstB:The 2nd dst operand.
int dstC:The 3rd dst operand.
Output:
int
Return value:-1 means unable to handle the instruction
******************************************************************/
int movzxRRHandler(INS ins,int srcA,int srcB,int srcC,int dstA,int dstB,int dstC)
{
INS_InsertCall(ins,
IPOINT_BEFORE,
AFUNPTR(movzxRRHook),
IARG_UINT32,
REG(INS_RegW(ins, 0)),
REG(INS_RegR(ins, 0)),
IARG_END);
countAllIns++;
countHandledIns++;
return 0;
}
// Pin calls this function every time a new instruction is encountered
VOID Instruction(INS ins, VOID *v)
{
// Insert a call to updateSpacingInfo before every instruction.
// You may need to add arguments to the call.
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_END);
UINT32 regnum = INS_MaxNumWRegs(ins);
UINT32 reg,i,j,flag;
REG tmp;
regn++;
for(i=0; i<regnum; i++){
tmp=INS_RegW(ins, i);
if(REG_is_partialreg(tmp)){
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)REG_FullRegName(tmp), IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)tmp, IARG_END);
}
// if((UINT32)tmp==REG_EAX) printf("eax %u\n",tmp);
// if((UINT32)tmp==REG_RBASE) printf("base %u\n",tmp);
// if((UINT32)tmp== REG_ESI) printf("esi %u\n",tmp);
if((UINT32)tmp==REG_AL || (UINT32)tmp==REG_AH) INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)REG_AX, IARG_END);
else if((UINT32)tmp==REG_BL || (UINT32)tmp==REG_BH) INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)REG_BX, IARG_END);
else if((UINT32)tmp==REG_CL || (UINT32)tmp==REG_CH) INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)REG_CX, IARG_END);
else if((UINT32)tmp==REG_DL || (UINT32)tmp==REG_CH) INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoW,IARG_UINT32, (UINT32)REG_DX, IARG_END);
}
regnum = INS_MaxNumRRegs(ins);
for(i=0; i<regnum; i++){
reg=(UINT32)INS_RegR(ins, i);
//if(reg>200 || reg<0) printf("Error2: reg=%u\n",reg);
//reg=writereg[reg];
//if(reg>regn) printf("Error3\n");
//if(reg>0 && regn-reg < maxSize && reg<regn) dependancySpacing[regn-reg]++;
flag=0;
for(j=0;j<i;j++)
if(readreg[j]==reg){flag=1;break;}
if(flag==0)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)updateSpacingInfoR, IARG_UINT32, reg, IARG_END);
readreg[i]=reg;
}
else{
readreg[i]=-1;
}
}
}
VOID Instruction(INS ins, VOID *v)
{
// Show 5 examples
static INT32 count = 5;
if (count == 0)
return;
count--;
for (UINT32 i = 0; i < INS_MaxNumRRegs(ins); i++)
{
if (INS_RegR(ins, i) == REG_IMM_LIT)
{
dis << INS_Disassemble(ins) << endl;
dis << " Literal: " << INS_Immediate(ins) << endl;
}
}
}
VOID spreadRegTaint(INS ins)
{
REG reg_r, reg_w;
if (INS_OperandCount(ins) != 2)
return;
reg_r = INS_RegR(ins, 0);
reg_w = INS_RegW(ins, 0);
if (REG_valid(reg_w)){
if (checkAlreadyRegTainted(reg_w) && (!REG_valid(reg_r) || !checkAlreadyRegTainted(reg_r))){
std::cout << "[SPREAD]\t\t" << INS_Address(ins) << ": " << INS_Disassemble(ins) << std::endl;
std::cout << "\t\t\toutput: "<< REG_StringShort(reg_w) << " | input: " << (REG_valid(reg_r) ? REG_StringShort(reg_r) : "constant") << std::endl;
removeRegTainted(reg_w);
}
else if (!checkAlreadyRegTainted(reg_w) && checkAlreadyRegTainted(reg_r)){
std::cout << "[SPREAD]\t\t" << INS_Address(ins) << ": " << INS_Disassemble(ins) << std::endl;
std::cout << "\t\t\toutput: " << REG_StringShort(reg_w) << " | input: "<< REG_StringShort(reg_r) << std::endl;
taintReg(reg_w);
}
}
}
// Pin calls this function every time a new instruction is encountered
VOID Instruction(INS ins, VOID *v)
{
const UINT32 max_r = INS_MaxNumRRegs(ins);
for( UINT32 i=0; i < max_r; i++ )
{
const REG reg = INS_RegR(ins, i );
if (reg==REG_STATUS_FLAGS || reg==REG_DF_FLAG)
{
printf ("Error encountered unexpected flag reg at ins: %s\n",
INS_Disassemble(ins).c_str());
numFailures++;
}
else if (reg==REG_GFLAGS)
{
numFlagRegs++;
}
}
const UINT32 max_w = INS_MaxNumWRegs(ins);
for( UINT32 i=0; i < max_w; i++ )
{
const REG reg = INS_RegW(ins, i );
if (reg==REG_STATUS_FLAGS || reg==REG_DF_FLAG)
{
printf ("Error encountered unexpected flag reg at ins: %s\n",
INS_Disassemble(ins).c_str());
numFailures++;
}
else if (reg==REG_GFLAGS)
{
numFlagRegs++;
}
}
}
VOID instrument_reg(INS ins, ins_buffer_entry* e){
UINT32 i, maxNumRegsProd, maxNumRegsCons, regReadCnt, regWriteCnt, opCnt, regOpCnt;
REG reg;
if(!e->setRead){
maxNumRegsCons = INS_MaxNumRRegs(ins); // maximum number of register consumations (reads)
regReadCnt = 0;
for(i = 0; i < maxNumRegsCons; i++){ // finding all register operands which are read
reg = INS_RegR(ins,i);
//assert(((UINT32)reg) < MAX_NUM_REGS);
/* only consider valid general-purpose registers (any bit-width) and floating-point registers,
* i.e. exlude branch, segment and pin registers, among others */
if(REG_valid(reg) && (REG_is_fr(reg) || REG_is_mm(reg) || REG_is_xmm(reg) || REG_is_gr(reg) || REG_is_gr8(reg) || REG_is_gr16(reg) || REG_is_gr32(reg) || REG_is_gr64(reg))){
regReadCnt++;
}
}
e->regReadCnt = regReadCnt;
e->regsRead = (REG*) checked_malloc(regReadCnt*sizeof(REG));
regReadCnt = 0;
for(i = 0; i < maxNumRegsCons; i++){ // finding all register operands which are read
reg = INS_RegR(ins,i);
//assert(((UINT32)reg) < MAX_NUM_REGS);
/* only consider valid general-purpose registers (any bit-width) and floating-point registers,
* i.e. exlude branch, segment and pin registers, among others */
if(REG_valid(reg) && (REG_is_fr(reg) || REG_is_mm(reg) || REG_is_xmm(reg) || REG_is_gr(reg) || REG_is_gr8(reg) || REG_is_gr16(reg) || REG_is_gr32(reg) || REG_is_gr64(reg))){
e->regsRead[regReadCnt++] = reg;
}
}
e->setRead = true;
}
if(!e->setWritten){
maxNumRegsProd = INS_MaxNumWRegs(ins);
regWriteCnt = 0;
for(i=0; i < maxNumRegsProd; i++){
reg = INS_RegW(ins, i);
//assert(((UINT32)reg) < MAX_NUM_REGS);
/* only consider valid general-purpose registers (any bit-width) and floating-point registers,
* i.e. exlude branch, segment and pin registers, among others */
if(REG_valid(reg) && (REG_is_fr(reg) || REG_is_mm(reg) || REG_is_xmm(reg) || REG_is_gr(reg) || REG_is_gr8(reg) || REG_is_gr16(reg) || REG_is_gr32(reg) || REG_is_gr64(reg))){
regWriteCnt++;
}
}
e->regWriteCnt = regWriteCnt;
e->regsWritten = (REG*)checked_malloc(regWriteCnt*sizeof(REG));
regWriteCnt = 0;
for(i=0; i < maxNumRegsProd; i++){
reg = INS_RegW(ins, i);
//assert(((UINT32)reg) < MAX_NUM_REGS);
/* only consider valid general-purpose registers (any bit-width) and floating-point registers,
* i.e. exlude branch, segment and pin registers, among others */
if(REG_valid(reg) && (REG_is_fr(reg) || REG_is_mm(reg) || REG_is_xmm(reg) || REG_is_gr(reg) || REG_is_gr8(reg) || REG_is_gr16(reg) || REG_is_gr32(reg) || REG_is_gr64(reg))){
e->regsWritten[regWriteCnt++] = reg;
}
}
e->setWritten = true;
}
if(!e->setRegOpCnt){
regOpCnt = 0;
opCnt = INS_OperandCount(ins);
for(i = 0; i < opCnt; i++){
if(INS_OperandIsReg(ins,i))
regOpCnt++;
}
/*if(regOpCnt >= MAX_NUM_OPER){
cerr << "BOOM! -> MAX_NUM_OPER is exceeded! (" << regOpCnt << ")" << endl;
exit(1);
}*/
e->regOpCnt = regOpCnt;
e->setRegOpCnt = true;
}
if(interval_size == -1){
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)reg_instr_full, IARG_PTR, (void*)e, IARG_END);
}
else{
INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)reg_instr_intervals, IARG_PTR, (void*)e, IARG_END);
/* only called if interval is full */
INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)reg_instr_interval, IARG_END);
}
}
instruction::instruction(const INS& ins)
{
this->address = INS_Address(ins);
this->next_address = INS_NextAddress(ins);
// this->opcode = INS_Mnemonic(ins);
this->opcode_size = static_cast<uint8_t>(INS_Size(ins));
this->opcode_buffer = std::shared_ptr<uint8_t>(new uint8_t[this->opcode_size], std::default_delete<uint8_t[]>());
PIN_SafeCopy(opcode_buffer.get(), reinterpret_cast<const VOID*>(this->address), this->opcode_size);
this->disassemble = INS_Disassemble(ins);
// including image, routine
auto img = IMG_FindByAddress(this->address);
this->including_image = IMG_Valid(img) ? IMG_Name(img) : "";
// this->including_routine = RTN_FindNameByAddress(this->address);
PIN_LockClient();
auto routine = RTN_FindByAddress(this->address);
PIN_UnlockClient();
if (RTN_Valid(routine)) {
auto routine_mangled_name = RTN_Name(routine);
this->including_routine_name = PIN_UndecorateSymbolName(routine_mangled_name, UNDECORATION_NAME_ONLY);
}
else this->including_routine_name = "";
// has fall through
this->has_fall_through = INS_HasFallThrough(ins);
// is call, ret or syscall
this->is_call = INS_IsCall(ins);
this->is_branch = INS_IsBranch(ins);
this->is_ret = INS_IsRet(ins);
this->is_syscall = INS_IsSyscall(ins);
this->category = static_cast<xed_category_enum_t>(INS_Category(ins));
this->iclass = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
// read registers
auto read_reg_number = INS_MaxNumRRegs(ins);
for (decltype(read_reg_number) reg_id = 0; reg_id < read_reg_number; ++reg_id) {
this->src_registers.push_back(INS_RegR(ins, reg_id));
}
// written registers
auto written_reg_number = INS_MaxNumWRegs(ins);
for (decltype(written_reg_number) reg_id = 0; reg_id < written_reg_number; ++reg_id) {
this->dst_registers.push_back(INS_RegW(ins, reg_id));
}
auto is_special_reg = [](const REG& reg) -> bool {
return (reg >= REG_MM_BASE);
};
this->is_special =
std::any_of(std::begin(this->src_registers), std::end(this->src_registers), is_special_reg) ||
std::any_of(std::begin(this->dst_registers), std::end(this->dst_registers), is_special_reg) ||
(this->category == XED_CATEGORY_X87_ALU) || (this->iclass == XED_ICLASS_XEND) || (this->category == XED_CATEGORY_LOGICAL_FP) ||
(this->iclass == XED_ICLASS_PUSHA) || (this->iclass == XED_ICLASS_PUSHAD) || (this->iclass == XED_ICLASS_PUSHF) ||
(this->iclass == XED_ICLASS_PUSHFD) || (this->iclass == XED_ICLASS_PUSHFQ);
// is memory read, write
this->is_memory_read = INS_IsMemoryRead(ins);
this->is_memory_write = INS_IsMemoryWrite(ins);
this->is_memory_read2 = INS_HasMemoryRead2(ins);
}
VOID Trace(TRACE trace, VOID *v)
{
if(TAINT_Analysis_On&&TAINT_Instrumentation_On)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
if(bbl_taintedmem)
BBL_InsertCall(bbl,IPOINT_BEFORE,(AFUNPTR)bblBegin,IARG_END);
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)checkEIP,IARG_INST_PTR,IARG_END);
if(INS_IsCall(ins))//detect overflow of stack
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)MemofRetAddr,
IARG_MEMORYOP_EA, 0,
IARG_END);
}
if ( INS_Opcode(ins) >= XED_ICLASS_MOV && INS_Opcode(ins) <= XED_ICLASS_MOVZX )//&& INS_Address(ins) == 0x7c80a2f0)//||INS_Address(ins)==0x7c80a2f3))//||( (INS_Opcode(ins) >= XED_ICLASS_POP) && (INS_Opcode(ins) <= XED_ICLASS_POPFQ))||((INS_Opcode(ins) >= XED_ICLASS_PUSH) && (INS_Opcode(ins) <= XED_ICLASS_PUSHFQ))||(INS_Opcode(ins) == XED_ICLASS_LEA))
{
if (INS_has_immed(ins))
{
if (INS_IsMemoryWrite(ins)) //immed -> mem
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ImmedCleanMem,
IARG_MEMORYOP_EA, 0,
IARG_END);
}
else //immed -> reg
{
REG insreg1 = INS_get_write_reg(ins);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ImmedCleanReg,
IARG_ADDRINT, (ADDRINT)insreg1,
IARG_END);
}
}
else if (INS_IsMemoryRead(ins)) //mem -> reg
{
//in this case we call MemTaintReg to copy the taint if relevant
REG insreg2 = INS_get_write_reg(ins);
REG basereg2 = INS_get_mem_basereg(ins);
REG indexreg2 = INS_get_mem_indexreg(ins);
//ADDRINT insadd = INS_Address(ins);
//string insdis = INS_Disassemble(ins);
//out << "instruction 2 opcode " << INS_Opcode(ins)<<endl;
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)MemTaintReg,
IARG_MEMORYOP_EA, 0,
IARG_UINT32,INS_MemoryScale(ins),
IARG_ADDRINT, (ADDRINT)basereg2,
IARG_ADDRINT, (ADDRINT)indexreg2,
IARG_ADDRINT, (ADDRINT)insreg2,
IARG_UINT32, INS_Opcode(ins),
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins)) //reg -> mem
{
//in this case we call RegTaintMem to copy the taint if relevant
REG insreg3 = INS_get_read_reg(ins);
REG basereg3 = INS_get_memwr_basereg(ins);
REG indexreg3 = INS_get_memwr_indexreg(ins);
//ADDRINT insadd = INS_Address(ins);
//IARG_INST_PTR
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)RegTaintMem,
IARG_ADDRINT,(ADDRINT)insreg3,
IARG_UINT32,INS_MemoryScale(ins),
IARG_ADDRINT, (ADDRINT)basereg3,
IARG_ADDRINT, (ADDRINT)indexreg3,
IARG_MEMORYOP_EA, 0,
IARG_UINT32, INS_Opcode(ins),
IARG_INST_PTR,
IARG_END);
}
else if (INS_RegR(ins, 0) != REG_INVALID()) //reg -> reg
{
//in this case we call RegTaintReg
REG Rreg = INS_get_read_reg(ins);
REG Wreg = INS_get_write_reg(ins);
//ADDRINT insadd = INS_Address(ins);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)RegTaintReg,
IARG_ADDRINT, (ADDRINT)Rreg,
IARG_ADDRINT, (ADDRINT)Wreg,
IARG_UINT32, INS_Opcode(ins),
IARG_INST_PTR,
IARG_END);
}
else //should never happen
{
out << "serious error?!\n" << endl;
}
} // IF opcode is a MOV
/*
if(bbl_taintedmem == 1&&INS_IsBranch(ins))
{
out << BBL_Address(bbl) <<endl;
out << INS_Address(ins)<<endl;
out << INS_NextAddress(ins)<<endl;
out << INS_DirectBranchOrCallTargetAddress(ins)<<endl;
out << " taintBBL: "<<endl;
out << INS_Disassemble(ins) <<endl;
if(INS_NextAddress(ins)>=BBL_Address(bbl)&&INS_NextAddress(ins)<=INS_Address(ins))
{
out << "find bbl loop"<<endl;
//bblLoop = 1;
}
}
*/
if(bbl_taintedmem ==1 && ins==BBL_InsTail(bbl))
{
// out <<"find tainted bbl " <<endl;
// out <<"bbl start address: "<< BBL_Address(bbl) <<endl;
// out <<"bbl size: "<<BBL_Size(bbl) << endl;
// out <<"bbl head: "<< INS_Disassemble(BBL_InsHead(bbl))<<endl;
// out <<"bbl tail: "<< INS_Disassemble(ins) <<endl;
if(INS_DirectBranchOrCallTargetAddress(ins)>=BBL_Address(bbl)&&INS_DirectBranchOrCallTargetAddress(ins)<=INS_Address(ins))
{
out<<endl<<"this tainted bbl is a loop"<<endl;
//BBL_InsertCall(bbl,IPOINT_AFTER,(AFUNPTR)loopBblEnd,IARG_END);
}
}
}// For INS
} // For BBL
}//for enable DTA
} // VOID Trace
VOID Instruction(INS ins, VOID *v)
{
PIN_LockClient();
IMG img = IMG_FindByAddress(INS_Address(ins));
PIN_UnlockClient();
if (IMG_Valid(img) && IMG_IsMainExecutable(img)){
if (INS_IsCall(ins)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)PrologueAnalysis,
IARG_ADDRINT, INS_Address(ins),
IARG_ADDRINT, INS_NextAddress(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_END);
}
else if (INS_IsRet(ins)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)EpilogueAnalysis,
IARG_ADDRINT, INS_Address(ins),
IARG_ADDRINT, INS_NextAddress(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_END);
}
else if (INS_OperandCount(ins) > 1 && INS_MemoryOperandIsWritten(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)WriteMem,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_UINT32, INS_OperandCount(ins),
IARG_UINT32, INS_OperandReg(ins, 1),
IARG_MEMORYOP_EA, 0,
IARG_END);
}
/* Value Set Analysis */
if (INS_Opcode(ins) == XED_ICLASS_MOV &&
INS_RegR(ins, 0) == REG_RBP &&
INS_RegR(ins, 1) == REG_INVALID() &&
INS_IsMemoryWrite(ins)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)ValueSetAnalysis,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_REG_VALUE, REG_RSP,
IARG_REG_VALUE, REG_RBP,
IARG_MEMORYOP_EA, 0,
IARG_END);
}
/* Analyzes stack overflow */
if (INS_MemoryOperandIsWritten(ins, 0)){
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)WriteMemAnalysis,
IARG_ADDRINT, INS_Address(ins),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_MEMORYOP_EA, 0,
IARG_END);
}
/* Timer Handler - And instruction counter */
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)timerHandler,
IARG_ADDRINT, INS_Address(INS_Prev(ins)),
IARG_ADDRINT, INS_Address(ins),
IARG_ADDRINT, INS_Address(INS_Next(ins)),
IARG_PTR, new string(INS_Disassemble(ins)),
IARG_END);
}
}
