VOID Image(IMG img, VOID *v)
{
if(IMG_IsMainExecutable(img))
{
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
if (RTN_Name(rtn) == "_NotifyPinAfterMmap" || RTN_Name(rtn) == "NotifyPinAfterMmap")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)MmapAfter,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_Close(rtn);
}
}
}
}
}
VOID Routine(RTN rtn, void * v)
{
RTN_Open(rtn);
if(strcmp(RTN_Name(rtn).c_str(),"memcpy")==0)
{
if(SYM_IFunc(RTN_Sym(rtn)))
{
cout << "Found IFUNC memcpy"<< endl;
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(IfuncMemcpy), IARG_END);
}
else
{
cout << "Found non IFUNC memcpy"<< endl;
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(Memcpy), IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1, IARG_FUNCARG_ENTRYPOINT_VALUE, 2 , IARG_END);
}
}
RTN_Close(rtn);
}
VOID Routine(RTN rtn, VOID *v)
{
// Allocate a counter for this routine
RTN_COUNT * rc = new RTN_COUNT;
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fini
rc->_name = RTN_Name(rtn);
rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str());
rc->_address = RTN_Address(rtn);
rc->_next = RtnList;
RtnList = rc;
if(!startSymbolAddress && rc->_name == start_symbol) {
startSymbolAddress = rc->_address;
}
if(!stopSymbolAddress && rc->_name == stop_symbol) {
stopSymbolAddress = rc->_address;
}
RTN_Open(rtn);
if (rc->_address == startSymbolAddress || rc->_address == stopSymbolAddress) {
if (rc->_address == startSymbolAddress) {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)startRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
LOG("Instrumented start symbol\n");
} else {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)stopRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
LOG("Instrumented stop symbol\n");
}
}else {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)routineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
}
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)routineExit, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
RTN_Close(rtn);
}
static VOID Image(IMG img, VOID *v)
{
RTN rtn = RTN_FindByName(img, watch_rtn);
if (!RTN_Valid(rtn))
{
return;
}
printf("Image Instrumenting %s\n", watch_rtn);
RTN_Open(rtn);
INS ins = RTN_InsHeadOnly(rtn);
ASSERTX (INS_Valid(ins));
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "IMG instrumentation1", IARG_CALL_ORDER, CALL_ORDER_FIRST+5, IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "IMG instrumentation2", IARG_CALL_ORDER, CALL_ORDER_FIRST+4, IARG_END);
RTN_Close(rtn);
}
static VOID Instruction(INS ins, VOID *v)
{
RTN rtn = INS_Rtn(ins);
if (!RTN_Valid(rtn) || RTN_Name(rtn) != watch_rtn)
{
return;
}
if (INS_Address(ins) == RTN_Address(rtn))
{
// Pin does not support issuing an RTN_InsertCall from the INS instrumentation callback
// This will cause Pin to terminate with an error
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(Emit),
IARG_PTR, "Ins instrumentation1", IARG_END);
RTN_Close(rtn);
}
}
static VOID imageLoad(IMG img, VOID *v)
{
// Just instrument the main image.
if (!IMG_IsMainExecutable(img))
return;
for (SEC sec=IMG_SecHead(img); SEC_Valid(sec); sec=SEC_Next(sec))
{
for (RTN rtn=SEC_RtnHead(sec); RTN_Valid(rtn); rtn=RTN_Next(rtn))
{
RTN_Open(rtn);
for (INS ins=RTN_InsHead(rtn); INS_Valid(ins); ins=INS_Next(ins))
{
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR)incCount, IARG_END);
}
RTN_Close(rtn);
}
}
}
// Insert a call to an analysis routine that sets the scratch xmm registers, the call is inserted just after the
// movdqa instruction of DoXmm (see xmm-asm-*.s)
static VOID InstrumentRoutine(RTN rtn, VOID *)
{
if (RTN_Name(rtn) == "DoXmm")
{
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
if (INS_Opcode(ins)==XED_ICLASS_MOVDQA)
{
fprintf (fp, "instrumenting ins %p %s\n", (void *)INS_Address(ins), INS_Disassemble(ins).c_str());
instrumentedMovdqa = TRUE;
INS_InsertCall(ins, IPOINT_AFTER, (AFUNPTR)SetXmmScratchesFun, IARG_PTR, xmmInitVals, IARG_END);
ipAfterMovdqa = INS_Address(INS_Next(ins));
fprintf (fp, "ipAfterMovdqa ins %p %s\n", (void *)ipAfterMovdqa, INS_Disassemble(INS_Next(ins)).c_str());
fflush (fp);
}
}
RTN_Close(rtn);
}
}
VOID Routine(RTN rtn, VOID *v) {
std::string name = PIN_UndecorateSymbolName(RTN_Name(rtn).c_str(),
UNDECORATION_NAME_ONLY);
std::vector<std::string>::iterator it;
for (it = userFuncs.begin(); it != userFuncs.end(); ++it) {
std::string userFunc = *it;
if (name.find(userFunc) == std::string::npos) continue;
RTN_Open(rtn);
// For each instruction of the routine
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins)) {
UINT32 memOperands = INS_MemoryOperandCount(ins);
// Iterate over each memory operand of the instruction.
for (UINT32 memOp = 0; memOp < memOperands; memOp++) {
if (INS_IsStackRead(ins) || INS_IsStackWrite(ins))
break;
if (INS_MemoryOperandIsRead(ins, memOp)) {
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemRead,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp, IARG_THREAD_ID,
IARG_END);
}
if (INS_MemoryOperandIsWritten(ins, memOp)) {
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp, IARG_THREAD_ID,
IARG_END);
}
}
}
RTN_Close(rtn);
}
}
VOID Image(IMG img, VOID *v)
{
// Instrument the memcpy() function. Print the input argument f each memcpy().
// Find the memcpy() function.
RTN memcpyRtn = RTN_FindByName(img, "memcpy");
if (RTN_Valid(memcpyRtn))
{
if (SYM_IFunc(RTN_Sym(memcpyRtn)))
{
TraceFile << "Ifunc memcpy" << endl;
PROTO proto_ifunc_memcpy = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
"memcpy", PIN_PARG_END() );
actual_memcpy_add= RTN_Address(memcpyRtn);
RTN_ReplaceSignature(
memcpyRtn, AFUNPTR( IfuncMemcpyWrapper ),
IARG_PROTOTYPE, proto_ifunc_memcpy,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_END);
}
else
{
RTN_Open(memcpyRtn);
TraceFile << "Normal memcpy" << endl;
// Instrument memcpy() to print the input argument value and the return value.
RTN_InsertCall(memcpyRtn, IPOINT_BEFORE, (AFUNPTR)MemcpyBefore,
IARG_ADDRINT, "memcpy (normal)",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(memcpyRtn);
}
}
void inst_func_summary(IMG img)
{
for (int i=0; i< sizeof(summary_table)/sizeof(summary_table[0]);i++)
{
if(IMG_Name(img).find(summary_table[i].lib_name)!=string::npos)
{
RTN summary_func;
out<<"find summary dll"<<endl;
summary_func = RTN_FindByName(img, summary_table[i].func_name.c_str());//summary_table[i].func_name);
if (RTN_Valid(summary_func))
{
RTN_Open(summary_func);
out << "function summary: "<<endl;
out << " Image: " << IMG_Name(img).c_str() << " Func: " << summary_table[i].func_name << endl;
RTN_InsertCall(summary_func, IPOINT_BEFORE, (AFUNPTR)funcbegin,
IARG_ADDRINT,& (summary_table[i]),IARG_REG_VALUE, REG_STACK_PTR ,IARG_RETURN_REGS, REG_INST_G0,IARG_END);
RTN_InsertCall(summary_func, IPOINT_AFTER, (AFUNPTR)funcend,
IARG_ADDRINT,& (summary_table[i]),IARG_FUNCRET_EXITPOINT_VALUE ,IARG_RETURN_REGS, REG_INST_G0,IARG_END);
RTN_Close(summary_func);
}
}
}
}
VOID Image(IMG img, void *v)
{
RTN rtn = RTN_FindByName(img, "Replaced");
if (RTN_Valid(rtn))
{
PROTO proto = PROTO_Allocate(PIN_PARG(int), CALLINGSTD_DEFAULT, "Replaced", PIN_PARG_END());
RTN_ReplaceSignature(rtn, AFUNPTR(REPLACE_Replaced),
IARG_PROTOTYPE, proto,
(KnobUseIargConstContext)?IARG_CONST_CONTEXT:IARG_CONTEXT,
IARG_THREAD_ID,
IARG_ORIG_FUNCPTR,
IARG_END);
PROTO_Free(proto);
}
rtn = RTN_FindByName(img, "Inner");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(AtInner), IARG_REG_VALUE, scratchReg, IARG_END);
RTN_Close(rtn);
}
}
/* ===================================================================== */
VOID Image (IMG img, void *dummy)
{
RTN rtn;
RTN rtn1 = RTN_FindByName(img, "_RepAppAtIpointAfterStarted");
RTN rtn2 = RTN_FindByName(img, "RepAppAtIpointAfterStarted");
if (RTN_Valid(rtn1))
{
rtn = rtn1;
}
else
{
rtn = rtn2;
}
if (RTN_Valid(rtn))
{
printf ("Found %s\n", RTN_Name(rtn).c_str());
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(ToolRepAppAtIpointAfterStarted), IARG_END);
RTN_Close(rtn);
}
}
VOID ImageLoad(IMG img, VOID *v)
{
if (inMain)
{
cout << "Loaded " << IMG_Name(img) << endl;
}
if (IMG_IsMainExecutable(img))
{
RTN mainRtn = RTN_FindByName(img, "_main");
if (!RTN_Valid(mainRtn))
mainRtn = RTN_FindByName(img, "main");
if (!RTN_Valid(mainRtn))
{
cout << "Can't find the main routine in " << IMG_Name(img) << endl;
exit(1);
}
RTN_Open(mainRtn);
RTN_InsertCall(mainRtn, IPOINT_BEFORE, AFUNPTR(MainBefore), IARG_END);
RTN_InsertCall(mainRtn, IPOINT_AFTER, AFUNPTR(MainAfter), IARG_END);
RTN_Close(mainRtn);
}
}
void TraceManager::InstApply(IMG img)
{
DBG_TRACE("before check");
DBG_TRACE(IMG_Name(img));
if(mySpec==NULL){
cerr<<"Spec manager is Null"<<endl;
return;
}
string imgname=ImageTrim(IMG_Name(img));
cerr<<imgname<<endl;
/*!!!
if(imgname.compare(MPI_LIB)==0)
{
//if the module is mpi dll then
//MpiInst(img);
return;
}
*/
//for rest of the modules it goes ahead here
//checks if it's to be instrumented
//leaves if it's not suppose to be
if(!mySpec->InstImage(imgname))
{
DBG_TRACE("Not to be instrumented");
return;
}
//cerr<<"After approved for image inst"<<endl;
//Start enumarting all the routines in the image to be instrumented
SEC temp=IMG_SecHead(img);
while(SEC_Valid(temp))
{
//we pick only executable code segment
if(SEC_Type(temp)==SEC_TYPE_EXEC){
RTN myrtn=SEC_RtnHead(temp);
DBG_TRACE("RTNs to be instrumented");
while(RTN_Valid(myrtn))
{
DBG_TRACE(RTN_Name(myrtn));
//cerr<<RTN_Name(myrtn)<<endl;
if(IsMpiRtn(RTN_Name(myrtn)))
{
#ifndef NOMPI
MpiInstRtn(myrtn);
#endif
myrtn=RTN_Next(myrtn);
continue;
}
if(RTN_Name(myrtn).length()==0 || !IsInstSafe(RTN_Name(myrtn)))
{
myrtn=RTN_Next(myrtn);
continue;
}
if(mySpec->InstRtn(RTN_Name(myrtn),imgname))
{
//if the routine is to be instrumented
//apply the instrumentation here
RTN_Open(myrtn);
if(!IsNormal(myrtn))
{
RTN_Close(myrtn);
myrtn=RTN_Next(myrtn);
continue;
}
//DBG_TRACE(RTN_Name(myrtn));
RtnTrack * brtntr = new RtnTrack;
brtntr->img=imgname;
brtntr->rtn=RTN_Name(myrtn);
brtntr->stage=0;
brtntr->flag=mySpec->GetProfileFlag(brtntr->rtn,brtntr->img);
//insert the instrumentation at the exit point
RTN_InsertCall(myrtn, IPOINT_AFTER, (AFUNPTR)HookHandleAfter, IARG_PTR ,brtntr, IARG_END);
//RTN_InsertCallProbed(myrtn, IPOINT_AFTER, (AFUNPTR)HookHandleAfter, IARG_PTR ,brtntr, IARG_END);
//insert the instrumentation at the entry point
RTN_InsertCall(myrtn, IPOINT_BEFORE, (AFUNPTR)HookHandleBefore, IARG_PTR ,brtntr, IARG_END);
//RTN_InsertCallProbed(myrtn, IPOINT_BEFORE, (AFUNPTR)HookHandleBefore, IARG_PTR ,brtntr, IARG_END);
//cerr<<"Name::"<<RTN_Name(myrtn)<<" Start::"<<RTN_Address(myrtn)<<" End::"<<RTN_Address(myrtn)+RTN_Size(myrtn)<<endl;
RTN_Close(myrtn);
}
myrtn=RTN_Next(myrtn);
}
}
temp=SEC_Next(temp);
}
}
int rtn_close (lua_State *L) {
RTN* v1 = check_rtn(L,1);
RTN_Close(*v1);
return 0;
}
VOID instrumentImage( IMG img, VOID *v ) {
for ( SEC sec = IMG_SecHead( img ); SEC_Valid( sec ); sec = SEC_Next( sec ) ) {
for ( RTN rtn = SEC_RtnHead( sec ); RTN_Valid( rtn ); rtn = RTN_Next( rtn ) ) {
const char *rtnName = RTN_Name( rtn ).c_str();
if ( strstr( rtnName, "__parsec_roi_begin" ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) setStartReached, IARG_THREAD_ID,
IARG_END );
RTN_Close( rtn );
} else if ( strstr( rtnName, "__parsec_roi_end" ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) setEndReached, IARG_THREAD_ID,
IARG_END );
RTN_Close( rtn );
} else if ( RTN_Name( rtn ) == "malloc" ) { // in g++, new does not call malloc()
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeMalloc, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, // size requested
IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterMalloc, IARG_THREAD_ID,
IARG_FUNCRET_EXITPOINT_VALUE, // pointer to allocation
IARG_END );
RTN_Close( rtn );
} else if ( RTN_Name( rtn ) == "_Znwm" ) { // g++'s new
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeMalloc, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, // size requested
IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterMalloc, IARG_THREAD_ID,
IARG_FUNCRET_EXITPOINT_VALUE, // pointer to allocation
IARG_END );
RTN_Close( rtn );
} else if ( RTN_Name( rtn ) == "free" ) { // in g++, delete does not call free()
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeFree, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, // pointer to free
IARG_END );
RTN_Close( rtn );
} else if ( RTN_Name( rtn ) == "_ZdlPv" ) { // g++'s delete
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeFree, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, // pointer to free
IARG_END );
RTN_Close( rtn );
} else if ( strstr( rtnName, "pthread_self" ) ) {
assert( RTN_Valid(rtn) );
realPthreadSelf = (AFUNPTR) RTN_Address( rtn );
} else if ( strstr( rtnName, "pthread_create" ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforePthreadCreate,
IARG_THREAD_ID, //
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, // the pthread_t*
IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterPthreadCreate, IARG_THREAD_ID,
IARG_END );
RTN_Close( rtn );
} else if ( strstr( rtnName, "pthread_join" ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeJoin, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterJoin, IARG_THREAD_ID, IARG_END );
RTN_Close( rtn );
} else if ( isLikeLockAcquire( rtnName ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeLockAcquire, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterLockAcquire, IARG_THREAD_ID,
IARG_END );
RTN_Close( rtn );
} else if ( strstr( rtnName, "pthread_mutex_trylock" ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeTrylock, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END );
RTN_InsertCall( rtn, IPOINT_AFTER, (AFUNPTR) afterTrylock, IARG_THREAD_ID,
IARG_FUNCRET_EXITPOINT_VALUE, IARG_END );
RTN_Close( rtn );
} else if ( isLikeLockRelease( rtnName ) ) {
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) beforeLockRelease, IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END );
RTN_Close( rtn );
} else {
// see threadBegin() for why we need to instrument all function calls
RTN_Open( rtn );
RTN_InsertCall( rtn, IPOINT_BEFORE, (AFUNPTR) startFunctionCall, IARG_THREAD_ID,
IARG_CONTEXT, IARG_END );
RTN_Close( rtn );
}
// TODO: pthread_mutex_timedlock, reader-writer locks
} // for RTN
} // for SEC
} // end instrumentImage()
int main(INT32 argc, CHAR **argv)
{
PIN_InitSymbols();
if( PIN_Init(argc,argv) )
{
return Usage();
}
IMG img = IMG_Open(KnobInputFile);
if (!IMG_Valid(img))
{
std::cout << "Could not open " << KnobInputFile.Value() << endl;
exit(1);
}
std::cout << hex;
rtnInternalRangeList.clear();
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
std::cout << "Section: " << setw(8) << SEC_Address(sec) << " " << SEC_Name(sec) << endl;
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
std::cout << " Rtn: " << setw(8) << hex << RTN_Address(rtn) << " " << RTN_Name(rtn) << endl;
string path;
INT32 line;
PIN_GetSourceLocation(RTN_Address(rtn), NULL, &line, &path);
if (path != "")
{
std::cout << "File " << path << " Line " << line << endl;
}
RTN_Open(rtn);
if (!INS_Valid(RTN_InsHead(rtn)))
{
RTN_Close(rtn);
continue;
}
RTN_INTERNAL_RANGE rtnInternalRange;
rtnInternalRange.start = INS_Address(RTN_InsHead(rtn));
rtnInternalRange.end
= INS_Address(RTN_InsHead(rtn)) + INS_Size(RTN_InsHead(rtn));
INS lastIns = INS_Invalid();
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
std::cout << " " << setw(8) << hex << INS_Address(ins) << " " << INS_Disassemble(ins) << endl;
if (INS_Valid(lastIns))
{
if ((INS_Address(lastIns) + INS_Size(lastIns)) == INS_Address(ins))
{
rtnInternalRange.end = INS_Address(ins)+INS_Size(ins);
}
else
{
rtnInternalRangeList.push_back(rtnInternalRange);
std::cout << " rtnInternalRangeList.push_back " << setw(8) << hex << rtnInternalRange.start << " " << setw(8) << hex << rtnInternalRange.end << endl;
// make sure this ins has not already appeared in this RTN
for (vector<RTN_INTERNAL_RANGE>::iterator ri = rtnInternalRangeList.begin(); ri != rtnInternalRangeList.end(); ri++)
{
if ((INS_Address(ins) >= ri->start) && (INS_Address(ins)<ri->end))
{
std::cout << "***Error - above instruction already appeared in this RTN\n";
std::cout << " in rtnInternalRangeList " << setw(8) << hex << ri->start << " " << setw(8) << hex << ri->end << endl;
exit (1);
}
}
rtnInternalRange.start = INS_Address(ins);
rtnInternalRange.end = INS_Address(ins) + INS_Size(ins);
}
}
lastIns = ins;
}
RTN_Close(rtn);
rtnInternalRangeList.clear();
}
}
IMG_Close(img);
}
VOID Image(IMG img, VOID *v)
{
// Find main. We won't do anything before main starts.
RTN rtn = RTN_FindByName(img, "main");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)callBeforeMain, IARG_END);
// RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)callAfterMain, IARG_END);
RTN_Close(rtn);
}
// iterate all rtn
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
// printf (" Rtn: %s\n", RTN_Name(rtn).c_str());
RTN_Open(rtn);
const char * rtnName = StripPath(RTN_Name(rtn).c_str());
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)RTNEntry,
IARG_ADDRINT, rtnName, IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)RTNExit,
IARG_ADDRINT, rtnName, IARG_END);
RTN_Close(rtn);
}
}
// Instrument the malloc() and free() functions. Print the input argument
// of each malloc() or free(), and the return value of malloc().
//
// Find the malloc() function.
RTN mallocRtn = RTN_FindByName(img, MALLOC);
if (RTN_Valid(mallocRtn))
{
RTN_Open(mallocRtn);
const char * imageName = StripPath(IMG_Name(SEC_Img(RTN_Sec(mallocRtn))).c_str());
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)MallocBefore,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_ADDRINT, imageName,
IARG_END);
RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
RTN_Close(mallocRtn);
}
// Find the free() function.
RTN freeRtn = RTN_FindByName(img, FREE);
if (RTN_Valid(freeRtn))
{
RTN_Open(freeRtn);
// Instrument free() to print the input argument value.
RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)FreeBefore,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
}
void report_section_structure(SEC sec, int depth ){
BOOL S1 = LEVEL_PINCLIENT::SEC_Valid (sec);
string S2 = LEVEL_PINCLIENT::SEC_Name (sec);
SEC_TYPE S3 = LEVEL_PINCLIENT::SEC_Type (sec);
BOOL S4 = LEVEL_PINCLIENT::SEC_Mapped (sec);
ADDRINT S5 = LEVEL_PINCLIENT::SEC_Address (sec);
BOOL S6 = LEVEL_PINCLIENT::SEC_IsReadable (sec);
BOOL S7 = LEVEL_PINCLIENT::SEC_IsWriteable (sec);
BOOL S8 = LEVEL_PINCLIENT::SEC_IsExecutable (sec);
USIZE S9 = LEVEL_PINCLIENT::SEC_Size (sec);
char sec_type[128];
int k;
switch ( S3 ){
case SEC_TYPE_REGREL :
strcpy( sec_type, "relocations" );
break;
case SEC_TYPE_DYNREL:
strcpy( sec_type, "dynamic-relocations" );
break;
case SEC_TYPE_EXEC:
strcpy( sec_type, "contains-code" );
break;
case SEC_TYPE_DATA:
strcpy( sec_type, "contains-initialized-data" );
break;
case SEC_TYPE_LSDA:
strcpy( sec_type, "old-exception_info-obsolete" );
break;
case SEC_TYPE_BSS:
strcpy( sec_type, "contains-uninitialized-data" );
break;
case SEC_TYPE_LOOS:
strcpy( sec_type, "OS-specific" );
break;
case SEC_TYPE_USER:
strcpy( sec_type, "Application-specific" );
break;
default:
strcpy( sec_type, "UNKNOWN" );
break;
}
for ( k = 0; k< depth ; k ++ )
TraceFile << "\t" ;
TraceFile << "<SECTION>S1:" << S1 << " S2:" << S2 << " S3:" << S3 << " S4:" << S4 << " S5:" << S5 << " S6:" << S6 << " S7:" << S7 << " S8:" << S8 << " S9:" << S9 << " Stype:" << sec_type << endl;
for( RTN rtn= SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn) ){
report_routine_structure( rtn, depth + 1 );
string R1 = LEVEL_PINCLIENT::RTN_Name (rtn );
/* string undFuncName = PIN_UndecorateSymbolName(SYM_Name(R2), UNDECORATION_NAME_ONLY);*/
//RTN allocRtn = RTN_FindByAddress(IMG_LowAddress(img) + SYM_Value(sym));
if (R1 == "_printf"){ /* have to check '__' entry for symbols */
RTN_Open( rtn );
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)pre_printf,
IARG_ADDRINT, "THECALL:::printf",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)post_printf,
IARG_ADDRINT, "THECALL:::printf",
IARG_FUNCRET_EXITPOINT_VALUE, //REFERENCE,
IARG_END);
RTN_Close( rtn );
printf( ">>>>>>>>>>>>>>>>>>>>>>>> printf" );}
if (R1 == "_fopen"){ /* have to check '__' entry for symbols */
RTN_Open( rtn );
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)pre_fopen,
IARG_ADDRINT, "THECALL:::fopen",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)post_fopen,
IARG_ADDRINT, "THECALL:::fopen",
IARG_FUNCRET_EXITPOINT_VALUE, //REFERENCE,
IARG_END);
RTN_Close( rtn );
printf( ">>>>>>>>>>>>>>>>>>>>>>>> fopen" );}
}
for ( k = 0; k< depth ; k ++ )
TraceFile << "\t" ;
TraceFile << "</SECTION>" << endl;
}
VOID Image(IMG img, VOID *v)
{
RTN fixed_pim_b = RTN_FindByName(img, DUMMY_FIXED_PIM_B);
if (RTN_Valid(fixed_pim_b))
{
RTN_Open(fixed_pim_b);
// Instrument DUMMY_FIXED_PIM_B
RTN_InsertCall(fixed_pim_b, IPOINT_AFTER, (AFUNPTR)fixed_pim_flag_set1,
IARG_END);
RTN_Close(fixed_pim_b);
}
RTN fixed_pim_e = RTN_FindByName(img, DUMMY_FIXED_PIM_E);
if (RTN_Valid(fixed_pim_e))
{
RTN_Open(fixed_pim_e);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(fixed_pim_e, IPOINT_AFTER, (AFUNPTR) fixed_pim_flag_set2,
IARG_END);
RTN_Close(fixed_pim_e);
}
RTN gen_pim_b = RTN_FindByName(img, DUMMY_GEN_PIM_B);
if (RTN_Valid(gen_pim_b))
{
RTN_Open(gen_pim_b);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(gen_pim_b , IPOINT_AFTER, (AFUNPTR)gen_pim_flag_set1,
IARG_END);
RTN_Close(gen_pim_b);
}
RTN gen_pim_e = RTN_FindByName(img, DUMMY_GEN_PIM_E);
if (RTN_Valid(gen_pim_e))
{
RTN_Open(gen_pim_e);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(gen_pim_e, IPOINT_AFTER, (AFUNPTR)gen_pim_flag_set2,
IARG_END);
RTN_Close(gen_pim_e);
}
/*
UINT32 count = 0;
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
// Prepare for processing of RTN, an RTN is not broken up into BBLs,
// it is merely a sequence of INSs
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
count++;
}
// to preserve space, release data associated with RTN after we have processed it
RTN_Close(rtn);
}
}
fprintf(stderr, "Image %s has %d instructions\n", IMG_Name(img).c_str(), count);
*/
}
VOID Image(IMG img, VOID *v)
{
#ifdef HEAP
// Instrument the malloc() and free() functions. Print the input argument
// of each malloc() or free(), and the return value of malloc().
//
// 1. Find the malloc() function.
RTN mallocRtn = RTN_FindByName(img, MALLOC);
if (RTN_Valid(mallocRtn))
{
RTN_Open(mallocRtn);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)AllocSize,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)AllocAddress,
IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
RTN_Close(mallocRtn);
}
// 2. Find the free() function.
RTN freeRtn = RTN_FindByName(img, FREE);
if (RTN_Valid(freeRtn))
{
RTN_Open(freeRtn);
// Instrument free() to print the input argument value.
RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)DeallocAddress,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
#endif
#ifdef STACK
// 3. Visit all routines to collect frame size
for( SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec) )
{
for( RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn) )
{
RTN_Open(rtn);
// collect user functions as well as their addresses
ADDRINT fAddr = RTN_Address(rtn);
string szFunc = RTN_Name(rtn);
g_hAddr2Name[fAddr] = szFunc;
//cerr << fAddr << ":\t" << szFunc << endl;
//bool bFound = false;
for(INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins) )
{
// collecting stack size according to "SUB 0x20, %esp" or "ADD 0xffffffe0, %esp"
if( INS_Opcode(ins) == XED_ICLASS_SUB &&
INS_OperandIsReg(ins, 0 ) && INS_OperandReg(ins, 0) == REG_STACK_PTR &&
INS_OperandIsImmediate(ins, 1) )
{
int nOffset = INS_OperandImmediate(ins, 1);
if(nOffset < 0 )
{
nOffset = -nOffset;
}
g_hFunc2FrameSize[fAddr] = nOffset;
//bFound = true;
break;
}
if( INS_Opcode(ins) == XED_ICLASS_ADD &&
INS_OperandIsReg(ins, 0 ) && INS_OperandReg(ins, 0) == REG_STACK_PTR &&
INS_OperandIsImmediate(ins, 1) )
{
int nOffset = INS_OperandImmediate(ins, 1);
if(nOffset < 0 )
{
nOffset = -nOffset;
}
g_hFunc2FrameSize[fAddr] = nOffset;
//bFound = true;
break;
}
}
//if( !bFound )
// g_hFunc2FrameSize[fAddr] = 0;
RTN_Close(rtn);
}
}
#endif
}
static void InstrumentRtn(RTN rtn, VOID *)
{
if (RTN_Name(rtn) == "TellPinThreadCount" || RTN_Name(rtn) == "_TellPinThreadCount")
{
FoundThreadCountFunc = TRUE;
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(GetThreadCount),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(rtn);
}
if (RTN_Name(rtn) == "InstrumentedWithPin" || RTN_Name(rtn) == "_InstrumentedWithPin")
{
FoundTestFunc = TRUE;
RTN_Open(rtn);
switch (TestType)
{
case TEST_LOCK_INTEGRITY:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestLockIntegrity),
IARG_THREAD_ID,
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_LOCK_STRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestLockStress),
IARG_THREAD_ID,
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_MUTEX_INTEGRITY:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestMutexIntegrity),
IARG_THREAD_ID,
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_MUTEX_STRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestMutexStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_MUTEX_TRYSTRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestMutexTryStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_WRITER_INTEGRITY:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestWriterIntegrity),
IARG_THREAD_ID,
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_WRITER_STRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestWriterStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_WRITER_TRYSTRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestWriterTryStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_READER_STRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestReaderStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_READER_TRYSTRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestReaderTryStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_RW_INTEGRITY:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestReaderWriterIntegrity),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_RW_STRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestReaderWriterStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_RW_TRYSTRESS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestReaderWriterTryStress),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_SEMAPHORE:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestSemaphore),
IARG_REG_VALUE, RegThreadInfo,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
case TEST_TRYLOCKS:
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoTestTryLocks),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
break;
default:
ASSERTX(0);
}
RTN_Close(rtn);
}
}
/* ===================================================================== */
VOID Image(IMG img, VOID *v){
for (UINT16 i = 0; i < n_excluded_lib_names; i++)
{
if (IMG_Name(img).find(excluded_lib_names[i]) != string::npos){
cout << "Excluded module: " << IMG_Name(img) << endl;
return;
}
}
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec)){
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn)) {
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins)) {
// Avoid instrumenting the instrumentation
if (!INS_IsOriginal(ins))
continue;
if(!SeqProgram) {
if ((INS_IsMemoryWrite(ins) || INS_IsMemoryRead(ins)) && INS_HasFallThrough(ins)) {
if (INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_MEMORYREAD_EA,
IARG_MEMORYREAD2_EA,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
!INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_MEMORYREAD_EA,
IARG_ADDRINT, 0,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins) && !INS_IsMemoryRead(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_ADDRINT, 0,
IARG_ADDRINT, 0,
IARG_INST_PTR,
IARG_END);
}
else if (!INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_ADDRINT, 0,
IARG_MEMORYREAD_EA,
IARG_MEMORYREAD2_EA,
IARG_INST_PTR,
IARG_END);
}
else if (!INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
!INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_ADDRINT, 0,
IARG_MEMORYREAD_EA,
IARG_ADDRINT,0,
IARG_INST_PTR,
IARG_END);
}
else { //not a memory opeartion
ASSERTX(0);
}
}
}
else {
if(INS_IsBranch(ins)){
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessBranch,
IARG_BRANCH_TAKEN, IARG_INST_PTR, IARG_END);
}
}
}
RTN_Close(rtn);
}
}
}
VOID Image(IMG img, VOID *v)
{
RTN cfwRtn = RTN_FindByName(img, "RegOpenKeyExW");
if (RTN_Valid(cfwRtn))
{
RTN_Open(cfwRtn);
RTN_InsertCall(cfwRtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_RegOpenKey,
IARG_ADDRINT, "RegOpenKeyExW",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(cfwRtn);
}
cfwRtn = RTN_FindByName(img, "GetFileAttributesA");
if (RTN_Valid(cfwRtn))
{
RTN_Open(cfwRtn);
RTN_InsertCall(cfwRtn, IPOINT_BEFORE, (AFUNPTR)checkGetFileAttributes,
IARG_ADDRINT, "GetFileAttributesA",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_END);
RTN_Close(cfwRtn);
}
cfwRtn = RTN_FindByName(img, "RegQueryValueExW");
if (RTN_Valid(cfwRtn))
{
RTN_Open(cfwRtn);
RTN_InsertCall(cfwRtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_RegQueryKey,
IARG_ADDRINT, "RegQueryValueExW",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_END);
RTN_Close(cfwRtn);
}
/*
cfwRtn = RTN_FindByName(img, "FindWindow");
if (RTN_Valid(cfwRtn))
{
RTN_Open(cfwRtn);
RTN_InsertCall(cfwRtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_FindWindow,
IARG_ADDRINT, "FindWindow",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(cfwRtn);
}*/
/* checks for SeDebug*/
cfwRtn = RTN_FindByName(img, "OpenProcess");
if (RTN_Valid(cfwRtn))
{
RTN_Open(cfwRtn);
RTN_InsertCall(cfwRtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_Process,
IARG_ADDRINT, "OpenProcess",
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(cfwRtn);
}
}
// This function is called before every instruction is executed
VOID instrument_routine(RTN rtn, void *ip)
{
string name = RTN_Name(rtn);
if(name == "ivan")
{
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
int opCount = INS_OperandCount(ins);
int opcode = INS_Opcode(ins);
if(INS_IsMemoryRead(ins))
{
for(int i = 0; i< opCount; i++)
{
if(INS_MemoryOperandIsRead(ins,i))
{
/*
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)RecordMemRead,IARG_PTR,ins,
IARG_INST_PTR,
IARG_MEMORYOP_EA, i,
IARG_END);
*/
cout<<"opcode:"<<INS_Opcode(ins)<<", mnemonic: "<<INS_Mnemonic(ins)<<endl;
if(INS_Opcode(ins)!= XED_ICLASS_RET_NEAR)
{
REG scratchReg = GetScratchReg(i);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(GetMemAddress),
IARG_MEMORYOP_EA, i, IARG_RETURN_REGS, scratchReg, IARG_END);
INS_RewriteMemoryOperand(ins, i, scratchReg);
}
}
}
}
if(INS_IsMemoryWrite(ins))
{
for(int i = 0; i< opCount; i++)
{
/*
if(INS_OperandIsImmediate(ins,i))
{
cout<<"immediate "<<INS_OperandImmediate(ins,i)<<endl;
}
*/
if(INS_MemoryOperandIsWritten(ins,i) && INS_HasFallThrough(ins))
{
/*
INS_InsertCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_MEMORYOP_EA, i,
IARG_END);
INS_InsertCall(
ins, IPOINT_AFTER, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_MEMORYOP_EA, i,
IARG_END);
*/
if(opcode != XED_ICLASS_PUSH)
{
REG scratchReg = GetScratchReg(i);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(GetMemAddress),
IARG_MEMORYOP_EA, i, IARG_RETURN_REGS, scratchReg, IARG_END);
INS_RewriteMemoryOperand(ins, i, scratchReg);
}
}
}
}
}
RTN_Close(rtn);
}
}
static VOID InsertInline(RTN rtn)
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(Inline), IARG_END);
RTN_Close(rtn);
}
VOID Routine(RTN rtn, VOID *v)
{
RTNNAME *rc = new RTNNAME;
rc->_name = RTN_Name(rtn);
if(rc->_name == "RegOpenKeyExW"){
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_RegOpenKey,
IARG_ADDRINT, "RegOpenKeyExW",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(rtn);
}
if(rc->_name == "RegQueryValueExW")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_RegQueryKey,
IARG_ADDRINT, "RegQueryValueExW",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_END);
RTN_Close(rtn);
}
/* checks for SeDebug*/
if (rc->_name == "OpenProcess")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)PrintArguments_Process,
IARG_ADDRINT, "OpenProcess",
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(rtn);
}
// Checks for Debugger
if(rc->_name == "IsDebuggerPresent" && isdebuggerpresent == 0){
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)checkIsDebuggerPresent,
IARG_ADDRINT, "IsDebuggerPresent",
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(rtn);
}
if(rc->_name == "CheckRemoteDebuggerPresent" && checkremote == 0){
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)checkIsRemoteDebuggerPresent,
IARG_ADDRINT, "CheckRemoteDebuggerPresent",
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(rtn);
}
if(rc->_name == "SetUnhandledExceptionFilter" && SetUnhandledExceptionFilter == 0){
//TraceAntiDebug << "debugger, api, \"SetUnhandledExceptionFilter\"\n";
SetUnhandledExceptionFilter = 1;
}
if(rc->_name == "BlockInput" && blockInput == 0){
//TraceAntiDebug << "debugger, api, \"blockInput\"\n";
blockInput = 1;
}
}
static VOID InsertBridge(RTN rtn)
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(Bridge), IARG_BRIDGE, IARG_END);
RTN_Close(rtn);
}