static VOID Image(IMG img, VOID *v)
{
if (foundReplayException && foundReadyForException)
return;
// hook the functions in the image. If these functions are called then it means
// that pin has not lost control.
RTN rtn = RTN_FindByName(img, "ReplayException");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(reRaiseException), IARG_THREAD_ID, IARG_END);
RTN_Close(rtn);
foundReplayException = TRUE;
}
rtn = RTN_FindByName(img, "ReadyForExceptionFromAppMain");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ToolReadyForExceptionFromAppMain), IARG_END);
RTN_Close(rtn);
foundReadyForException = TRUE;
}
}
/*!
* RTN instrumentation routine.
*/
static VOID InstrumentRoutine(RTN rtn, VOID *)
{
if (RTN_Name(rtn) == "IsToolPresent")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnIsToolPresent),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_Close(rtn);
}
else if (RTN_Name(rtn) == "SleepInTool")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnSleepInTool),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_Close(rtn);
}
else if (RTN_Name(rtn) == "DoFlush")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnDoFlush), IARG_END);
RTN_Close(rtn);
}
else if (RTN_Name(rtn) == "CheckFlush")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnCheckFlush), IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_Close(rtn);
}
}
static VOID OnImage(IMG img, VOID *)
{
#if defined(TARGET_MAC)
RTN rtn = RTN_FindByName(img, "_ReplaySignal1");
#else
RTN rtn = RTN_FindByName(img, "ReplaySignal1");
#endif
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ReplayHandled), IARG_THREAD_ID, IARG_CONTEXT, IARG_END);
RTN_Close(rtn);
}
#if defined(TARGET_MAC)
rtn = RTN_FindByName(img, "_ReplaySignal2");
#else
rtn = RTN_FindByName(img, "ReplaySignal2");
#endif
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ReplayFatal), IARG_THREAD_ID, IARG_CONTEXT, IARG_END);
RTN_Close(rtn);
}
}
VOID Image(IMG img, VOID *v)
{
// Instrument the malloc() and free() functions. Print the input argument
// of each malloc() or free(), and the return value of malloc().
//
// Find the malloc() function.
RTN mallocRtn = RTN_FindByName(img, MALLOC);
if (RTN_Valid(mallocRtn))
{
RTN_Open(mallocRtn);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
IARG_ADDRINT, MALLOC,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
RTN_Close(mallocRtn);
}
// Find the free() function.
RTN freeRtn = RTN_FindByName(img, FREE);
if (RTN_Valid(freeRtn))
{
RTN_Open(freeRtn);
// Instrument free() to print the input argument value.
RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
IARG_ADDRINT, FREE,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
}
VOID Image(IMG img, VOID *v)
{
// hook the functions in the image. If these functions are called then it means
// that pin has not lost control.
RTN rtn = RTN_FindByName(img, "PinVerifyInTry");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInTry), IARG_END);
RTN_Close(rtn);
}
rtn = RTN_FindByName(img, "PinVerifyInCatch");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInCatch), IARG_END);
RTN_Close(rtn);
}
rtn = RTN_FindByName(img, "PinVerifyAfterCatch");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyAfterCatch), IARG_END);
RTN_Close(rtn);
}
rtn = RTN_FindByName(img, "PinVerifyInDestructor");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInDestructor), IARG_END);
RTN_Close(rtn);
}
}
VOID Image(IMG img, VOID *v)
{
RTN mmapRtn = RTN_FindByName(img, FUNC_PREFIX "mmap");
if (RTN_Valid(mmapRtn))
{
RTN_Open(mmapRtn);
RTN_InsertCall(mmapRtn, IPOINT_BEFORE, AFUNPTR(MmapArgs), IARG_RETURN_IP, IARG_G_ARG0_CALLEE, IARG_G_ARG1_CALLEE, IARG_G_ARG2_CALLEE, IARG_G_ARG3_CALLEE, IARG_G_ARG4_CALLEE, IARG_G_ARG5_CALLEE, IARG_END);
RTN_Close(mmapRtn);
}
RTN foobarRtn = RTN_FindByName(img, FUNC_PREFIX "foobar");
if (RTN_Valid(foobarRtn))
{
foobarAddress = RTN_Address(foobarRtn);
RTN_Open(foobarRtn);
RTN_InsertCall(foobarRtn, IPOINT_BEFORE, AFUNPTR(FoobarArgs), IARG_G_ARG0_CALLEE, IARG_G_ARG1_CALLEE, IARG_END);
RTN_Close(foobarRtn);
}
RTN bazRtn = RTN_FindByName(img, FUNC_PREFIX "baz");
if (RTN_Valid(bazRtn))
{
RTN_Open(bazRtn);
RTN_InsertCall(bazRtn, IPOINT_BEFORE, AFUNPTR(BazArg), IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0, IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1, IARG_FUNCARG_ENTRYPOINT_REFERENCE, 2, IARG_END);
RTN_Close(bazRtn);
}
}
VOID Image(IMG img, VOID *v)
{
// Skip all images, but kernel32.dll
if (!CmpBaseImageName(IMG_Name(img), "kernel32.dll"))
{
return;
}
// hook the functions in the image. If these functions are called then it means
// that pin has not lost control.
RTN rtn = RTN_FindByName(img, "OutputDebugStringA");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforeOutputDebugString), IARG_END);
RTN_Close(rtn);
}
rtn = RTN_FindByName(img, "OutputDebugStringW");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforeOutputDebugString), IARG_END);
RTN_Close(rtn);
}
}
// When an image is loaded, check for a MyAlloc function
VOID Image(IMG img, VOID *v)
{
//fprintf(stderr, "Loading %s\n",IMG_name(img));
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
//fprintf(stderr, " sec %s\n", SEC_name(sec).c_str());
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
//fprintf(stderr, " rtn %s\n", RTN_name(rtn).c_str());
// Swizzle the return value of MyAlloc
if (RTN_Name(rtn) == "MyAlloc")
{
RTN_Open(rtn);
fprintf(stderr, "Adding Swizzle to %s\n", "MyAlloc");
RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(SwizzleRef), IARG_FUNCRET_EXITPOINT_REFERENCE, IARG_END);
RTN_Close(rtn);
}
if (RTN_Name(rtn) == "MyFree")
{
RTN_Open(rtn);
fprintf(stderr, "Adding SwizzleArg to %s\n", "MyFree");
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(UnswizzleRef), IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0, IARG_END);
RTN_Close(rtn);
}
}
}
}
VOID Image(IMG img, VOID *v)
{
RTN mallocRtn = RTN_FindByName(img, "malloc");
RTN freeRtn = RTN_FindByName(img, "free");
if (RTN_Valid(mallocRtn)){
RTN_Open(mallocRtn);
RTN_InsertCall(
mallocRtn,
IPOINT_BEFORE, (AFUNPTR)callbackBeforeMalloc,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCall(
mallocRtn,
IPOINT_AFTER, (AFUNPTR)callbackAfterMalloc,
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(mallocRtn);
}
if (RTN_Valid(freeRtn)){
RTN_Open(freeRtn);
RTN_InsertCall(
freeRtn,
IPOINT_BEFORE, (AFUNPTR)callbackBeforeFree,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
}
/* Image instrumentation */
static void IMG_Instrumentation(IMG img, void *v) {
/* Lock / Unlock the Analysis from a Entry point */
if (tracer::pintool::options::startAnalysisFromEntry) {
tracer::pintool::options::startAnalysisFromEntry = false;
/* IMG_LoadOffset(img) + IMG_Entry(img) for PIE binaries (see #524) */
tracer::pintool::options::startAnalysisFromAddress.insert(IMG_LoadOffset(img) + IMG_Entry(img));
}
/* Lock / Unlock the Analysis from a symbol */
if (tracer::pintool::options::startAnalysisFromSymbol != nullptr){
RTN targetRTN = RTN_FindByName(img, tracer::pintool::options::startAnalysisFromSymbol);
if (RTN_Valid(targetRTN)) {
RTN_Open(targetRTN);
RTN_InsertCall(targetRTN,
IPOINT_BEFORE,
(AFUNPTR) toggleWrapper,
IARG_BOOL, true,
IARG_END);
RTN_InsertCall(targetRTN,
IPOINT_AFTER,
(AFUNPTR) toggleWrapper,
IARG_BOOL, false,
IARG_END);
RTN_Close(targetRTN);
}
}
/* Callback on routine entry */
std::map<const char *, PyObject *>::iterator it;
for (it = tracer::pintool::options::callbackRoutineEntry.begin(); it != tracer::pintool::options::callbackRoutineEntry.end(); it++) {
RTN targetRTN = RTN_FindByName(img, it->first);
if (RTN_Valid(targetRTN)){
RTN_Open(targetRTN);
RTN_InsertCall(targetRTN, IPOINT_BEFORE, (AFUNPTR)callbackRoutineEntry, IARG_CONTEXT, IARG_THREAD_ID, IARG_PTR, it->second, IARG_END);
RTN_Close(targetRTN);
}
}
/* Callback on routine exit */
for (it = tracer::pintool::options::callbackRoutineExit.begin(); it != tracer::pintool::options::callbackRoutineExit.end(); it++) {
RTN targetRTN = RTN_FindByName(img, it->first);
if (RTN_Valid(targetRTN)){
RTN_Open(targetRTN);
RTN_InsertCall(targetRTN, IPOINT_AFTER, (AFUNPTR)callbackRoutineExit, IARG_CONTEXT, IARG_THREAD_ID, IARG_PTR, it->second, IARG_END);
RTN_Close(targetRTN);
}
}
/*
* Callback when a new image is loaded.
* This callback must be called even outside the range analysis.
*/
if (IMG_Valid(img))
tracer::pintool::callbackImageLoad(img);
}
VOID TaintSource(RTN rtn, VOID *v)
{
if(flag ==0&&hasFound==1)
return;
if(RTN_Name(rtn)=="CreateFileW")
{
string FileName="";
RTN_Open(rtn);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)FindObjectByName,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)SetCFWReturnValue,
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(rtn);
}
else
if(RTN_Name(rtn)=="CreateFileMappingW")
{
RTN_Open(rtn);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)FindMatchingCFMW,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 3,
IARG_FUNCARG_ENTRYPOINT_VALUE, 4,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)SetCFMWReturnValue,
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(rtn);
}
else
//if(RTN_Name(rtn)=="MapViewOfFileEx")
if(RTN_Name(rtn)=="MapViewOfFile")
{
//flag=1;
RTN_Open(rtn);
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)FindMachingMVF,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)SetMappingBase,
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(rtn);
}
}
VOID Image(IMG img, VOID *v)
{
// TraceFile << "Loading" << IMG_Name(img) << ", Image id = " << IMG_Id(img) << endl;
/* Find main. We won't do anything before main starts. */
RTN rtn = RTN_FindByName(img, "main");
if(RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)callBeforeMain, IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)callAfterMain, IARG_END);
RTN_Close(rtn);
}
// Instrument the malloc() and free() functions. Print the input argument
// of each malloc() or free(), and the return value of malloc().
//
// Find the malloc() function.
RTN mallocRtn = RTN_FindByName(img, MALLOC);
if (RTN_Valid(mallocRtn))
{
RTN_Open(mallocRtn);
// const char * imageName = StripPath(IMG_Name(SEC_Img(RTN_Sec(mallocRtn))).c_str());
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)MallocBefore,
IARG_ADDRINT, MALLOC,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
// IARG_ADDRINT, imageName,
IARG_END);
// RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
// IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
RTN_Close(mallocRtn);
}
// Find the free() function.
/**
RTN freeRtn = RTN_FindByName(img, FREE);
if (RTN_Valid(freeRtn))
{
RTN_Open(freeRtn);
// Instrument free() to print the input argument value.
RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
IARG_ADDRINT, FREE,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
*/
}
static void
I_ImageLoad(IMG img, void *v)
{
static bool main_rtn_instrumented = false;
if( !main_rtn_instrumented ) {
RTN rtn = RTN_FindByName(img, "main");
if( rtn == RTN_Invalid() ) {
rtn = RTN_FindByName(img, "__libc_start_main");
}
// Instrument main
if( rtn != RTN_Invalid() ) {
main_rtn_instrumented = true;
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)A_EnterMainImage,
IARG_INST_PTR,
IARG_ADDRINT, RTN_Address(rtn),
IARG_REG_VALUE, REG_STACK_PTR,
IARG_END);
RTN_Close(rtn);
}
}
for( SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym) ) {
if( strstr(SYM_Name(sym).c_str(), "MAID_register_address" ) ) {
RTN rtn;
rtn = RTN_FindByName(img, SYM_Name(sym).c_str());
ASSERTX(RTN_Valid(rtn));
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)A_RegisterAddr,
IARG_G_ARG0_CALLEE,
IARG_END);
RTN_Close(rtn);
} else if( strstr(SYM_Name(sym).c_str(), "MAID_unregister_address" ) ) {
RTN rtn;
rtn = RTN_FindByName(img, SYM_Name(sym).c_str());
ASSERTX(RTN_Valid(rtn));
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)A_UnregisterAddr,
IARG_G_ARG0_CALLEE,
IARG_END);
RTN_Close(rtn);
}
}
}
static VOID InstrumentRoutine(RTN rtn, VOID *)
{
if (RTN_Name(rtn) == "DoFlush")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnDoFlush), IARG_END);
RTN_Close(rtn);
}
if (RTN_Name(rtn) == "CheckFlush")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnCheckFlush), IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_Close(rtn);
}
}
VOID AddPthreadsCallbacks(IMG img) {
RTN rtn;
rtn = RTN_FindByName(img, "pthread_join");
if (RTN_Valid(rtn)) {
cerr << IMG_Name(img) << ": pthread_join" << endl;
RTN_Open(rtn);
RTN_InsertCall(rtn,
IPOINT_BEFORE,
AFUNPTR(PTHREAD_beforeJoin),
IARG_THREAD_ID,
IARG_FUNCARG_ENTRYPOINT_VALUE,
0,
IARG_CALL_ORDER,
CALL_ORDER_FIRST,
IARG_END);
RTN_InsertCall(rtn,
IPOINT_AFTER,
AFUNPTR(PTHREAD_afterJoin),
IARG_THREAD_ID,
IARG_CALL_ORDER,
CALL_ORDER_LAST,
IARG_END);
RTN_Close(rtn);
}
}
VOID Rtn(RTN rtn, VOID * v)
{
RTN_Open(rtn);
UINT32 insNum2 = 0;
RTN_Close(rtn);// The rtn is intentionally closed and then it is opened again.
// This is done in order to check the correctness of both
// "RTN_NumIns" and "RTN_InsTail" independently.
UINT32 insNum1 = RTN_NumIns(rtn);
RTN_Open(rtn);
for (INS ins = RTN_InsTail(rtn); INS_Valid(ins); ins = INS_Prev(ins)) {
insNum2++;
}
TEST(insNum1 == insNum2, "RTN_NumIns failed");
RTN_Close(rtn);
}
VOID Image(IMG img, void *v)
{
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
RTN_Open(rtn);
numRtnsFoundInImageCallback++;
INS ins = RTN_InsHeadOnly(rtn);
if (INS_Invalid() == ins)
{ // no instruction found - assert that RTN_InsHead(rtn) also doesn't find any INS
ASSERTX (INS_Invalid() == RTN_InsHead(rtn));
RTN_Close(rtn);
continue;
}
if (INS_HasFallThrough(ins))
{
ADDRINT insAddress = INS_Address(ins);
numRtnsInstrumentedFromImageCallback++;
RTN_InsertCall( rtn, IPOINT_BEFORE, AFUNPTR(AtRtn), IARG_ADDRINT, RTN_Address(rtn), IARG_END);
INS_InsertCall (ins, IPOINT_BEFORE, AFUNPTR(BeforeInsHeadOnly), IARG_ADDRINT, INS_Address(ins), IARG_END);
INS_InsertCall (ins, IPOINT_AFTER, AFUNPTR(AfterInsHeadOnly), IARG_ADDRINT, INS_Address(ins), IARG_END);
ins = RTN_InsHead(rtn);
ASSERTX(INS_Invalid() != ins);
ASSERTX(INS_Address(ins)==insAddress);
INS_InsertCall (ins, IPOINT_BEFORE, AFUNPTR(BeforeInsHead), IARG_ADDRINT, insAddress, IARG_END);
INS_InsertCall (ins, IPOINT_AFTER, AFUNPTR(AfterInsHead), IARG_ADDRINT, insAddress, IARG_END);
}
RTN_Close(rtn);
}
}
}
// When an image is loaded, check for a MyAlloc function
VOID Image(IMG img, VOID *v)
{
//fprintf(stderr, "Loading %s\n",IMG_name(img));
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
//fprintf(stderr, " sec %s\n", SEC_name(sec).c_str());
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
//fprintf(stderr, " rtn %s\n", RTN_Name(rtn).c_str());
if (RTN_Name(rtn) == STRESSTEST_FN_NAME)
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)StressTestConstContextToolFunc,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 2,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 3,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 4,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 5,
IARG_RETURN_IP, // address of inst after caller
IARG_REG_VALUE, REG_STACK_PTR,
IARG_REG_VALUE, REG_THREAD_ID,
IARG_CONST_CONTEXT,
IARG_END);
RTN_Close(rtn);
}
}
}
}
/* This function is invoked from Dytan. Modify this function to
* specify custom function wrappers
*/
void taint_routines(IMG img, void *v)
{
RTN rtn = RTN_FindByName(img, "main");
if (RTN_Valid(rtn)) {
printf("instrument main function\n");
RTN_Open(rtn);
/* This function call inserts main_wrapper_func before the
* function main is executed. Since main takes two parameters,
* we have supplied two pairs of
* IARG_FUNCARG_ENTRYPOINT_REFERENCE, <number>
*/
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(main_wrapper_func),
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1,
IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(main_wrapper_func_end),
IARG_END);
RTN_Close(rtn);
}
/*
else if (rtn_name == taint_function[1]) {
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(main_wrapper_func2),
IARG_FUNCARG_CALLSITE_VALUE, 4,
IARG_END);
RTN_Close(rtn);
}
*/
}
static VOID Image(IMG img, VOID *v)
{
RTN rtn = RTN_FindByName(img, watch_rtn);
if (!RTN_Valid(rtn))
{
return;
}
printf("Instrumenting %s at %p\n", watch_rtn, reinterpret_cast<void *>(RTN_Address(rtn)));
RTN_Open(rtn);
INS ins = RTN_InsHeadOnly(rtn);
ASSERTX (INS_Valid(ins));
// version_reg is used to select the version, use the first
// argument of watch_rtn to set it
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(select_version),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_REG_VALUE, version_reg,
IARG_RETURN_REGS, version_reg,
IARG_END);
// Note that the version instrumentation will occur before any
// instrumentation done on this ins from Trace or Instruction
// instrumentation time callbacks
INS_InsertVersionCase(ins, version_reg, 10, VERSION_1, IARG_END);
INS_InsertVersionCase(ins, version_reg, 20, VERSION_2, IARG_END);
RTN_Close(rtn);
}
VOID Routine(RTN rtn, VOID *v)
{
RTN_Open(rtn);
RTN_NAME * rn = new RTN_NAME;
if (KnobOnly){
if(IMG_IsMainExecutable(SEC_Img(RTN_Sec(rtn))) \
/*&& std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/libSystem.B.dylib")!=0 \*/
|| std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/system/libsystem_malloc.dylib")==0)
{
funcList.push_back(RTN_Name(rtn));
cerr << "Getting "<< RTN_Name(rtn) <<endl ;
//RTN_Close(rtn);
//return ;
}
}
if(KnobOnly && find (funcList.begin(), funcList.end(), RTN_Name(rtn)) == funcList.end()){
cerr << "excluding : " << RTN_Name(rtn) ;
cerr << IMG_Name(SEC_Img(RTN_Sec(rtn))) << endl;
RTN_Close(rtn);
return;
}
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fin
rn->_name = RTN_Name(rtn);
rn->_image = IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str();
rn->_address = RTN_Address(rtn);
//_address = RTN_Address(rtn);
// Insert a call at the entry point of a routine to increment the call count
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)print, IARG_PTR, rn,IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)ret,IARG_PTR,rn,IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
//INS_InsertCall(RTN_InsTail(rtn), IPOINT_BEFORE, (AFUNPTR)ret, IARG_END);
RTN_Close(rtn);
}
static VOID InsertIfBridgeThenBridge(RTN rtn)
{
RTN_Open(rtn);
INS_InsertIfCall(RTN_InsHead(rtn), IPOINT_BEFORE, AFUNPTR(IfBridge), IARG_BRIDGE_IF, IARG_END);
INS_InsertThenCall(RTN_InsHead(rtn), IPOINT_BEFORE, AFUNPTR(ThenBridge), IARG_BRIDGE, IARG_END);
RTN_Close(rtn);
}
PyObject* Python_RTN_Open(PyObject* self, PyObject* args) {
PyObject* rtn;
PyArg_ParseTuple(args, "L", &rtn);
RTN rtn_object = *(RTN*) rtn;
RTN_Open(rtn_object);
return Py_BuildValue("O", Py_True);
}
/*
* Instrumentation-time routine looking for the routine we'd like to instrument.
*/
static VOID ImageLoad(IMG img, VOID * v)
{
if (IMG_IsMainExecutable(img))
{
*outFile << "In main application image" << endl;
// Search for the assembly routine in the application
RTN AsmRtn = RTN_FindByName(img, "operImmCmds");
if (!RTN_Valid(AsmRtn))
{
AsmRtn = RTN_FindByName(img, "_operImmCmds");
}
if (RTN_Valid(AsmRtn))
{
*outFile << "Function operImmCmds found" << endl;
RTN_Open(AsmRtn);
// Go over each of the routine's instructions
for (INS ins = RTN_InsHead(AsmRtn); INS_Valid(ins); ins = INS_Next(ins))
{
Instruction(ins, 0);
}
RTN_Close(AsmRtn);
*outFile << "Done with function operImmCmds" << endl;
}
else
{
*outFile << "Function operImmCmds not found!" << endl;
}
}
}
VOID Image(IMG img, VOID * v)
{
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
if( INS_IsPredicated(ins) )
GlobalStatsStatic.predicated[ INS_Category(ins) ]++;
else
GlobalStatsStatic.unpredicated[ INS_Category(ins) ]++;
}
RTN_Close(rtn);
}
}
if( KnobProfileStaticOnly.Value() )
{
Fini(0,0);
exit(0);
}
}
VOID Image(IMG img, VOID *v)
{
// Walk through the symbols in the symbol table.
//
for (SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym))
{
string undFuncName = PIN_UndecorateSymbolName(SYM_Name(sym), UNDECORATION_NAME_ONLY);
// Find the RtlAllocHeap() function.
if (undFuncName == "RtlAllocateHeap")
{
RTN allocRtn = RTN_FindByAddress(IMG_LowAddress(img) + SYM_Value(sym));
if (RTN_Valid(allocRtn))
{
// Instrument to print the input argument value and the return value.
RTN_Open(allocRtn);
RTN_InsertCall(allocRtn, IPOINT_BEFORE, (AFUNPTR)Before,
IARG_ADDRINT, "RtlAllocateHeap",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_InsertCall(allocRtn, IPOINT_AFTER, (AFUNPTR)After,
IARG_ADDRINT, "RtlAllocateHeap",
IARG_FUNCRET_EXITPOINT_VALUE,
IARG_END);
RTN_Close(allocRtn);
}
}
}
}
static VOID InsertIfNoBridgeThenInline(RTN rtn)
{
RTN_Open(rtn);
INS_InsertIfCall(RTN_InsHead(rtn), IPOINT_BEFORE, AFUNPTR(IfNoBridge), IARG_END);
INS_InsertThenCall(RTN_InsHead(rtn), IPOINT_BEFORE, AFUNPTR(ThenInline), IARG_END);
RTN_Close(rtn);
}
/*****************************************************************************
函 数 名 : rtn
功能描述 : Pin calls this function every time a new rtn is executed
输入参数 : RTN rtn
VOID * v
输出参数 : 无
返 回 值 :
调用函数 :
被调函数 :
修改历史 :
1.日 期 : 2012年5月16日
作 者 : @zhi
修改内容 : 新生成函数
*****************************************************************************/
VOID rtn(RTN rtn, VOID * v)
{
//干掉系统的动态连接库, 即IMG为/lib/*
if(EXCEPT_SEC == IMG_Name(SEC_Img(RTN_Sec(rtn)))
.substr(0, EXCEPT_SEC.size()))
{
return;
}
RTN_Open(rtn);
if ( g_backTraceFlg )
{
//第一次进入,回溯已调用的函数(附加到进程模式)
//, 参数为待执行函数的函数名,函数起始地址,函数EBP(函数初始未压栈)
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)traceBack,
//IARG_PTR, RTN_Name(rtn).c_str(),
//IARG_ADDRINT, RTN_Address(rtn),
IARG_REG_VALUE, REG_STACK_PTR,
IARG_REG_VALUE, REG_EBP, IARG_END);
}
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)funcPackage,
IARG_PTR, RTN_Name(rtn).c_str(),
IARG_ADDRINT, RTN_Address(rtn),
IARG_REG_VALUE, REG_EBP,
//IARG_REG_VALUE, REG_STACK_PTR, IARG_END);
IARG_END);
RTN_Close(rtn);
}
// Pin calls this function every time a new rtn is executed
VOID Routine(RTN rtn, VOID *v)
{
// Allocate a counter for this routine
RTN_COUNT * rc = new RTN_COUNT;
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fini
rc->_name = RTN_Name(rtn);
rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str());
rc->_address = RTN_Address(rtn);
rc->_icount = 0;
rc->_rtnCount = 0;
// Add to list of routines
rc->_next = RtnList;
RtnList = rc;
RTN_Open(rtn);
// Insert a call at the entry point of a routine to increment the call count
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_rtnCount), IARG_END);
// For each instruction of the routine
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
// Insert a call to docount to increment the instruction counter for this rtn
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_icount), IARG_END);
}
RTN_Close(rtn);
}
static void InstrumentRtn(RTN rtn, VOID *)
{
if (RTN_Name(rtn) == "DoGetLockWithPin")
{
FoundDoGetLock = true;
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(UseLocksScheduler), IARG_END);
RTN_Close(rtn);
}
if (RTN_Name(rtn) == "TellPinNotSupported")
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(CannotRunTest), IARG_END);
RTN_Close(rtn);
}
}