// R0 is command (label or query)
// R1 is buf_start
// R2 is length
// R3 is offset (not currently implemented)
void arm_hypercall_callback(CPUState *env){
target_ulong buf_start = env->regs[1];
target_ulong buf_len = env->regs[2];
if (env->regs[0] == 7 || env->regs[0] == 8){ //Taint label
if (!taintEnabled){
printf("Taint plugin: Label operation detected\n");
printf("Enabling taint processing\n");
__taint_enable_taint();
}
TaintOpBuffer *tempBuf = tob_new(buf_len * sizeof(TaintOp));
add_taint_ram(env, shadow, tempBuf, (uint64_t)buf_start, (int)buf_len);
tob_delete(tempBuf);
}
else if (env->regs[0] == 9){ //Query taint on label
if (taintEnabled){
printf("Taint plugin: Query operation detected\n");
Addr a = make_maddr(buf_start);
bufplot(env, shadow, &a, (int)buf_len);
}
//printf("Disabling taint processing\n");
//taintEnabled = false;
//taintJustDisabled = true;
//printf("Label occurrences on HD: %d\n", shad_dir_occ_64(shadow->hd));
}
}
void i386_hypercall_callback(CPUState *env){
target_ulong buf_start = env->regs[R_EBX];
target_ulong buf_len = env->regs[R_ECX];
long label = env->regs[R_EDI];
// call to label data
// EBX contains addr of that data
// ECX contains size of data
// EDI is the label integer
// EDX = starting offset (for positional labels only)
// -mostly not used, this is managed in pirate_utils
if (env->regs[R_EAX] == 7 || env->regs[R_EAX] == 8){
if (!taintEnabled){
printf("Taint plugin: Label operation detected\n");
printf("Enabling taint processing\n");
__taint_enable_taint();
}
TaintOpBuffer *tempBuf = tob_new( buf_len * sizeof(TaintOp));
if (env->regs[R_EAX] == 7){
// Standard buffer label
add_taint_ram_single_label(env, shadow, tempBuf,
(uint64_t)buf_start, (int)buf_len, label);
}
else if (env->regs[R_EAX] == 8){
// Positional buffer label
add_taint_ram_pos(env, shadow, tempBuf, (uint64_t)buf_start, (int)buf_len);
}
tob_delete(tempBuf);
}
//mz Query taint on this buffer
//mz EBX = start of buffer (VA)
//mz ECX = size of buffer (bytes)
// EDX = starting offset - for file queries
// -mostly not used, this is managed in pirate_utils
else if (env->regs[R_EAX] == 9){ //Query taint on label
if (taintEnabled){
printf("Taint plugin: Query operation detected\n");
Addr a = make_maddr(buf_start);
bufplot(env, shadow, &a, (int)buf_len);
}
//printf("Disabling taint processing\n");
//taintEnabled = false;
//taintJustDisabled = true;
//printf("Label occurrences on HD: %d\n", shad_dir_occ_64(shadow->hd));
}
else if (env->regs[R_EAX] == 10){
// Guest util done - reset positional label counter
taint_pos_count = 0;
}
}
int handle_packet(CPUState *env, uint8_t *buf, int size, uint8_t direction,
uint64_t old_buf_addr){
switch (direction){
case PANDA_NET_RX:
{
#ifdef TAINTDEBUG
printf("RX packet\n");
printf("Buf: 0x%lx, Old Buf: 0x%lx, Size %d\n",
(uint64_t)buf, old_buf_addr, size);
#endif
if (taint_label_incoming_network_traffic){
if (!taintEnabled){
printf("Taint plugin: Label operation detected (network)\n");
printf("Enabling taint processing\n");
__taint_enable_taint();
}
add_taint_io(env, shadow, tob_io_thread, old_buf_addr, size);
count += size;
break;
}
}
case PANDA_NET_TX:
#ifdef TAINTDEBUG
printf("TX packet\n");
printf("Buf: 0x%lx, Old Buf: 0x%lx, Size %d\n",
(uint64_t)buf, old_buf_addr, size);
#endif
if (taintEnabled && taint_query_outgoing_network_traffic){
TaintOp top;
top.typ = QUERYOP;
top.val.query.l = size;
top.val.query.a = make_iaddr(old_buf_addr);
// make the taint op buffer bigger if necessary
tob_resize(&tob_io_thread);
tob_op_write(tob_io_thread, &top);
}
break;
default:
assert(0);
}
return 0;
}
// XXX: Support all features of label and query program
void i386_hypercall_callback(CPUState *env){
target_ulong buf_start = env->regs[R_EBX];
target_ulong buf_len = env->regs[R_ECX];
// call to iferret to label data
// EBX contains addr of that data
// ECX contains size of data
// EDI is a pointer to a buffer containing the label string
// ESI contains the length of that label
// EDX = starting offset (for positional labels only)
if (env->regs[R_EAX] == 7 || env->regs[R_EAX] == 8){
if (!taintEnabled){
printf("Taint plugin: Label operation detected\n");
printf("Enabling taint processing\n");
__taint_enable_taint();
}
TaintOpBuffer *tempBuf = tob_new( buf_len * sizeof(TaintOp));
add_taint_ram(env, shadow, tempBuf, (uint64_t)buf_start, (int)buf_len);
tob_delete(tempBuf);
}
//mz Query taint on this buffer
//mz EBX = start of buffer (VA)
//mz ECX = size of buffer (bytes)
// EDI is a pointer to a buffer containing the filename or another name for this query
// ESI contains the length of that string
// EDX = starting offset - for file queries
else if (env->regs[R_EAX] == 9){ //Query taint on label
if (taintEnabled){
printf("Taint plugin: Query operation detected\n");
Addr a = make_maddr(buf_start);
bufplot(env, shadow, &a, (int)buf_len);
}
//printf("Disabling taint processing\n");
//taintEnabled = false;
//taintJustDisabled = true;
//printf("Label occurrences on HD: %d\n", shad_dir_occ_64(shadow->hd));
}
}
// R0 is command (label or query)
// R1 is buf_start
// R2 is length
// R3 is offset (not currently implemented, managed in pirate_utils)
// R4 is the label integer
void arm_hypercall_callback(CPUState *env){
target_ulong buf_start = env->regs[1];
target_ulong buf_len = env->regs[2];
long label = env->regs[4];
if (env->regs[0] == 7 || env->regs[0] == 8){
if (!taintEnabled){
printf("Taint plugin: Label operation detected\n");
printf("Enabling taint processing\n");
__taint_enable_taint();
}
TaintOpBuffer *tempBuf = tob_new( buf_len * sizeof(TaintOp));
if (env->regs[0] == 7){
// Standard buffer label
add_taint_ram_single_label(env, shadow, tempBuf,
(uint64_t)buf_start, (int)buf_len, label);
}
else if (env->regs[0] == 8){
// Positional buffer label
add_taint_ram_pos(env, shadow, tempBuf, (uint64_t)buf_start, (int)buf_len);
}
tob_delete(tempBuf);
}
else if (env->regs[0] == 9){ //Query taint on label
if (taintEnabled){
printf("Taint plugin: Query operation detected\n");
Addr a = make_maddr(buf_start);
bufplot(env, shadow, &a, (int)buf_len);
}
//printf("Disabling taint processing\n");
//taintEnabled = false;
//taintJustDisabled = true;
//printf("Label occurrences on HD: %d\n", shad_dir_occ_64(shadow->hd));
}
else if (env->regs[0] == 10){
// Guest util done - reset positional label counter
taint_pos_count = 0;
}
}
void taint_enable_taint(void) {
__taint_enable_taint();
}
