static void alloca_probe_ret(void *opaque)
{
uint32_t *handle = (uint32_t *)opaque;
hookapi_remove_hook(*handle);
free(handle);
taintcheck_reg_clean(R_ESP, 0, 4);
}
int tc_address_hook(void *opaque)
{
if (temu_plugin->monitored_cr3 == TEMU_cpu_cr[3]) {
tracing_start_condition = 1;
/* remove the hook */
hookapi_remove_hook(cond_func_hook_handle);
}
return 0;
}
/* Return hook (executed after the return instruction) */
static int getsockname_ret(void *opaque)
{
static int offset = 0;
int read_err = 0;
uint32_t bufRealLen = 0;
getsockname_t *s = (getsockname_t *)opaque;
struct sockaddr_in addrData;
char addrStr[INET_ADDRSTRLEN];
/* Remove return hook */
hookapi_remove_hook(s->hook_handle);
/* Check return value -> status */
uint32_t eax = 0;
read_reg(eax_reg, &eax);
if (eax != 0) return 0;
/* Read size of address structure */
read_err = read_mem(s->bufLenPtr, 4, (unsigned char*)&bufRealLen);
if (!read_err) {
WRITE ("tracenetlog","\tNumBytesWritten: %u\n",bufRealLen);
}
else {
WRITE ("tracenetlog","\tCould not get number of bytes written\n");
return 0;
}
/* Read the address structure */
read_err = read_mem(s->bufStart, 16, (unsigned char*)&addrData);
if (read_err) return 0;
/* Print the address structure */
inet_ntop(AF_INET, &addrData.sin_addr, addrStr, sizeof(addrStr));
WRITE ("tracenetlog","\tFamily: %d Port: %u Address: %s\n",
addrData.sin_family,ntohs(addrData.sin_port),addrStr);
/* Taint address structure */
if (bufRealLen > 0) {
hook_taint_record_t tr;
tr.source = TAINT_SOURCE_API_SOCK_INFO_IN;
tr.origin = GETSOCKNAME_ORIGIN;
tr.offset = offset;
taint_mem(s->bufStart+2, 6, (void *)&tr);
}
/* Increment the taint offset */
offset += 6;
/* Free structure used to pass info between call and return hooks */
if (s) free(s);
return 0;
}
static void VirtualAlloc_ret(void *param)
{
NtCreateFile_hook_context_t *ctx = (NtCreateFile_hook_context_t *)param;
DECAF_printf("VirtualAlloc exit:");
hookapi_remove_hook(ctx->hook_handle);
DECAF_printf("lpAddress=%08x, dwSize=%d, ret=%08x\n", ctx->call_stack[1],
ctx->call_stack[2], cpu_single_env->regs[R_EAX]);
free(ctx);
}
static void NtCreateFile_ret(void *param)
{
NtCreateFile_hook_context_t *ctx = (NtCreateFile_hook_context_t *)param;
DECAF_printf("NtCreateFile exit:");
hookapi_remove_hook(ctx->hook_handle);
uint32_t out_handle;
DECAF_read_mem(NULL, ctx->call_stack[1], 4, &out_handle);
DECAF_printf("out_handle=%08x\n", out_handle);
free(ctx);
}
int tc_address_start_hook(void *opaque)
{
term_printf("tc_address_start_hook(*) called\n");
if ((tracing_kernel_all() ||
(temu_plugin->monitored_cr3 == TEMU_cpu_cr[3])) &&
(tc_start_counter++ == tc_start_at))
{
tracing_start_condition = 1;
tc_stop_counter = 0; // reset the tc_stop_counter at the execution saving
/* remove the hook */
hookapi_remove_hook(cond_func_hook_handle);
}
return 0;
}
int tc_address_stop_hook(void *opaque)
{
term_printf("tc_address_stop_hook(*) called\n");
if ((tracing_kernel_all() ||
(temu_plugin->monitored_cr3 == TEMU_cpu_cr[3])) &&
(tc_stop_counter++ == tc_stop_at))
{
tracing_start_condition = 0;
if (gettimeofday(&trace_stop_time, 0) == 0) {
term_printf("Trace ending time: %ld.%ld\n", trace_start_time.tv_sec, trace_start_time.tv_usec);
term_printf("Total elapsed time: %ld usec\n",
trace_stop_time.tv_sec*1000000 + trace_stop_time.tv_usec - trace_start_time.tv_sec*1000000 - trace_start_time.tv_usec);
}
/* remove the hook */
hookapi_remove_hook(tc_stop_hook_handle);
}
return 0;
}
static int strcmp_ret(void *opaque)
{
int read_err = 0;
strcmp_value *scv = (strcmp_value *)opaque;
int eax = 0;
hookapi_remove_hook(scv->hook_handle);
read_reg(eax_reg, &eax);
if (eax == 0 )
{
WRITE ("stderr", "\tthe two strings are same!\n");
}
else
{
WRITE ("stderr", "\tthe two strings are not same %x!\n",eax);
}
int tmp=1;
write_reg(eax_reg,tmp);
if (scv)
free(scv);
return 0;
}
