Beispiel #1
0
int
main(int argc, char *argv[], char *envp[])
{
    RSIM_Linux32 sim;
    int n = sim.configure(argc, argv, envp);
    sim.install_callback(new RSIM_Tools::UnhandledInstruction);

    /**************************************************************************************************************************
     *                                  Debugging callbacks...
     **************************************************************************************************************************/


#if 0
    /* Parse the ELF container so we can get to the symbol table. */
    char *rose_argv[4];
    rose_argv[0] = argv[0];
    rose_argv[1] = strdup("-rose:read_executable_file_format_only");
    rose_argv[2] = argv[n];
    rose_argv[3] = NULL;
    SgProject *project = frontend(3, rose_argv);

    /* Disassemble when we hit main() */
    rose_addr_t disassemble_va = RSIM_Tools::FunctionFinder().address(project, "main");
    assert(disassemble_va>0);
    sim.install_callback(new RSIM_Tools::MemoryDisassembler(disassemble_va));

    /* Print a stack trace and memory dump for every system call */
    struct SyscallStackTrace: public RSIM_Callbacks::SyscallCallback {
        virtual SyscallStackTrace *clone() {
            return this;
        }
        virtual bool operator()(bool enabled, const Args &args) {
            if (enabled) {
                RTS_Message *trace = args.thread->tracing(TRACE_SYSCALL);
                args.thread->report_stack_frames(trace, "Stack frames for following system call:");
                args.thread->get_process()->mem_showmap(trace, "Memory map for following system call:", "    ");
            }
            return enabled;
        }
    };
    sim.get_callbacks().add_syscall_callback(RSIM_Callbacks::BEFORE, new SyscallStackTrace);
#endif

    /***************************************************************************************************************************
     *                                  The main program...
     ***************************************************************************************************************************/

    sim.exec(argc-n, argv+n);
    sim.install_callback(new MemoryTransactionTester(sim.get_process()->get_ep_orig_va()), RSIM_Callbacks::BEFORE, true);
//    sim.activate();
    sim.main_loop();
//     sim.deactivate();
    sim.describe_termination(stderr);
    sim.terminate_self(); // probably doesn't return
    return 0;
}
Beispiel #2
0
// Main program is almost standard RSIM boilerplate.  The only thing we add is the instantiation and installation of the
// SymbolicBombDetector callback.
int
main(int argc, char *argv[], char *envp[])
{
    RSIM_Linux32 sim;
    sim.install_callback(new RSIM_Tools::UnhandledInstruction);
    int n = sim.configure(argc, argv, envp);
    sim.exec(argc-n, argv+n);
    sim.install_callback(new IntervalAnalysis(sim.get_process()->get_ep_start_va()), RSIM_Callbacks::BEFORE, true);
    sim.main_loop();
    sim.describe_termination(stderr);
    sim.terminate_self();
    return 0;
}
Beispiel #3
0
int
main(int argc, char *argv[], char *envp[])
{
    std::ios::sync_with_stdio();

    // Parse command-line switches understood by MultiWithConversion and leave the rest for the simulator.
    rose_addr_t target_va = 0; // analysis address (i.e., the "arbitrary offset"). Zero implies the program's OEP
    for (int i=1; i<argc; ++i) {
        if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h") || !strcmp(argv[i], "-?")) {
            std::cout <<"usage: " <<argv[0] <<" [--target=ADDRESS] [SIMULATOR_SWITCHES] SPECIMEN [SPECIMEN_ARGS...]\n";
            exit(0);
        } else if (!strncmp(argv[i], "--target=", 9)) {
            target_va = strtoull(argv[i]+9, NULL, 0);
            memmove(argv+i, argv+i+1, (argc-- -i)*sizeof(*argv)); // argv has argc+1 elements
            --i;
        } else {
            break;
        }
    }

    // Our instruction callback.  We can't set its trigger address until after we load the specimen, but we want to register
    // the callback with the simulator before we create the first thread.
    SemanticController semantic_controller;

    // All of this (except the part where we register our SemanticController) is standard boilerplate and documented in
    // the first page of doxygen.
    RSIM_Linux32 sim;
    sim.install_callback(new RSIM_Tools::UnhandledInstruction); // needed by some versions of ld-linux.so
    sim.install_callback(&semantic_controller);                 // it mustn't be destroyed while the simulator's running
    int n = sim.configure(argc, argv, envp);
    sim.exec(argc-n, argv+n);

    // Register our instruction callback and tell it to trigger at the specimen's original entry point (OEP).  This will cause
    // our analysis to run as soon as the dynamic linker is finished.  We don't know the OEP until after the sim.exec() call
    // that loads the specimen into memory, so by time we can register our callback, the RSIM_Process has copied 
    rose_addr_t trigger_va = sim.get_process()->get_ep_orig_va();
    semantic_controller.arm(trigger_va, 0==target_va ? trigger_va : target_va);

    //sim.activate();
    sim.main_loop();
    //sim.deactivate();
    sim.describe_termination(stderr);
    sim.terminate_self(); // probably doesn't return
    return 0;
}