/**
* A call handler can invoke this function to register a return handler.
* XXX: We assume that the passed execution state corresponds to the state in which
* this instance of FunctionMonitorState is used.
*/
void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig)
{
if(sig.empty()) {
return;
}
uint32_t sp;
#ifdef TARGET_ARM
bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[13]),
&sp, sizeof(target_ulong));
#elif defined(TARGET_I386)
bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]),
&sp, sizeof(target_ulong));
#else
assert(false);
#endif
uint64_t pid = state->getPid();
if (m_plugin->m_monitor) {
pid = m_plugin->m_monitor->getPid(state, state->getPc());
}
if(!ok) {
m_plugin->s2e()->getWarningsStream(state)
<< "Function call with symbolic SP!" << std::endl
<< " PC=" << hexval(state->getPc()) << " PID=" << hexval(pid) << std::endl;
return;
}
ReturnDescriptor descriptor = {pid, sig };
m_returnDescriptors.insert(std::make_pair(sp, descriptor));
}
/**
* A call handler can invoke this function to register a return handler.
* XXX: We assume that the passed execution state corresponds to the state in which
* this instance of FunctionMonitorState is used.
*/
void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig)
{
if(sig.empty()) {
return;
}
uint32_t esp;
bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]),
&esp, sizeof(target_ulong));
if(!ok) {
m_plugin->s2e()->getWarningsStream(state)
<< "Function call with symbolic ESP!" << std::endl
<< " EIP=" << hexval(state->getPc()) << " CR3=" << hexval(state->getPid()) << std::endl;
return;
}
uint64_t pid = state->getPid();
if (m_plugin->m_monitor) {
pid = m_plugin->m_monitor->getPid(state, state->getPc());
}
ReturnDescriptor descriptor = {pid, sig };
m_returnDescriptors.insert(std::make_pair(esp, descriptor));
}