//--------------------------------------------------------------------------
static VOID app_start_cb(VOID *v)
{
IMG img = APP_ImgHead();
for( SEC sec= IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec) )
{
ADDRINT sec_ea = SEC_Address(sec);
if ( sec_ea != 0 )
{
ADDRINT check;
size_t bytes = PIN_SafeCopy(&check, (void*)sec_ea, sizeof(ADDRINT));
if ( bytes == sizeof(ADDRINT) )
{
if ( min_ea > sec_ea || min_ea == 0 )
min_ea = sec_ea;
if ( max_ea < sec_ea || max_ea == (unsigned)-1 )
max_ea = sec_ea;
segdata_t seg;
seg.size = SEC_Size(sec);
seg.check = check;
seg.written = false;
seg_bytes[sec_ea] = seg;
//cerr << "Monitoring segment " << SEC_Name(sec) << " " << hexstr(sec_ea)
// << ":" << hexstr(sec_ea+SEC_Size(sec)) << endl;
}
}
}
}
//return the entropy value of the entire program
float ProcInfo::GetEntropy(){
IMG binary_image = APP_ImgHead();
// trick in order to convert a ln in log2
const double d1log2 = 1.4426950408889634073599246810023;
double Entropy = 0.0;
unsigned long Entries[256];
unsigned char* Buffer;
//calculate the entropy only on the main module address space
ADDRINT start_address = IMG_LowAddress(binary_image);
ADDRINT end_address = IMG_HighAddress(binary_image);
UINT32 size = end_address - start_address;
// copy the main module in a buffer in order to analyze it
Buffer = (unsigned char *)malloc(size);
PIN_SafeCopy(Buffer , (void const *)start_address , size);
// set to all zero the matrix of the bytes occurrence
memset(Entries, 0, sizeof(unsigned long) * 256);
// increment the counter of the current read byte (Buffer[i])in the occurence matrix (Entries)
for (unsigned long i = 0; i < size; i++)
Entries[Buffer[i]]++;
// do the shannon formula on the occurence matrix ( H = sum(P(i)*log2(P(i)) )
for (unsigned long i = 0; i < 256; i++)
{
double Temp = (double) Entries[i] / (double) size;
if (Temp > 0)
Entropy += - Temp*(log(Temp)*d1log2);
}
return Entropy;
}
static BOOL DebugInterpreter(THREADID tid, CONTEXT *ctxt, const string &cmd, string *result, VOID *)
{
TINFO_MAP::iterator it = ThreadInfos.find(tid);
if (it == ThreadInfos.end())
return FALSE;
TINFO *tinfo = it->second;
std::string line = TrimWhitespace(cmd);
*result = "";
if (line == "help")
{
result->append("mappings -- Mappings.\n");
return TRUE;
}
else if(line == "mappings")
{
tinfo->_os.str("");
tinfo->_os << "{"; //open JSON
for( IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img) )
{
const string& name = LEVEL_PINCLIENT::IMG_Name(img);
tinfo->_os <<"\""<< name << "\":{"; //open img
ADDRINT address = LEVEL_PINCLIENT::IMG_LowAddress(img);
tinfo->_os << "\"start\":" << address << ",";
address = LEVEL_PINCLIENT::IMG_HighAddress(img);
tinfo->_os << "\"end\":" << address << ",";
tinfo->_os << "\"sections\":" << "{"; //open sections
for( SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
const string& name = LEVEL_PINCLIENT::SEC_Name(sec);
if(name != "")
{
tinfo->_os << "\"" << name <<"\":{"; //open section
ADDRINT address = LEVEL_PINCLIENT::SEC_Address(sec);
tinfo->_os << "\"start\":" << address << ",";
USIZE size = LEVEL_PINCLIENT::SEC_Size(sec);
if(SEC_Valid(SEC_Next(sec)))
{
tinfo->_os << "\"size\":" << size << "},"; //close section
}else
{
tinfo->_os << "\"size\":" << size << "}}"; //close section and sections
}
}
}
if(IMG_Valid(IMG_Next(img)))
{
tinfo->_os << "},"; //close img
}else
{
tinfo->_os << "}}"; //close img and json
}
}
*result = tinfo->_os.str();
return TRUE;
}
return FALSE; /* Unknown command */
}
static void reportError(ADDRINT addr)
{
fprintf (stderr, "BAD Fetch from 0x%08x\n", addr);
for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
{
fprintf (stderr, "%-30s: 0x%08x:0x%08x\n", IMG_Name(img).c_str(),
IMG_LowAddress(img),IMG_HighAddress(img));
}
exit (-1);
}
VOID InstructionProp(INS ins, VOID *v)
{
PIN_LockClient();
for (IMG image = APP_ImgHead();image!=IMG_Invalid();image=IMG_Next(image))
{
inst_func_summary(image);
}
PIN_UnlockClient();
}
// Print the list of images currently loaded, with some information about each.
static VOID PrintImageList()
{
for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
{
ADDRESS_RANGE range = FindImageTextMargin(img);
fprintf (trace, " L %-40s %2d [0x%llx:0x%llx] offset 0x%llx %4d RTNs\n", IMG_Name(img).c_str(), (int)IMG_Id(img),
(unsigned long long)range._low, (unsigned long long)range._high, (unsigned long long)IMG_LoadOffset(img),
CountImageRtns (img));
}
}
// Print the list of images currently loaded, with some information about each.
static VOID PrintImageList()
{
for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
{
int nSecs;
int nRtns;
CountImageSecsAndRtns (img, &nSecs, &nRtns);
fprintf (trace, " L %-40s %2d [0x%lx:0x%lx] offset 0x%lx %2d SECs %4d RTNs\n", IMG_Name(img).c_str(), IMG_Id(img),
(unsigned long)IMG_LowAddress(img), (unsigned long)IMG_HighAddress(img), (unsigned long)IMG_LoadOffset(img), nSecs, nRtns);
}
}
/**
* Given an address, this function determines the name of the loaded module the
* address belongs to. If the address does not belong to any module, the empty
* string is returned.
**/
std::string getModule(ADDRINT address)
{
// To find the module name of an address, iterate over all sections of all
// modules until a section is found that contains the address.
for(IMG img=APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
{
for(SEC sec=IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
if (address >= SEC_Address(sec) && address < SEC_Address(sec) + SEC_Size(sec))
{
return extractFilename(IMG_Name(img));
}
}
}
return "";
}
/**
* Determines whether a given address belongs to a known module or not.
**/
bool isUnknownAddress(ADDRINT address)
{
// An address belongs to a known module, if the address belongs to any
// section of any module in the target address space.
for(IMG img=APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
{
for(SEC sec=IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
if (address >= SEC_Address(sec) && address < SEC_Address(sec) + SEC_Size(sec))
{
return false;
}
}
}
return true;
}
float ProcInfo::GetEntropy(){
IMG binary_image = APP_ImgHead();
const double d1log2 = 1.4426950408889634073599246810023;
double Entropy = 0.0;
unsigned long Entries[256];
unsigned char* Buffer;
ADDRINT start_address = IMG_LowAddress(binary_image);
ADDRINT end_address = IMG_HighAddress(binary_image);
UINT32 size = end_address - start_address;
Buffer = (unsigned char *)malloc(size);
MYLOG("size to dump is %d" , size);
MYLOG("Start address is %08x" , start_address);
MYLOG("Start address is %08x" , end_address);
MYLOG("IMAGE NAME IS %s" , IMG_Name(binary_image));
PIN_SafeCopy(Buffer , (void const *)start_address , size);
memset(Entries, 0, sizeof(unsigned long) * 256);
for (unsigned long i = 0; i < size; i++)
Entries[Buffer[i]]++;
for (unsigned long i = 0; i < 256; i++)
{
double Temp = (double) Entries[i] / (double) size;
if (Temp > 0)
Entropy += - Temp*(log(Temp)*d1log2);
}
MYLOG("ENTROPY IS %f" , Entropy);
return Entropy;
}