Ejemplo n.º 1
0
VOID Trace(TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        BBL_InsertCall(bbl, IPOINT_ANYWHERE, (AFUNPTR)LogBBL, IARG_FAST_ANALYSIS_CALL, IARG_ADDRINT, BBL_Address(bbl), IARG_END);
    }
}
Ejemplo n.º 2
0
VOID Trace (TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
            if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
            {
                xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
                if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
                {
                    xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
                    if (iclass3 == XED_ICLASS_FLD1)
                    {
                        printf ("found fld1 sequence at %x\n", INS_Address(INS_Next(INS_Next(ins))));
                        
                        {
                            INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, AFUNPTR(CallToFldzToTop3), IARG_END);
                            printf ("Inserted call1 to FldzToTop3 after instruction at %x\n", INS_Address(INS_Next(INS_Next(ins))));
                            
                        }
                    }
                }
            }
        }
    }
}
VOID Trace (TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
            if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
            {
                xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
                if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
                {
                    xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
                    if (iclass3 == XED_ICLASS_FLD1)
                    {
                        printf ("tool: found fld1 sequence at %p\n", (void *)INS_Address(INS_Next(INS_Next(ins))));
                        fflush (stdout);
                        // Insert an analysis call that will cause the xmm scratch registers to be spilled
                        INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, (AFUNPTR)SetXmmScratchesFun, IARG_END);
                        return;
                    }
                }
            }
        }
    }
}
Ejemplo n.º 4
0
// We have to instrument traces in order to instrument each BBL, the API doesn't have a BBL_AddInstrumentFunction
VOID trace_instrumentation(TRACE trace, VOID *v)
{
    // We don't want to instrument the BBL contained in the Windows API
    if(is_address_in_blacklisted_modules(TRACE_Address(trace)))
        return;

    for(BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        // What's going on under the hood
        // LOG("[INSTRU] BBL Address: " + hexstr(BBL_Address(bbl)) + ", " + hexstr(BBL_NumIns(bbl)) + "\n");
        
        // Insert a call to handle_basic_block before every basic block, passing the number of instructions
        BBL_InsertCall(
            bbl,
            IPOINT_ANYWHERE,
            (AFUNPTR)handle_basic_block,
            IARG_FAST_ANALYSIS_CALL, // Use a faster linkage for calls to analysis functions. Add PIN_FAST_ANALYSIS_CALL to the declaration between the return type and the function name. You must also add IARG_FAST_ANALYSIS_CALL to the InsertCall. For example:

            IARG_UINT32,
            BBL_NumIns(bbl),

            IARG_ADDRINT,
            BBL_Address(bbl),

            IARG_END
        );
    }
}
Ejemplo n.º 5
0
VOID Trace(TRACE trace, VOID *v)
{
        
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        INS tail = BBL_InsTail(bbl);
        
        if( INS_IsCall(tail) )
        {
            INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
                               IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
        }
        else
        {
            // sometimes code is not in an image
            RTN rtn = TRACE_Rtn(trace);
            
            // also track stup jumps into share libraries
            if( RTN_Valid(rtn) && !INS_IsDirectBranchOrCall(tail) && ".plt" == SEC_Name( RTN_Sec( rtn ) ))
            {
                INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
                               IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
            }
        }
        
    }
}
Ejemplo n.º 6
0
VOID Trace (TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            xed_iclass_enum_t iclass1 = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
            if (iclass1 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(ins)))
            {
                xed_iclass_enum_t iclass2 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(ins)));
                if (iclass2 == XED_ICLASS_FLD1 && INS_Valid(INS_Next(INS_Next(ins))))
                {
                    xed_iclass_enum_t iclass3 = static_cast<xed_iclass_enum_t>(INS_Opcode(INS_Next(INS_Next(ins))));
                    if (iclass3 == XED_ICLASS_FLD1)
                    {
                        printf ("found fld1 sequence at %lx\n", (unsigned long)(INS_Address(INS_Next(INS_Next(ins)))));
                        if (testNum == 0)
                        {
                            INS_InsertCall(INS_Next(INS_Next(ins)), IPOINT_AFTER, AFUNPTR(CallToUnMaskZeroDivideInMxcsr), IARG_END);
                            printf ("Inserted call1 to UnMaskZeroDivideInMxcsr after instruction at %lx\n",
                                    (unsigned long)(INS_Address(INS_Next(INS_Next(ins)))));
                            testNum++;
                        }
                        return;
                    }
                }
            }
        }
    }
}
VOID PolymorphicCodeHandlerModule::inspectTrace(TRACE trace){
	// set the range of address in which the current trace resides
	this->trace_head = TRACE_Address(trace);
	this->trace_tail = trace_head + TRACE_Size(trace);
	for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {	
			// for ech instruction we have to check if it has been overwritten by a previous instruction of the current trace (polimiorfic code detection)
			INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(checkIfWrittenAddress), 
				IARG_INST_PTR, 
				IARG_CONTEXT, 
				IARG_UINT32, INS_Size(ins), 
				IARG_PTR, this,
				IARG_END);				
			for (UINT32 op = 0; op<INS_MemoryOperandCount(ins); op++) {
				if(INS_MemoryOperandIsWritten(ins,op)){	
					// for each write operation we have to check if the traget address is inside the current trace (attempt to write polimorfic code)
					INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(polimorficCodeHandler),
						IARG_INST_PTR,
						IARG_MEMORYOP_EA, op,
						IARG_PTR, this,
						IARG_END);		
				}	
			}					
        }
    }
}
Ejemplo n.º 8
0
VOID Trace(TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)docount, IARG_UINT32, BBL_NumIns(bbl), IARG_END);
    }
}
Ejemplo n.º 9
0
VOID Trace(TRACE trace, VOID *v)
{
    BOOL rewrite = false;
    
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            // If we see an instruction that needs rewriting, then rewrite all
            if (SwizzleRefs.find(INS_Address(ins)) != SwizzleRefs.end())
                rewrite = true;
        
            if (rewrite)
            {
                // If we suspect this instruction needs to be swizzled, generate safe, but slow code
                RewriteIns(ins);
            }
            else
            {
                // Generate code to check if swizzling is needed, but not do it
                CheckIns(ins, TRACE_Address(trace));
            }
        }
    }
}
Ejemplo n.º 10
0
// Pin calls this function every time a new basic block is encountered
// It inserts a call to docount
VOID Trace(TRACE trace, VOID *v)
{
    // Visit every basic block in the trace
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            if (INS_IsMemoryRead(ins))
            {
                INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)ReadAlways, IARG_MEMORYREAD_EA, IARG_END);
                INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)ReadRare, IARG_MEMORYREAD_EA, IARG_END);
            }
        }
            
        // Always()->Rare() are partially inlined
        BBL_InsertIfCall(bbl,   IPOINT_BEFORE, (AFUNPTR)Always, IARG_END);
        BBL_InsertThenCall(bbl, IPOINT_BEFORE, (AFUNPTR)Rare, IARG_END);

        // Always()->Rare() are partially inlined
        BBL_InsertIfCall(bbl,   IPOINT_BEFORE, (AFUNPTR)AlwaysNoinline, IARG_END);
        BBL_InsertThenCall(bbl, IPOINT_BEFORE, (AFUNPTR)RareNoinline, IARG_END);

        // Noinline() is not inlined
        BBL_InsertCall(bbl, IPOINT_BEFORE, (AFUNPTR)Noinline, IARG_END);
    }
}
Ejemplo n.º 11
0
VOID Trace(TRACE trace, VOID *)
{
    if (!EnableInstrumentation)
        return;

    for (BBL bbl = TRACE_BblHead(trace);  BBL_Valid(bbl);  bbl = BBL_Next(bbl))
        BBL_InsertCall(bbl, IPOINT_BEFORE, AFUNPTR(CheckPC), IARG_INST_PTR, IARG_END);
}
Ejemplo n.º 12
0
// Pin calls this function every time a new instruction is encountered
void Trace(TRACE trace , void *v)
{
	for(BBL bbl= TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)){
		for( INS ins = BBL_InsHead(bbl); INS_Valid(ins) ; ins =INS_Next(ins)){
			oepf.IsCurrentInOEP(ins);
		}
	}
}
Ejemplo n.º 13
0
static VOID Trace(TRACE trace, VOID *v)
{
    RTN rtn = TRACE_Rtn(trace);
    
    ADDRINT version = TRACE_Version(trace);
    // If we are not in watch_rtn, switch back to base version
    if (!RTN_Valid(rtn) || RTN_Name(rtn) != watch_rtn)
    {
        if (version != VERSION_BASE)
            BBL_SetTargetVersion(TRACE_BblHead(trace), VERSION_BASE);
        return;
    }

    if (TRACE_Address(trace) == RTN_Address(rtn)) {
        INS ins = BBL_InsHead(TRACE_BblHead(trace));
        if (version == VERSION_BASE) 
        {
            // version_reg is used to select the version, use the first
            // argument of watch_rtn to set it
            INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(select_version),
                           IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
                           IARG_RETURN_REGS, version_reg,
                           IARG_END);
            // IF we are in the base version, decide if we should go to the
            // other versions
            // Note that the version instrumentation will occur before any
            // following instrumentation done on this ins
            INS_InsertVersionCase(ins, version_reg, 10, VERSION_1, IARG_END);
            INS_InsertVersionCase(ins, version_reg, 20, VERSION_2, IARG_END);
            printf ("Instrumentation at %p\n", reinterpret_cast<void *>(INS_Address(ins)));
        }
    }

    INS ins = BBL_InsHead(TRACE_BblHead(trace));
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) 
    {
        // Instrumentation depends on version
        // These instrumentations occur after the preceeding version instrumentation
        // (i.e. the instrumentation inserted by the above INS_InsertVersionCase calls
        switch(version) {
          case VERSION_BASE:
            INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
                             IARG_PTR, "version base", IARG_END);
            break;
          case VERSION_1:
            INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
                             IARG_PTR, "version 1", IARG_END);
            break;
          case VERSION_2:
            INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Emit),
                             IARG_PTR, "version 2", IARG_END);
            break;
          default:
            assert(0);
            break;
        }
    }
}
Ejemplo n.º 14
0
VOID Trace(TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblTail(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
        if (BBL_HasFallThrough(bbl)) {
            INS ins = BBL_InsTail(bbl);
            TEST(INS_HasFallThrough(ins), "BBL_HasFallThrough or INS_HasFallThrough failed");
        }
    }
}
 static void instrument_trace(TRACE trace, VOID *v)
 {
     sse_aligner_t* pthis = static_cast<sse_aligner_t*>(v);
     bool is_read = false;
     for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
         for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
             if (check_for_sse_memop(ins, is_read, pthis))
                 rewrite_instruction(ins, is_read, pthis);
 }
Ejemplo n.º 16
0
/*!
 * Insert call to the CountBbl() analysis routine before every basic block 
 * of the trace.
 * This function is called every time a new trace is encountered.
 * @param[in]   trace    trace to be instrumented
 * @param[in]   v        value specified by the tool in the TRACE_AddInstrumentFunction
 *                       function call
 */
VOID Trace(TRACE trace, VOID *v)
{
    // Visit every basic block in the trace
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        // Insert a call to CountBbl() before every basic bloc, passing the number of instructions
        BBL_InsertCall(bbl, IPOINT_BEFORE, (AFUNPTR)CountBbl, IARG_UINT32, BBL_NumIns(bbl), IARG_END);
    }
}
Ejemplo n.º 17
0
VOID TraceInserted(TRACE trace, VOID *)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            cacheInstructions++;
        }
    }
}
Ejemplo n.º 18
0
void Trace(TRACE trace, void *v) 
{
    // for each bbl in the application trace...
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) 
    {
        // args:    bbl=bbl, IPOINT_BEFORE=insert before bbl, checkBBL=ptr to function to insert, 
        //          IARG_PTR=function argument type, BBL_Address(bbl)=function argument, IARG_END=end of arguement marker
        BBL_InsertCall(bbl, IPOINT_BEFORE, (AFUNPTR)checkBBL, IARG_PTR, BBL_Address(bbl), IARG_END);
    }
} 
Ejemplo n.º 19
0
VOID Trace(TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))

	BBL_InsertCall(bbl, IPOINT_ANYWHERE, AFUNPTR(Count),
		IARG_FAST_ANALYSIS_CALL,
		IARG_THREAD_ID,
		IARG_UINT32, BBL_NumIns(bbl),
		IARG_END);
}
Ejemplo n.º 20
0
VOID Trace(TRACE trace, VOID *v)
{
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            RewriteIns(ins);
        }
    }
}
// Pin calls this function every time a new basic block is encountered
// It inserts a call to docount
VOID Trace(TRACE trace, VOID *v)
{
    // Visit every basic block  in the trace
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        // Insert a call to docount for every bbl, passing the number of instructions.
        // IPOINT_ANYWHERE allows Pin to schedule the call anywhere in the bbl to obtain best performance.
        // Use a fast linkage for the call.
        BBL_InsertCall(bbl, IPOINT_ANYWHERE, AFUNPTR(docount), IARG_FAST_ANALYSIS_CALL, IARG_UINT32, BBL_NumIns(bbl), IARG_END);
    }
}
Ejemplo n.º 22
0
// Pin calls this function every time a new basic block is encountered.
// It inserts a call to docount.
VOID Trace(TRACE trace, VOID *v)
{
    // Visit every basic block  in the trace
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        // Insert a call to docount for every bbl, passing the number of instructions.
        
        BBL_InsertCall(bbl, IPOINT_ANYWHERE, (AFUNPTR)docount, IARG_FAST_ANALYSIS_CALL,
                       IARG_UINT32, BBL_NumIns(bbl), IARG_THREAD_ID, IARG_END);
    }
}
Ejemplo n.º 23
0
VOID DumpTrace(CHAR * message, TRACE trace)
{
    fprintf(stderr,"\n%s:\n",message);
    
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
        {
            fprintf(stderr,"%p %s\n",(void*)INS_Address(ins),INS_Disassemble(ins).c_str());
        }
    }
}
Ejemplo n.º 24
0
VOID Trace(TRACE trace, VOID *v)
{
    static BOOL programStart = TRUE;

    if (programStart)
    {
        programStart = FALSE;
        next_pc = (void*)INS_Address(BBL_InsHead(TRACE_BblHead(trace)));
    }

    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {
        // check BBL entry PC
        INS_InsertCall(
            BBL_InsHead(bbl), IPOINT_BEFORE, (AFUNPTR)CheckPc,
            IARG_INST_PTR,
            IARG_END);

        INS tail = BBL_InsTail(bbl);
        
        if (INS_IsBranchOrCall(tail))
        {
            // record taken branch targets
            INS_InsertCall(
                tail, IPOINT_BEFORE, AFUNPTR(RecordPc),
                IARG_INST_PTR,
                IARG_BRANCH_TARGET_ADDR,
                IARG_BRANCH_TAKEN,
                IARG_END);
        }

        if (INS_HasFallThrough(tail))
        {
            // record fall-through
            INS_InsertCall(
                tail, IPOINT_AFTER, (AFUNPTR)RecordPc,
                IARG_INST_PTR,
                IARG_FALLTHROUGH_ADDR,
                IARG_BOOL,
                TRUE,
                IARG_END);
        }

#if defined(TARGET_IA32) || defined(TARGET_IA32E)
        if (INS_IsSysenter(tail) ||
            INS_HasRealRep(tail))
        { // sysenter on x86 has some funny control flow that we can't correctly verify for now
            // Genuinely REP prefixed instructions are also odd, they appear to stutter.
            INS_InsertCall(tail, IPOINT_BEFORE, (AFUNPTR)Skip, IARG_END);
        }
#endif
    }
}
Ejemplo n.º 25
0
/*
* trace inspection (instrumentation function)
*
* traverse the basic blocks (BBLs) on the trace and
* inspect every instruction for instrumenting it
* accordingly
*
* @trace:      instructions trace; given by PIN
* @v:		callback value
*/
static void
trace_inspect(TRACE trace, VOID *v)
{
	/* iterators */
	BBL bbl;
	INS ins;
	xed_iclass_enum_t ins_indx;

	/* versioning support */
	ADDRINT version, version_mask = (ADDRINT)v;

	if (version_mask) {
		/* 
		* ignore code cache versions that we
		* are not supposed to instrument
		*/
		version = TRACE_Version(trace);
		if ((version & version_mask) == 0)
			return;
	}

	/* traverse all the BBLs in the trace */
	for (bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
		/* traverse all the instructions in the BBL */
		for (ins = BBL_InsHead(bbl);
			INS_Valid(ins);
			ins = INS_Next(ins)) {
				/*
				* use XED to decode the instruction and
				* extract its opcode
				*/
				ins_indx = (xed_iclass_enum_t)INS_Opcode(ins);

				/* 
				* invoke the pre-ins instrumentation callback
				*/
				if (ins_desc[ins_indx].pre != NULL)
					ins_desc[ins_indx].pre(ins);

				/*
				* analyze the instruction (default handler)
				*/
				if (ins_desc[ins_indx].dflact == INSDFL_ENABLE)
					ins_inspect(ins);

				/* 
				* invoke the post-ins instrumentation callback
				*/
				if (ins_desc[ins_indx].post != NULL)
					ins_desc[ins_indx].post(ins);
		}
	}
}
Ejemplo n.º 26
0
VOID
Trace(TRACE trace, VOID *v)
{
	for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
		BasicBlockTrace(trace, bbl);

	 	for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) {
			CallTrace(trace, ins);
			MemoryTrace(trace, ins);
		}
	}
}
Ejemplo n.º 27
0
void trace (TRACE trace, void *v)
{
	for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
		INS tail = BBL_InsTail(bbl);
		if (INS_IsRet(tail)) {
			INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(before_return),
					IARG_THREAD_ID, IARG_REG_VALUE, REG_ESP, IARG_END);
		} else if (INS_IsCall(tail)) {
			INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(before_call),
					IARG_THREAD_ID, IARG_REG_VALUE, REG_ESP, IARG_ADDRINT, INS_NextAddress(tail), IARG_BRANCH_TARGET_ADDR, IARG_END);
		}
	}
}
Ejemplo n.º 28
0
VOID Trace(TRACE trace, VOID *v)
{
    if (rand() % 100 > 80) {
        UINT32 inscount = 0;
        for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) {
            for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) {
                inscount++;
            }
        }
        TEST(inscount == 1, "CODECACHE_ChangeMaxInsPerTrace failed");
        //cout << "trace in 0x" << TRACE_CodeCacheAddress(trace) << " has " << inscount << " INS. ";
    }
}
Ejemplo n.º 29
0
// Pin calls this function every time a new instruction is encountered
void Trace(TRACE trace , void *v)
{
	for(BBL bbl= TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)){

		fprintf(file, "----BEGIN BBL---\n");
		
		for( INS ins = BBL_InsHead(bbl); INS_Valid(ins) ; ins =INS_Next(ins)){
		   fprintf(file , "%s\n" , INS_Disassemble(ins).c_str());
		}
		
		fprintf(file, "----END BBL---\n");
	}
}
Ejemplo n.º 30
0
//--------------------------------------------------------------------------
static VOID trace_cb(TRACE trace, VOID *v)
{
  // Visit every basic block in the trace
  for ( BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl) )
  {
    for( INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins=INS_Next(ins) )
    {
      ADDRINT ea = INS_Address(ins);
      if ( !valid_ea(ea) )
        continue;

      if ( was_writen(ea) )
      {
        INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)check_unpacked_cb,
            IARG_INST_PTR,
            IARG_CONST_CONTEXT,
            IARG_THREAD_ID,
            IARG_END);
      }

      // Instruments memory accesses using a predicated call, i.e.
      // the instrumentation is called iff the instruction will actually be executed.
      //
      // The IA-64 architecture has explicitly predicated instructions. 
      // On the IA-32 and Intel(R) 64 architectures conditional moves and REP 
      // prefixed instructions appear as predicated instructions in Pin.
      UINT32 mem_operands = INS_MemoryOperandCount(ins);

      // Iterate over each memory operand of the instruction.
      for ( UINT32 mem_op = 0; mem_op < mem_operands; mem_op++ )
      {
        // Note that in some architectures a single memory operand can be 
        // both read and written (for instance incl (%eax) on IA-32)
        // In that case we instrument it once for read and once for write.
        if ( INS_MemoryOperandIsWritten(ins, mem_op) )
        {
          INS_InsertIfPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR)valid_ea,
            IARG_MEMORYOP_EA,
            mem_op, 
            IARG_END);

          INS_InsertThenPredicatedCall(
              ins, IPOINT_BEFORE, (AFUNPTR)record_mem_write_cb,
              IARG_INST_PTR,
              IARG_MEMORYOP_EA, mem_op,
              IARG_END);
        }
      }
    }
  }
}