VOID Routine(RTN rtn, VOID *v)
{
RTN_Open(rtn);
RTN_NAME * rn = new RTN_NAME;
if (KnobOnly){
if(IMG_IsMainExecutable(SEC_Img(RTN_Sec(rtn))) \
/*&& std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/libSystem.B.dylib")!=0 \*/
|| std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/system/libsystem_malloc.dylib")==0)
{
funcList.push_back(RTN_Name(rtn));
cerr << "Getting "<< RTN_Name(rtn) <<endl ;
//RTN_Close(rtn);
//return ;
}
}
if(KnobOnly && find (funcList.begin(), funcList.end(), RTN_Name(rtn)) == funcList.end()){
cerr << "excluding : " << RTN_Name(rtn) ;
cerr << IMG_Name(SEC_Img(RTN_Sec(rtn))) << endl;
RTN_Close(rtn);
return;
}
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fin
rn->_name = RTN_Name(rtn);
rn->_image = IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str();
rn->_address = RTN_Address(rtn);
//_address = RTN_Address(rtn);
// Insert a call at the entry point of a routine to increment the call count
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)print, IARG_PTR, rn,IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)ret,IARG_PTR,rn,IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
//INS_InsertCall(RTN_InsTail(rtn), IPOINT_BEFORE, (AFUNPTR)ret, IARG_END);
RTN_Close(rtn);
}
// Pin calls this function every time a new rtn is executed
VOID Routine(RTN rtn, VOID *v)
{
// Allocate a counter for this routine
RTN_COUNT * rc = new RTN_COUNT;
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fini
rc->_name = RTN_Name(rtn);
rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str());
rc->_address = RTN_Address(rtn);
rc->_icount = 0;
rc->_rtnCount = 0;
// Add to list of routines
rc->_next = RtnList;
RtnList = rc;
RTN_Open(rtn);
// Insert a call at the entry point of a routine to increment the call count
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_rtnCount), IARG_END);
// For each instruction of the routine
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
// Insert a call to docount to increment the instruction counter for this rtn
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_icount), IARG_END);
}
RTN_Close(rtn);
}
BaseIRBuilder::BaseIRBuilder(__uint address, const std::string &dis) {
RTN rtn;
SEC sec;
IMG img;
this->address = address;
this->branchTaken = false;
this->branchTargetAddress = 0;
this->disas = dis;
this->needSetup = false;
this->nextAddress = 0;
this->imageName = "unknown";
this->sectionName = "unknown";
rtn = RTN_FindByAddress(address);
if (RTN_Valid(rtn)) {
sec = RTN_Sec(rtn);
if (SEC_Valid(sec)) {
this->sectionName = SEC_Name(sec);
img = SEC_Img(sec);
if (IMG_Valid(img)) {
this->baseAddress = IMG_LowAddress(img);
this->imageName = IMG_Name(img);
}
}
}
this->offset = this->address - this->baseAddress;
this->routineName = RTN_FindNameByAddress(address);
if (this->routineName.empty())
this->routineName = "unknown";
}
/*****************************************************************************
函 数 名 : rtn
功能描述 : Pin calls this function every time a new rtn is executed
输入参数 : RTN rtn
VOID * v
输出参数 : 无
返 回 值 :
调用函数 :
被调函数 :
修改历史 :
1.日 期 : 2012年5月16日
作 者 : @zhi
修改内容 : 新生成函数
*****************************************************************************/
VOID rtn(RTN rtn, VOID * v)
{
//干掉系统的动态连接库, 即IMG为/lib/*
if(EXCEPT_SEC == IMG_Name(SEC_Img(RTN_Sec(rtn)))
.substr(0, EXCEPT_SEC.size()))
{
return;
}
RTN_Open(rtn);
if ( g_backTraceFlg )
{
//第一次进入,回溯已调用的函数(附加到进程模式)
//, 参数为待执行函数的函数名,函数起始地址,函数EBP(函数初始未压栈)
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)traceBack,
//IARG_PTR, RTN_Name(rtn).c_str(),
//IARG_ADDRINT, RTN_Address(rtn),
IARG_REG_VALUE, REG_STACK_PTR,
IARG_REG_VALUE, REG_EBP, IARG_END);
}
RTN_InsertCall(rtn, IPOINT_BEFORE,
(AFUNPTR)funcPackage,
IARG_PTR, RTN_Name(rtn).c_str(),
IARG_ADDRINT, RTN_Address(rtn),
IARG_REG_VALUE, REG_EBP,
//IARG_REG_VALUE, REG_STACK_PTR, IARG_END);
IARG_END);
RTN_Close(rtn);
}
// -------------------------------------------------------------
// Check if routine is plt stub
// -------------------------------------------------------------
static BOOL IsPLT(RTN rtn) {
// All .plt thunks have a valid RTN
if (!RTN_Valid(rtn)) return FALSE;
if (".plt" == SEC_Name(RTN_Sec(rtn))) return TRUE;
return FALSE;
}
IMG GetImgByTrace(TRACE trace) {
IMG img = IMG_Invalid();
RTN rtn = TRACE_Rtn(trace);
if (RTN_Valid(rtn)) {
SEC sec = RTN_Sec(rtn);
if (SEC_Valid(sec)) {
img = SEC_Img(sec);
}
}
return img;
}
static BOOL IsPLT(TRACE trace)
{
RTN rtn = TRACE_Rtn(trace);
// All .plt thunks have a valid RTN
if (!RTN_Valid(rtn))
return FALSE;
if (".plt" == SEC_Name(RTN_Sec(rtn)))
return TRUE;
return FALSE;
}
static BOOL traceFromExecutable(TRACE trace)
{
RTN rtn = TRACE_Rtn(trace);
if (!RTN_Valid(rtn))
return FALSE;
SEC sec = RTN_Sec(rtn);
if (!SEC_Valid(sec))
return FALSE;
IMG img = SEC_Img(sec);
if (!IMG_Valid(img))
return FALSE;
return IMG_IsMainExecutable(img);
}
VOID Trace(TRACE trace, VOID *v)
{
if ( KnobNoSharedLibs.Value()
&& IMG_Type(SEC_Img(RTN_Sec(TRACE_Rtn(trace)))) == IMG_TYPE_SHAREDLIB)
return;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// Insert instrumentation to count the number of times the bbl is executed
BBLSTATS * bblstats = new BBLSTATS(BBL_Address(bbl), BBL_Size(bbl));
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(bblstats->_executed), IARG_END);
// Remember the counter and stats so we can compute a summary at the end
statsList.push_back(bblstats);
}
}
// -------------------------------------------------------------
// STool_LibraryIDByAddr
// -------------------------------------------------------------
// Return ID of the library of the routine to which the instruction
// at address rtnAddr belongs, or STool_INVALID_LIB, if rtnAddr does not belong to
// any routine.
UINT32 STool_LibraryIDByAddr(ADDRINT rtnAddr){
PIN_LockClient();
const RTN rtn = RTN_FindByAddress(rtnAddr);
UINT32 libID;
if( RTN_Valid(rtn) )
libID = IMG_Id(SEC_Img(RTN_Sec(rtn)));
else libID = STool_INVALID_LIB;
PIN_UnlockClient();
return libID;
}
std::string getImageName(triton::__uint address) {
RTN rtn;
SEC sec;
IMG img;
PIN_LockClient();
rtn = RTN_FindByAddress(address);
PIN_UnlockClient();
if (RTN_Valid(rtn)) {
sec = RTN_Sec(rtn);
if (SEC_Valid(sec)) {
img = SEC_Img(sec);
if (IMG_Valid(img)) {
return IMG_Name(img);
}
}
}
return "";
}
triton::__uint getBaseAddress(triton::__uint address) {
RTN rtn;
SEC sec;
IMG img;
PIN_LockClient();
rtn = RTN_FindByAddress(address);
PIN_UnlockClient();
if (RTN_Valid(rtn)) {
sec = RTN_Sec(rtn);
if (SEC_Valid(sec)) {
img = SEC_Img(sec);
if (IMG_Valid(img)) {
return IMG_LowAddress(img);
}
}
}
return 0;
}
const string& Target2LibName(ADDRINT target)
{
PIN_LockClient();
const RTN rtn = RTN_FindByAddress(target);
static const string _invalid_rtn("[Unknown image]");
string name;
if( RTN_Valid(rtn) ) {
name = IMG_Name(SEC_Img(RTN_Sec(rtn)));
} else {
name = _invalid_rtn;
}
PIN_UnlockClient();
return *new string(name);
}
VOID Routine(RTN rtn, VOID *v)
{
// Allocate a counter for this routine
RTN_COUNT * rc = new RTN_COUNT;
// The RTN goes away when the image is unloaded, so save it now
// because we need it in the fini
rc->_name = RTN_Name(rtn);
rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str());
rc->_address = RTN_Address(rtn);
rc->_next = RtnList;
RtnList = rc;
if(!startSymbolAddress && rc->_name == start_symbol) {
startSymbolAddress = rc->_address;
}
if(!stopSymbolAddress && rc->_name == stop_symbol) {
stopSymbolAddress = rc->_address;
}
RTN_Open(rtn);
if (rc->_address == startSymbolAddress || rc->_address == stopSymbolAddress) {
if (rc->_address == startSymbolAddress) {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)startRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
LOG("Instrumented start symbol\n");
} else {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)stopRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
LOG("Instrumented stop symbol\n");
}
}else {
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)routineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
}
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)routineExit, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END);
RTN_Close(rtn);
}
VOID Trace(TRACE trace, VOID *v)
{
const RTN rtn = TRACE_Rtn(trace);
if (! RTN_Valid(rtn))
return;
const SEC sec = RTN_Sec(rtn);
ASSERTX(SEC_Valid(sec));
const IMG img = SEC_Img(sec);
ASSERTX(IMG_Valid(img));
if ( KnobNoSharedLibs.Value() && IMG_Type(img) == IMG_TYPE_SHAREDLIB)
return;
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// Record the registers into a dummy buffer so we can count them
#define MAX_STATS_PER_BLOCK (128*1024)
UINT16 buffer[MAX_STATS_PER_BLOCK];
INT32 count = RecordRegisters(bbl, buffer, MAX_STATS_PER_BLOCK);
ASSERTX(count < MAX_STATS_PER_BLOCK);
// Summarize the stats for the bbl in a 0 terminated list
// This is done at instrumentation time
UINT16 * stats = new UINT16[count];
memcpy(stats, buffer, count * sizeof(UINT16));
// Insert instrumentation to count the number of times the bbl is executed
BBLSTATS * bblstats = new BBLSTATS(stats);
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount),
IARG_PTR, bblstats->_counter,
IARG_THREAD_ID,
IARG_END);
// Remember the counter and stats so we can compute a summary at the end
statsList.push_back(bblstats);
}
}
VOID Trace(TRACE trace, VOID *v)
{
if ( KnobNoSharedLibs.Value()
&& IMG_Type(SEC_Img(RTN_Sec(TRACE_Rtn(trace)))) == IMG_TYPE_SHAREDLIB)
return;
const BOOL accurate_handling_of_predicates = KnobProfilePredicated.Value();
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
// Summarize the stats for the bbl in a 0 terminated list
// This is done at instrumentation time
UINT16 * stats = new UINT16[BBL_NumIns(bbl) + 1];
INT32 index = 0;
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
// Count the number of times a predicated instruction is actually executed
// this is expensive and hence disabled by default
if( INS_IsPredicated(ins) && accurate_handling_of_predicates )
{
INS_InsertPredicatedCall(ins,
IPOINT_BEFORE,
AFUNPTR(docount),
IARG_PTR, &(GlobalStatsDynamic.predicated_true[INS_Category(ins)]),
IARG_END);
}
stats[index++] = INS_GetStatsIndex(ins);
}
stats[index] = 0;
// Insert instrumentation to count the number of times the bbl is executed
BBLSTATS * bblstats = new BBLSTATS(stats);
INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(bblstats->_counter), IARG_END);
// Remember the counter and stats so we can compute a summary at the end
statsList.push_back(bblstats);
}
}
VOID Trace(TRACE trace, VOID *v)
{
const BOOL print_args = KnobPrintArgs.Value();
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
INS tail = BBL_InsTail(bbl);
if( INS_IsCall(tail) )
{
if( INS_IsDirectBranchOrCall(tail) )
{
const ADDRINT target = INS_DirectBranchOrCallTargetAddress(tail);
if( print_args )
{
INS_InsertPredicatedCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args),
IARG_PTR, Target2String(target), IARG_G_ARG0_CALLER, IARG_END);
}
else
{
INS_InsertPredicatedCall(tail, IPOINT_BEFORE, AFUNPTR(do_call),
IARG_PTR, Target2String(target), IARG_END);
}
}
else
{
if( print_args )
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_G_ARG0_CALLER, IARG_END);
}
else
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
}
}
}
else
{
// sometimes code is not in an image
RTN rtn = TRACE_Rtn(trace);
// also track stup jumps into share libraries
if( RTN_Valid(rtn) && !INS_IsDirectBranchOrCall(tail) && ".plt" == SEC_Name( RTN_Sec( rtn ) ))
{
if( print_args )
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_G_ARG0_CALLER, IARG_END);
}
else
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
}
}
}
}
}
int rtn_sec (lua_State *L) {
RTN* v1 = check_rtn(L,1);
SEC_to_lua(L, RTN_Sec(*v1));
return 1;
}
VOID Image(IMG img, VOID *v)
{
// Find main. We won't do anything before main starts.
RTN rtn = RTN_FindByName(img, "main");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)callBeforeMain, IARG_END);
// RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)callAfterMain, IARG_END);
RTN_Close(rtn);
}
// iterate all rtn
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
// printf (" Rtn: %s\n", RTN_Name(rtn).c_str());
RTN_Open(rtn);
const char * rtnName = StripPath(RTN_Name(rtn).c_str());
RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)RTNEntry,
IARG_ADDRINT, rtnName, IARG_END);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)RTNExit,
IARG_ADDRINT, rtnName, IARG_END);
RTN_Close(rtn);
}
}
// Instrument the malloc() and free() functions. Print the input argument
// of each malloc() or free(), and the return value of malloc().
//
// Find the malloc() function.
RTN mallocRtn = RTN_FindByName(img, MALLOC);
if (RTN_Valid(mallocRtn))
{
RTN_Open(mallocRtn);
const char * imageName = StripPath(IMG_Name(SEC_Img(RTN_Sec(mallocRtn))).c_str());
// Instrument malloc() to print the input argument value and the return value.
RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)MallocBefore,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_ADDRINT, imageName,
IARG_END);
RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);
RTN_Close(mallocRtn);
}
// Find the free() function.
RTN freeRtn = RTN_FindByName(img, FREE);
if (RTN_Valid(freeRtn))
{
RTN_Open(freeRtn);
// Instrument free() to print the input argument value.
RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)FreeBefore,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_Close(freeRtn);
}
}
VOID Trace(TRACE trace, VOID *v)
{
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
INS tail = BBL_InsTail(bbl);
if( INS_IsCall(tail) )
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
}
else
{
// sometimes code is not in an image
RTN rtn = TRACE_Rtn(trace);
// also track stup jumps into share libraries
if( RTN_Valid(rtn) && !INS_IsDirectBranchOrCall(tail) && ".plt" == SEC_Name( RTN_Sec( rtn ) ))
{
INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect),
IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END);
}
}
}
}
// Pin calls this function every time a new rtn is executed
VOID Routine(RTN rtn, VOID *v)
{
TraceFile << "Image: " << StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str()) << " Address: " << RTN_Address(rtn) << " Procedure: " << RTN_Name(rtn) << endl;
}
