// Pin calls this function every time a new trace is encountered
VOID InstrumentTrace(TRACE trace, VOID *v)
{
VOID * traceAddr;
VOID * traceCopyAddr;
USIZE traceSize;
traceAddr = (VOID *)TRACE_Address(trace);
#if 0
if (traceAddr < (void*)0xbf000000)
return;
fprintf(stderr,"Instrumenting trace at %p\n",traceAddr);
#endif
traceSize = TRACE_Size(trace);
traceCopyAddr = malloc(traceSize);
if (traceCopyAddr != 0)
{
memcpy(traceCopyAddr, traceAddr, traceSize);
// Insert a call to DoSmcCheck before every trace
TRACE_InsertCall(trace, IPOINT_BEFORE, (AFUNPTR)DoSmcCheck,
IARG_PTR, traceAddr,
IARG_PTR, traceCopyAddr,
IARG_UINT32 , traceSize,
IARG_CONTEXT,
IARG_END);
}
}
VOID PolymorphicCodeHandlerModule::inspectTrace(TRACE trace){
// set the range of address in which the current trace resides
this->trace_head = TRACE_Address(trace);
this->trace_tail = trace_head + TRACE_Size(trace);
for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
{
for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
{
// for ech instruction we have to check if it has been overwritten by a previous instruction of the current trace (polimiorfic code detection)
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(checkIfWrittenAddress),
IARG_INST_PTR,
IARG_CONTEXT,
IARG_UINT32, INS_Size(ins),
IARG_PTR, this,
IARG_END);
for (UINT32 op = 0; op<INS_MemoryOperandCount(ins); op++) {
if(INS_MemoryOperandIsWritten(ins,op)){
// for each write operation we have to check if the traget address is inside the current trace (attempt to write polimorfic code)
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(polimorficCodeHandler),
IARG_INST_PTR,
IARG_MEMORYOP_EA, op,
IARG_PTR, this,
IARG_END);
}
}
}
}
}
int trace_size (lua_State *L) {
TRACE* v1 = check_trace(L,1);
USIZE r = TRACE_Size(*v1);
lua_pushnumber(L, r);
return 1;
}