static VOID OnFoo(CONTEXT *ctxt, THREADID tid) { if (!FoundBar) { fprintf(stderr, "Unable to find PIN_TEST_BAR()\n"); PIN_ExitProcess(1); } PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, AFUNPTR(BarAddr), PIN_PARG_END()); PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, AFUNPTR(BarAddr), PIN_PARG_END()); }
static WINDOWS::BOOL replacementRtlFreeHeap( AFUNPTR rtlFreeHeap, WINDOWS::PVOID heapHandle, WINDOWS::ULONG flags, WINDOWS::PVOID memoryPtr, CONTEXT *ctx) { WINDOWS::BOOL retval; PIN_CallApplicationFunction(ctx, PIN_ThreadId(), CALLINGSTD_STDCALL, rtlFreeHeap, PIN_PARG(WINDOWS::BOOL), &retval, PIN_PARG(WINDOWS::PVOID), heapHandle, PIN_PARG(WINDOWS::ULONG), flags, PIN_PARG(WINDOWS::PVOID), memoryPtr, PIN_PARG_END() ); EmitHeapFreeRecord(PIN_ThreadId(), heapHandle, memoryPtr); return retval; }
VOID REPLACE_ReplacedXmmRegs(CONTEXT *context, THREADID tid, AFUNPTR originalFunction) { printf ("TOOL in REPLACE_ReplacedXmmRegs\n"); fflush (stdout); CONTEXT writableContext, *ctxt; if (KnobUseIargConstContext) { // need to copy the ctxt into a writable context PIN_SaveContext(context, &writableContext); ctxt = &writableContext; } else { ctxt = context; } /* set the xmm regs in the ctxt which is used to execute the originalFunction (via PIN_CallApplicationFunction) */ CHAR fpContextSpaceForFpConextFromPin[FPSTATE_SIZE]; FPSTATE *fpContextFromPin = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin); PIN_GetContextFPState(ctxt, fpContextFromPin); for (int i=0; i<NUM_XMM_REGS; i++) { fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0] = 0xacdcacdc; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1] = 0xacdcacdc; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2] = 0xacdcacdc; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3] = 0xacdcacdc; } PIN_SetContextFPState(ctxt, fpContextFromPin); // verify the xmm regs were set in the ctxt CHAR fpContextSpaceForFpConextFromPin2[FPSTATE_SIZE]; FPSTATE *fpContextFromPin2 = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin2); PIN_GetContextFPState(ctxt, fpContextFromPin2); for (int i=0; i<NUM_XMM_REGS; i++) { if ((fpContextFromPin->fxsave_legacy._xmms[i]._vec64[0] !=fpContextFromPin2->fxsave_legacy._xmms[i]._vec64[0]) || (fpContextFromPin->fxsave_legacy._xmms[i]._vec64[1] !=fpContextFromPin2->fxsave_legacy._xmms[i]._vec64[1])) { printf("TOOL ERROR at xmm[%d] (%lx %lx %lx %lx) (%lx %lx %lx %lx)\n", i, (unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0], (unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1], (unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2], (unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3], (unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[0], (unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[1], (unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[2], (unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[3]); exit (-1); } } // call the originalFunction function with the xmm regs set from above printf("TOOL Calling replaced ReplacedXmmRegs()\n"); fflush (stdout); PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, originalFunction, PIN_PARG_END()); printf("TOOL Returned from replaced ReplacedXmmRegs()\n"); fflush (stdout); if (executeAtAddr != 0) { // set xmm regs to other values for (int i=0; i<NUM_XMM_REGS; i++) { fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0] = 0xdeadbeef; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1] = 0xdeadbeef; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2] = 0xdeadbeef; fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3] = 0xdeadbeef; } PIN_SetContextFPState(ctxt, fpContextFromPin); // execute the application function ExecuteAtFunc with the xmm regs set PIN_SetContextReg(ctxt, REG_INST_PTR, executeAtAddr); printf("TOOL Calling ExecutedAtFunc\n"); fflush (stdout); PIN_ExecuteAt (ctxt); printf("TOOL returned from ExecutedAtFunc\n"); fflush (stdout); } }
VOID REPLACE_ReplacedX87Regs(CONTEXT *context, THREADID tid, AFUNPTR originalFunction) { printf ("TOOL in REPLACE_ReplacedX87Regs x87 regs are:\n"); fflush (stdout); CHAR fpContextSpaceForFpConextFromPin[FPSTATE_SIZE]; FPSTATE *fpContextFromPin = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin); PIN_GetContextFPState(context, fpContextFromPin); // verfiy that x87 registers are as they were set by the app just before the call to // ReplacedX87Regs, which is replaced by this function /* app set the x87 fp regs just before the call to ReplacedX87Regs as follows _mxcsr 1f80 _st[0] 0 3fff 80000000 0 _st[1] 0 3fff 80000000 0 _st[2] 0 3fff 80000000 0 _st[3] 0 5a5a 5a5a5a5a 5a5a5a5a _st[4] 0 5a5a 5a5a5a5a 5a5a5a5a _st[5] 0 5a5a 5a5a5a5a 5a5a5a5a _st[6] 0 5a5a 5a5a5a5a 5a5a5a5a _st[7] 0 5a5a 5a5a5a5a 5a5a5a5a */ printf ("_mxcsr %x\n", fpContextFromPin->fxsave_legacy._mxcsr); if (fpContextFromPin->fxsave_legacy._mxcsr & 0x200) { printf ("***Error divide by zero should be masked\n"); exit (-1); } int i; for (i=0; i<3; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); printf ("_st[%d] %x %x %x %x\n", i,ptr->_hi2,ptr->_hi1,ptr->_lo2,ptr->_lo1); if (ptr->_hi2 != 0 && ptr->_hi1 != 0x3fff && ptr->_lo2 != 0x80000000 && ptr->_lo1 != 0) { printf ("***Error in this _st\n"); exit(-1); } } for (; i< 8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); printf ("_st[%d] %x %x %x %x\n", i,ptr->_hi2,ptr->_hi1,ptr->_lo2,ptr->_lo1); if (ptr->_hi2 != 0 && ptr->_hi1 != 0x5a5a && ptr->_lo2 != 0x5a5a5a5a && ptr->_lo1 != 0x5a5a5a5a) { printf ("***Error in this _st\n"); exit(-1); } } CONTEXT writableContext, *ctxt; if (KnobUseIargConstContext) { // need to copy the ctxt into a writable context PIN_SaveContext(context, &writableContext); ctxt = &writableContext; } else { ctxt = context; } /* set the x87 regs in the ctxt which is used to execute the originalFunction (via PIN_CallApplicationFunction) */ PIN_GetContextFPState(ctxt, fpContextFromPin); for (i=0; i< 8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); ptr->_hi2=0xacdcacdc; ptr->_hi1=0xacdcacdc; ptr->_lo2=0xacdcacdc; ptr->_lo1=0xacdcacdc; } fpContextFromPin->fxsave_legacy._mxcsr |= (0x200); // mask divide by zero PIN_SetContextFPState(ctxt, fpContextFromPin); // verify the setting worked for (i=0; i<8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); ptr->_hi2=0x0; ptr->_hi1=0x0; ptr->_lo2=0x0; ptr->_lo1=0x0; } PIN_GetContextFPState(ctxt, fpContextFromPin); for (i=0; i<8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); if (ptr->_hi2 != 0xacdcacdc || ptr->_hi2 != 0xacdcacdc || ptr->_lo2!= 0xacdcacdc || ptr->_lo1!= 0xacdcacdc ) { printf ("TOOL error1 in setting fp context in REPLACE_ReplacedX87Regs\n"); exit (-1); } } // call the originalFunction function with the xmm regs set from above printf("TOOL Calling replaced ReplacedX87Regs()\n"); fflush (stdout); PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, originalFunction, PIN_PARG_END()); printf("TOOL Returned from replaced ReplacedX87Regs()\n"); fflush (stdout); if (executeAtAddr != 0) { for (i=0; i< 8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); ptr->_hi2=0xcacdcacd; ptr->_hi1=0xcacdcacd; ptr->_lo2=0xcacdcacd; ptr->_lo1=0xcacdcacd; } PIN_SetContextFPState(ctxt, fpContextFromPin); // verify the setting worked for (i=0; i<8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); ptr->_hi2=0x0; ptr->_hi1=0x0; ptr->_lo2=0x0; ptr->_lo1=0x0; } PIN_GetContextFPState(ctxt, fpContextFromPin); for (i=0; i<8; i++) { RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw); if (ptr->_hi2 != 0xcacdcacd || ptr->_hi2 != 0xcacdcacd || ptr->_lo2!= 0xcacdcacd || ptr->_lo1!= 0xcacdcacd ) { printf ("TOOL error2 in setting fp context in REPLACE_ReplacedX87Regs\n"); exit (-1); } } // execute the application function ExecuteAtFunc with the xmm regs set PIN_SetContextReg(ctxt, REG_INST_PTR, executeAtAddr); printf("TOOL Calling ExecutedAtFunc\n"); fflush (stdout); PIN_ExecuteAt (ctxt); printf("TOOL returned from ExecutedAtFunc\n"); fflush (stdout); } }