static VOID on_module_loading(IMG img, VOID *data)
{
if (IMG_IsMainExecutable(img))
{
RTN routine = RTN_FindByName(img, "foo1");
if (RTN_Valid(routine) && RTN_IsSafeForProbedReplacement(routine))
{
PROTO foo1_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"foo1", PIN_PARG_END() );
AFUNPTR foo1_ptr = RTN_ReplaceSignatureProbed(routine, (AFUNPTR)foo1_rep,
IARG_PROTOTYPE, foo1_proto,
IARG_ORIG_FUNCPTR,
IARG_END);
ASSERTX(foo1_ptr != 0);
}
routine = RTN_FindByName(img, "foo2");
if (RTN_Valid(routine) && RTN_IsSafeForProbedInsertion(routine))
{
PROTO foo2_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"foo2",
PIN_PARG_END() );
RTN_InsertCallProbed(routine, IPOINT_BEFORE, AFUNPTR( foo2_before ),
IARG_PROTOTYPE, foo2_proto,
IARG_END);
RTN_InsertCallProbed(routine, IPOINT_AFTER, AFUNPTR( foo2_after ),
IARG_PROTOTYPE, foo2_proto,
IARG_END);
}
static VOID OnFoo(CONTEXT *ctxt, THREADID tid)
{
if (!FoundBar)
{
fprintf(stderr, "Unable to find PIN_TEST_BAR()\n");
PIN_ExitProcess(1);
}
PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, AFUNPTR(BarAddr), PIN_PARG_END());
PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT, AFUNPTR(BarAddr), PIN_PARG_END());
}
VOID ImageLoad(IMG img, VOID *v)
{
if( !s_init )
{
s_protoAlloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_CDECL,
"malloc", PIN_PARG(size_t), PIN_PARG_END() );
s_init = true;
}
static VOID ImageLoad(IMG img, VOID *v)
{
static UINT32 mallocCount = 0;
PROTO protoMalloc = PROTO_Allocate(PIN_PARG(void *), CALLINGSTD_DEFAULT,
"malloc", PIN_PARG(size_t), PIN_PARG_END());
RTN rtnMalloc = RTN_FindByName(img, "malloc");
if (RTN_Valid(rtnMalloc))
{
TraceFile << "probing malloc #" << mallocCount << " in " << IMG_Name(img) << std::endl;
RTN_ReplaceSignatureProbed(rtnMalloc, AFUNPTR(MallocProbe),
IARG_PROTOTYPE, protoMalloc,
IARG_ORIG_FUNCPTR,
IARG_UINT32, static_cast<UINT32>(mallocCount),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
#if defined(TARGET_IPF)
IARG_REG_VALUE, REG_TP,
#else
IARG_ADDRINT, static_cast<ADDRINT>(0),
#endif
IARG_END);
mallocCount++;
}
PROTO_Free(protoMalloc);
static UINT32 freeCount = 0;
PROTO protoFree = PROTO_Allocate(PIN_PARG(void), CALLINGSTD_DEFAULT,
"free", PIN_PARG(void *), PIN_PARG_END());
RTN freeRtn = RTN_FindByName(img, "free");
if (RTN_Valid(freeRtn))
{
TraceFile << "probing free #" << freeCount << " in " << IMG_Name(img) << std::endl;
RTN_ReplaceSignatureProbed(freeRtn, AFUNPTR(FreeProbe),
IARG_PROTOTYPE, protoFree,
IARG_ORIG_FUNCPTR,
IARG_UINT32, static_cast<UINT32>(freeCount),
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
#if defined(TARGET_IPF)
IARG_REG_VALUE, REG_TP,
#else
IARG_ADDRINT, static_cast<ADDRINT>(0),
#endif
IARG_END);
freeCount++;
}
PROTO_Free(protoFree);
}
VOID ImageLoad(IMG img, VOID *v)
{
RTN rtn = RTN_FindByName(img, "TestIargPreserveInReplacement");
if (RTN_Valid(rtn))
{
printf ("found TestIargPreserveInReplacement\n");
fflush (stdout);
PROTO proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"TestIargPreserveInReplacementProto", PIN_PARG_END() );
REGSET regsFP;
REGSET_Clear(regsFP);
REGSET_Insert (regsFP, REG_X87);
RTN_ReplaceSignature(
rtn, AFUNPTR(TestIargPreserveReplacement),
IARG_PROTOTYPE, proto,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_PRESERVE, ®sFP,
IARG_END);
PROTO_Free( proto );
}
rtn = RTN_FindByName(img, "TestIargPreserveInReplacement1");
if (RTN_Valid(rtn))
{
printf ("found TestIargPreserveInReplacement1\n");
fflush (stdout);
PROTO proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"TestIargPreserveInReplacementProto", PIN_PARG_END() );
RTN_ReplaceSignature(
rtn, AFUNPTR(TestIargPreserveReplacement1),
IARG_PROTOTYPE, proto,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_END);
PROTO_Free( proto );
}
}
void ImageLoad (IMG img, void *context)
{
fprintf (stderr, "Notified of load of %s at [%p,%p]\n",
IMG_Name(img).c_str(),
(char *)IMG_LowAddress(img), (char *)IMG_HighAddress(img));
// See if this is ntdll.dll
char szName[_MAX_FNAME];
char szExt[_MAX_EXT];
_splitpath_s (IMG_Name(img).c_str(),
NULL, 0,
NULL, 0,
szName, _MAX_FNAME,
szExt, _MAX_EXT);
strcat_s (szName, _MAX_FNAME, szExt);
if (0 != _stricmp ("ntdll.dll", szName))
return;
RTN rtn = RTN_FindByName (img, "RtlAllocateHeap");
if (RTN_Invalid() == rtn)
{
fprintf (stderr, "Failed to find RtlAllocateHeap in %s\n",
IMG_Name(img).c_str());
return;
}
fprintf(stderr,"Replacing\n");
PROTO protoRtlAllocateHeap =
PROTO_Allocate (PIN_PARG(void *),
CALLINGSTD_STDCALL,
"RtlAllocateHeap",
PIN_PARG(WINDOWS::PVOID), // HeapHandle
PIN_PARG(WINDOWS::ULONG), // Flags
PIN_PARG(WINDOWS::SIZE_T), // Size
PIN_PARG_END());
RTN_ReplaceSignature (rtn, (AFUNPTR)replacement_RtlAllocateHeap,
IARG_PROTOTYPE, protoRtlAllocateHeap,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_CONTEXT,
IARG_END);
PROTO_Free (protoRtlAllocateHeap);
}
/*
* ImageLoad
* Replace native malloc, realloc, free functions with my custum functions
* so that I can get mem allocation informations.
*/
VOID ImageLoad(IMG img, VOID *v)
{
RTN mallocRtn = RTN_FindByName(img, "malloc");
if (RTN_Valid(mallocRtn))
{
PROTO proto_malloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
"malloc", PIN_PARG(size_t), PIN_PARG_END() );
RTN_ReplaceSignature(
mallocRtn, AFUNPTR( Malloc ),
IARG_PROTOTYPE, proto_malloc,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_CALL_ORDER, CALL_ORDER_FIRST,
IARG_END);
}
RTN reallocRtn = RTN_FindByName(img, "realloc");
if (RTN_Valid(reallocRtn))
{
PROTO proto_realloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
"realloc", PIN_PARG(void *), PIN_PARG(size_t), PIN_PARG_END() );
RTN_ReplaceSignature(
reallocRtn, AFUNPTR( Realloc ),
IARG_PROTOTYPE, proto_realloc,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_CALL_ORDER, CALL_ORDER_FIRST+1,
IARG_END);
}
RTN freeRtn = RTN_FindByName(img, "free");
if (RTN_Valid(freeRtn))
{
PROTO proto_free = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"free", PIN_PARG(void *), PIN_PARG_END() );
RTN_ReplaceSignature(
freeRtn, AFUNPTR( Free ),
IARG_PROTOTYPE, proto_free,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_CALL_ORDER, CALL_ORDER_FIRST+2,
IARG_END);
}
}
static WINDOWS::BOOL
replacementRtlFreeHeap(
AFUNPTR rtlFreeHeap,
WINDOWS::PVOID heapHandle,
WINDOWS::ULONG flags,
WINDOWS::PVOID memoryPtr,
CONTEXT *ctx)
{
WINDOWS::BOOL retval;
PIN_CallApplicationFunction(ctx, PIN_ThreadId(),
CALLINGSTD_STDCALL, rtlFreeHeap,
PIN_PARG(WINDOWS::BOOL), &retval,
PIN_PARG(WINDOWS::PVOID), heapHandle,
PIN_PARG(WINDOWS::ULONG), flags,
PIN_PARG(WINDOWS::PVOID), memoryPtr,
PIN_PARG_END()
);
EmitHeapFreeRecord(PIN_ThreadId(), heapHandle, memoryPtr);
return retval;
}
void InsertProbe( IMG img, char * funcName)
{
/*
printf ("Image %s\n", IMG_Name(img).c_str());
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
printf (" Rtn: %s %s\n", RTN_Name(rtn).c_str(), funcName);
if (strstr( RTN_Name(rtn).c_str(), funcName))
{
printf (" found\n");
}
}
}
*/
RTN allocRtn = RTN_FindByName(img, funcName);
if (RTN_Valid(allocRtn) && RTN_IsSafeForProbedReplacement(allocRtn))
{
fprintf (fp, "RTN_ReplaceSignatureProbed on %s\n", funcName);
PROTO protoHeapAlloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_STDCALL,
"protoHeapAlloc", PIN_PARG(WINDOWS::HANDLE),
PIN_PARG(WINDOWS::DWORD),PIN_PARG(WINDOWS::DWORD), PIN_PARG_END() );
RTN_ReplaceSignatureProbed(allocRtn, AFUNPTR(ReplacementFunc),
IARG_PROTOTYPE, protoHeapAlloc,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_CONTEXT,
IARG_RETURN_IP,
IARG_END);
PROTO_Free( protoHeapAlloc );
}
VOID Image(IMG img, VOID *v)
{
// Instrument the memcpy() function. Print the input argument f each memcpy().
// Find the memcpy() function.
RTN memcpyRtn = RTN_FindByName(img, "memcpy");
if (RTN_Valid(memcpyRtn))
{
if (SYM_IFunc(RTN_Sym(memcpyRtn)))
{
TraceFile << "Ifunc memcpy" << endl;
PROTO proto_ifunc_memcpy = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
"memcpy", PIN_PARG_END() );
actual_memcpy_add= RTN_Address(memcpyRtn);
RTN_ReplaceSignature(
memcpyRtn, AFUNPTR( IfuncMemcpyWrapper ),
IARG_PROTOTYPE, proto_ifunc_memcpy,
IARG_CONTEXT,
IARG_ORIG_FUNCPTR,
IARG_END);
}
else
{
RTN_Open(memcpyRtn);
TraceFile << "Normal memcpy" << endl;
// Instrument memcpy() to print the input argument value and the return value.
RTN_InsertCall(memcpyRtn, IPOINT_BEFORE, (AFUNPTR)MemcpyBefore,
IARG_ADDRINT, "memcpy (normal)",
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_END);
RTN_Close(memcpyRtn);
}
}
static VOID on_module_loading(IMG img, VOID *data)
{
if (IMG_IsMainExecutable(img))
{
RTN routine = RTN_FindByName(img, "foo");
if (!RTN_Valid(routine))
{
routine = RTN_FindByName(img, "_foo");
}
if (RTN_Valid(routine))
{
PROTO foo_proto = PROTO_Allocate( PIN_PARG(int), CALLINGSTD_DEFAULT,
"foo", PIN_PARG_END() );
AFUNPTR foo_ptr = RTN_ReplaceSignatureProbed(routine, (AFUNPTR)foo_rep,
IARG_PROTOTYPE, foo_proto,
IARG_ORIG_FUNCPTR,
IARG_RETURN_IP,
IARG_END);
ASSERTX(foo_ptr != 0);
}
}
}
VOID Image(IMG img, void *v)
{
RTN rtn = RTN_FindByName(img, "Replaced");
if (RTN_Valid(rtn))
{
PROTO proto = PROTO_Allocate(PIN_PARG(int), CALLINGSTD_DEFAULT, "Replaced", PIN_PARG_END());
RTN_ReplaceSignature(rtn, AFUNPTR(REPLACE_Replaced),
IARG_PROTOTYPE, proto,
(KnobUseIargConstContext)?IARG_CONST_CONTEXT:IARG_CONTEXT,
IARG_THREAD_ID,
IARG_ORIG_FUNCPTR,
IARG_END);
PROTO_Free(proto);
}
rtn = RTN_FindByName(img, "Inner");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(AtInner), IARG_REG_VALUE, scratchReg, IARG_END);
RTN_Close(rtn);
}
}
VOID REPLACE_ReplacedXmmRegs(CONTEXT *context, THREADID tid, AFUNPTR originalFunction)
{
printf ("TOOL in REPLACE_ReplacedXmmRegs\n");
fflush (stdout);
CONTEXT writableContext, *ctxt;
if (KnobUseIargConstContext)
{ // need to copy the ctxt into a writable context
PIN_SaveContext(context, &writableContext);
ctxt = &writableContext;
}
else
{
ctxt = context;
}
/* set the xmm regs in the ctxt which is used to execute the
originalFunction (via PIN_CallApplicationFunction) */
CHAR fpContextSpaceForFpConextFromPin[FPSTATE_SIZE];
FPSTATE *fpContextFromPin = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin);
PIN_GetContextFPState(ctxt, fpContextFromPin);
for (int i=0; i<NUM_XMM_REGS; i++)
{
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0] = 0xacdcacdc;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1] = 0xacdcacdc;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2] = 0xacdcacdc;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3] = 0xacdcacdc;
}
PIN_SetContextFPState(ctxt, fpContextFromPin);
// verify the xmm regs were set in the ctxt
CHAR fpContextSpaceForFpConextFromPin2[FPSTATE_SIZE];
FPSTATE *fpContextFromPin2 = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin2);
PIN_GetContextFPState(ctxt, fpContextFromPin2);
for (int i=0; i<NUM_XMM_REGS; i++)
{
if ((fpContextFromPin->fxsave_legacy._xmms[i]._vec64[0] !=fpContextFromPin2->fxsave_legacy._xmms[i]._vec64[0]) ||
(fpContextFromPin->fxsave_legacy._xmms[i]._vec64[1] !=fpContextFromPin2->fxsave_legacy._xmms[i]._vec64[1]))
{
printf("TOOL ERROR at xmm[%d] (%lx %lx %lx %lx) (%lx %lx %lx %lx)\n", i,
(unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0],
(unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1],
(unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2],
(unsigned long)fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3],
(unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[0],
(unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[1],
(unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[2],
(unsigned long)fpContextFromPin2->fxsave_legacy._xmms[i]._vec32[3]);
exit (-1);
}
}
// call the originalFunction function with the xmm regs set from above
printf("TOOL Calling replaced ReplacedXmmRegs()\n");
fflush (stdout);
PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT,
originalFunction, PIN_PARG_END());
printf("TOOL Returned from replaced ReplacedXmmRegs()\n");
fflush (stdout);
if (executeAtAddr != 0)
{
// set xmm regs to other values
for (int i=0; i<NUM_XMM_REGS; i++)
{
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[0] = 0xdeadbeef;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[1] = 0xdeadbeef;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[2] = 0xdeadbeef;
fpContextFromPin->fxsave_legacy._xmms[i]._vec32[3] = 0xdeadbeef;
}
PIN_SetContextFPState(ctxt, fpContextFromPin);
// execute the application function ExecuteAtFunc with the xmm regs set
PIN_SetContextReg(ctxt, REG_INST_PTR, executeAtAddr);
printf("TOOL Calling ExecutedAtFunc\n");
fflush (stdout);
PIN_ExecuteAt (ctxt);
printf("TOOL returned from ExecutedAtFunc\n");
fflush (stdout);
}
}
VOID Image(IMG img, void *v)
{
RTN rtn = RTN_FindByName(img, "ReplacedXmmRegs");
if (RTN_Valid(rtn))
{
PROTO proto = PROTO_Allocate(PIN_PARG(int), CALLINGSTD_DEFAULT, "ReplacedXmmRegs", PIN_PARG_END());
RTN_ReplaceSignature(rtn, AFUNPTR(REPLACE_ReplacedXmmRegs),
IARG_PROTOTYPE, proto,
(KnobUseIargConstContext)?IARG_CONST_CONTEXT:IARG_CONTEXT,
IARG_THREAD_ID,
IARG_ORIG_FUNCPTR,
IARG_END);
PROTO_Free(proto);
printf ("TOOL found and replaced ReplacedXmmRegs\n");
fflush (stdout);
RTN rtn = RTN_FindByName(img, "ExecutedAtFunc");
if (RTN_Valid(rtn))
{
executeAtAddr = RTN_Address(rtn);
printf ("TOOL found ExecutedAtFunc for later PIN_ExecuteAt\n");
fflush (stdout);
}
rtn = RTN_FindByName(img, "DumpXmmRegsAtException");
if (RTN_Valid(rtn))
{
dumpXmmRegsAtExceptionAddr = RTN_Address(rtn);
printf ("TOOL found DumpXmmRegsAtException for later Exception\n");
fflush (stdout);
}
}
}
VOID REPLACE_ReplacedX87Regs(CONTEXT *context, THREADID tid, AFUNPTR originalFunction)
{
printf ("TOOL in REPLACE_ReplacedX87Regs x87 regs are:\n");
fflush (stdout);
CHAR fpContextSpaceForFpConextFromPin[FPSTATE_SIZE];
FPSTATE *fpContextFromPin = reinterpret_cast<FPSTATE *>(fpContextSpaceForFpConextFromPin);
PIN_GetContextFPState(context, fpContextFromPin);
// verfiy that x87 registers are as they were set by the app just before the call to
// ReplacedX87Regs, which is replaced by this function
/*
app set the x87 fp regs just before the call to ReplacedX87Regs as follows
_mxcsr 1f80
_st[0] 0 3fff 80000000 0
_st[1] 0 3fff 80000000 0
_st[2] 0 3fff 80000000 0
_st[3] 0 5a5a 5a5a5a5a 5a5a5a5a
_st[4] 0 5a5a 5a5a5a5a 5a5a5a5a
_st[5] 0 5a5a 5a5a5a5a 5a5a5a5a
_st[6] 0 5a5a 5a5a5a5a 5a5a5a5a
_st[7] 0 5a5a 5a5a5a5a 5a5a5a5a
*/
printf ("_mxcsr %x\n", fpContextFromPin->fxsave_legacy._mxcsr);
if (fpContextFromPin->fxsave_legacy._mxcsr & 0x200)
{
printf ("***Error divide by zero should be masked\n");
exit (-1);
}
int i;
for (i=0; i<3; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
printf ("_st[%d] %x %x %x %x\n", i,ptr->_hi2,ptr->_hi1,ptr->_lo2,ptr->_lo1);
if (ptr->_hi2 != 0 && ptr->_hi1 != 0x3fff && ptr->_lo2 != 0x80000000 && ptr->_lo1 != 0)
{
printf ("***Error in this _st\n");
exit(-1);
}
}
for (; i< 8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
printf ("_st[%d] %x %x %x %x\n", i,ptr->_hi2,ptr->_hi1,ptr->_lo2,ptr->_lo1);
if (ptr->_hi2 != 0 && ptr->_hi1 != 0x5a5a && ptr->_lo2 != 0x5a5a5a5a && ptr->_lo1 != 0x5a5a5a5a)
{
printf ("***Error in this _st\n");
exit(-1);
}
}
CONTEXT writableContext, *ctxt;
if (KnobUseIargConstContext)
{ // need to copy the ctxt into a writable context
PIN_SaveContext(context, &writableContext);
ctxt = &writableContext;
}
else
{
ctxt = context;
}
/* set the x87 regs in the ctxt which is used to execute the
originalFunction (via PIN_CallApplicationFunction) */
PIN_GetContextFPState(ctxt, fpContextFromPin);
for (i=0; i< 8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
ptr->_hi2=0xacdcacdc;
ptr->_hi1=0xacdcacdc;
ptr->_lo2=0xacdcacdc;
ptr->_lo1=0xacdcacdc;
}
fpContextFromPin->fxsave_legacy._mxcsr |= (0x200); // mask divide by zero
PIN_SetContextFPState(ctxt, fpContextFromPin);
// verify the setting worked
for (i=0; i<8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
ptr->_hi2=0x0;
ptr->_hi1=0x0;
ptr->_lo2=0x0;
ptr->_lo1=0x0;
}
PIN_GetContextFPState(ctxt, fpContextFromPin);
for (i=0; i<8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
if (ptr->_hi2 != 0xacdcacdc ||
ptr->_hi2 != 0xacdcacdc ||
ptr->_lo2!= 0xacdcacdc ||
ptr->_lo1!= 0xacdcacdc
)
{
printf ("TOOL error1 in setting fp context in REPLACE_ReplacedX87Regs\n");
exit (-1);
}
}
// call the originalFunction function with the xmm regs set from above
printf("TOOL Calling replaced ReplacedX87Regs()\n");
fflush (stdout);
PIN_CallApplicationFunction(ctxt, tid, CALLINGSTD_DEFAULT,
originalFunction, PIN_PARG_END());
printf("TOOL Returned from replaced ReplacedX87Regs()\n");
fflush (stdout);
if (executeAtAddr != 0)
{
for (i=0; i< 8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
ptr->_hi2=0xcacdcacd;
ptr->_hi1=0xcacdcacd;
ptr->_lo2=0xcacdcacd;
ptr->_lo1=0xcacdcacd;
}
PIN_SetContextFPState(ctxt, fpContextFromPin);
// verify the setting worked
for (i=0; i<8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
ptr->_hi2=0x0;
ptr->_hi1=0x0;
ptr->_lo2=0x0;
ptr->_lo1=0x0;
}
PIN_GetContextFPState(ctxt, fpContextFromPin);
for (i=0; i<8; i++)
{
RAW32 *ptr = reinterpret_cast<RAW32 *>(&fpContextFromPin->fxsave_legacy._sts[i]._raw);
if (ptr->_hi2 != 0xcacdcacd ||
ptr->_hi2 != 0xcacdcacd ||
ptr->_lo2!= 0xcacdcacd ||
ptr->_lo1!= 0xcacdcacd
)
{
printf ("TOOL error2 in setting fp context in REPLACE_ReplacedX87Regs\n");
exit (-1);
}
}
// execute the application function ExecuteAtFunc with the xmm regs set
PIN_SetContextReg(ctxt, REG_INST_PTR, executeAtAddr);
printf("TOOL Calling ExecutedAtFunc\n");
fflush (stdout);
PIN_ExecuteAt (ctxt);
printf("TOOL returned from ExecutedAtFunc\n");
fflush (stdout);
}
}
static VOID
HookHeapFunctions(IMG img)
{
RTN rtn;
// check this image actually has the heap functions.
if ((rtn = RTN_FindByName(img, "RtlAllocateHeap")) == RTN_Invalid())
return;
// hook RtlAllocateHeap
RTN rtlAllocate = RTN_FindByName(img, "RtlAllocateHeap");
PROTO protoRtlAllocateHeap = \
PROTO_Allocate( PIN_PARG(void *),
CALLINGSTD_STDCALL,
"RtlAllocateHeap",
PIN_PARG(WINDOWS::PVOID), // HeapHandle
PIN_PARG(WINDOWS::ULONG), // Flags
PIN_PARG(WINDOWS::SIZE_T), // Size
PIN_PARG_END()
);
RTN_ReplaceSignature(rtlAllocate,(AFUNPTR)replacementRtlAllocateHeap,
IARG_PROTOTYPE, protoRtlAllocateHeap,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_CONTEXT,
IARG_END
);
PROTO_Free(protoRtlAllocateHeap);
// replace RtlReAllocateHeap()
RTN rtlReallocate = RTN_FindByName(img, "RtlReAllocateHeap");
PROTO protoRtlReAllocateHeap = \
PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_STDCALL,
"RtlReAllocateHeap",
PIN_PARG(WINDOWS::PVOID), // HeapHandle
PIN_PARG(WINDOWS::ULONG), // Flags
PIN_PARG(WINDOWS::PVOID), // MemoryPtr
PIN_PARG(WINDOWS::SIZE_T),// Size
PIN_PARG_END()
);
RTN_ReplaceSignature(rtlReallocate,(AFUNPTR)replacementRtlReAllocateHeap,
IARG_PROTOTYPE, protoRtlReAllocateHeap,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_FUNCARG_ENTRYPOINT_VALUE, 3,
IARG_CONTEXT,
IARG_END
);
PROTO_Free(protoRtlReAllocateHeap);
// replace RtlFreeHeap
RTN rtlFree = RTN_FindByName(img, "RtlFreeHeap");
PROTO protoRtlFreeHeap = \
PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_STDCALL,
"RtlFreeHeap",
PIN_PARG(WINDOWS::PVOID), // HeapHandle
PIN_PARG(WINDOWS::ULONG), // Flags
PIN_PARG(WINDOWS::PVOID), // MemoryPtr
PIN_PARG_END()
);
RTN_ReplaceSignature(rtlFree,(AFUNPTR)replacementRtlFreeHeap,
IARG_PROTOTYPE, protoRtlFreeHeap,
IARG_ORIG_FUNCPTR,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_CONTEXT,
IARG_END
);
PROTO_Free(protoRtlAllocateHeap);
}
