VOID Routine(RTN rtn, VOID *v) { RTN_Open(rtn); RTN_NAME * rn = new RTN_NAME; if (KnobOnly){ if(IMG_IsMainExecutable(SEC_Img(RTN_Sec(rtn))) \ /*&& std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/libSystem.B.dylib")!=0 \*/ || std::strcmp(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(),"/usr/lib/system/libsystem_malloc.dylib")==0) { funcList.push_back(RTN_Name(rtn)); cerr << "Getting "<< RTN_Name(rtn) <<endl ; //RTN_Close(rtn); //return ; } } if(KnobOnly && find (funcList.begin(), funcList.end(), RTN_Name(rtn)) == funcList.end()){ cerr << "excluding : " << RTN_Name(rtn) ; cerr << IMG_Name(SEC_Img(RTN_Sec(rtn))) << endl; RTN_Close(rtn); return; } // The RTN goes away when the image is unloaded, so save it now // because we need it in the fin rn->_name = RTN_Name(rtn); rn->_image = IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str(); rn->_address = RTN_Address(rtn); //_address = RTN_Address(rtn); // Insert a call at the entry point of a routine to increment the call count RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)print, IARG_PTR, rn,IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END); RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)ret,IARG_PTR,rn,IARG_FUNCRET_EXITPOINT_VALUE, IARG_END); //INS_InsertCall(RTN_InsTail(rtn), IPOINT_BEFORE, (AFUNPTR)ret, IARG_END); RTN_Close(rtn); }
// Pin calls this function every time a new rtn is executed VOID Routine(RTN rtn, VOID *v) { // Allocate a counter for this routine RTN_COUNT * rc = new RTN_COUNT; // The RTN goes away when the image is unloaded, so save it now // because we need it in the fini rc->_name = RTN_Name(rtn); rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str()); rc->_address = RTN_Address(rtn); rc->_icount = 0; rc->_rtnCount = 0; // Add to list of routines rc->_next = RtnList; RtnList = rc; RTN_Open(rtn); // Insert a call at the entry point of a routine to increment the call count RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_rtnCount), IARG_END); // For each instruction of the routine for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins)) { // Insert a call to docount to increment the instruction counter for this rtn INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_PTR, &(rc->_icount), IARG_END); } RTN_Close(rtn); }
BaseIRBuilder::BaseIRBuilder(__uint address, const std::string &dis) { RTN rtn; SEC sec; IMG img; this->address = address; this->branchTaken = false; this->branchTargetAddress = 0; this->disas = dis; this->needSetup = false; this->nextAddress = 0; this->imageName = "unknown"; this->sectionName = "unknown"; rtn = RTN_FindByAddress(address); if (RTN_Valid(rtn)) { sec = RTN_Sec(rtn); if (SEC_Valid(sec)) { this->sectionName = SEC_Name(sec); img = SEC_Img(sec); if (IMG_Valid(img)) { this->baseAddress = IMG_LowAddress(img); this->imageName = IMG_Name(img); } } } this->offset = this->address - this->baseAddress; this->routineName = RTN_FindNameByAddress(address); if (this->routineName.empty()) this->routineName = "unknown"; }
/***************************************************************************** 函 数 名 : rtn 功能描述 : Pin calls this function every time a new rtn is executed 输入参数 : RTN rtn VOID * v 输出参数 : 无 返 回 值 : 调用函数 : 被调函数 : 修改历史 : 1.日 期 : 2012年5月16日 作 者 : @zhi 修改内容 : 新生成函数 *****************************************************************************/ VOID rtn(RTN rtn, VOID * v) { //干掉系统的动态连接库, 即IMG为/lib/* if(EXCEPT_SEC == IMG_Name(SEC_Img(RTN_Sec(rtn))) .substr(0, EXCEPT_SEC.size())) { return; } RTN_Open(rtn); if ( g_backTraceFlg ) { //第一次进入,回溯已调用的函数(附加到进程模式) //, 参数为待执行函数的函数名,函数起始地址,函数EBP(函数初始未压栈) RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)traceBack, //IARG_PTR, RTN_Name(rtn).c_str(), //IARG_ADDRINT, RTN_Address(rtn), IARG_REG_VALUE, REG_STACK_PTR, IARG_REG_VALUE, REG_EBP, IARG_END); } RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)funcPackage, IARG_PTR, RTN_Name(rtn).c_str(), IARG_ADDRINT, RTN_Address(rtn), IARG_REG_VALUE, REG_EBP, //IARG_REG_VALUE, REG_STACK_PTR, IARG_END); IARG_END); RTN_Close(rtn); }
// ------------------------------------------------------------- // Check if routine is plt stub // ------------------------------------------------------------- static BOOL IsPLT(RTN rtn) { // All .plt thunks have a valid RTN if (!RTN_Valid(rtn)) return FALSE; if (".plt" == SEC_Name(RTN_Sec(rtn))) return TRUE; return FALSE; }
IMG GetImgByTrace(TRACE trace) { IMG img = IMG_Invalid(); RTN rtn = TRACE_Rtn(trace); if (RTN_Valid(rtn)) { SEC sec = RTN_Sec(rtn); if (SEC_Valid(sec)) { img = SEC_Img(sec); } } return img; }
static BOOL IsPLT(TRACE trace) { RTN rtn = TRACE_Rtn(trace); // All .plt thunks have a valid RTN if (!RTN_Valid(rtn)) return FALSE; if (".plt" == SEC_Name(RTN_Sec(rtn))) return TRUE; return FALSE; }
static BOOL traceFromExecutable(TRACE trace) { RTN rtn = TRACE_Rtn(trace); if (!RTN_Valid(rtn)) return FALSE; SEC sec = RTN_Sec(rtn); if (!SEC_Valid(sec)) return FALSE; IMG img = SEC_Img(sec); if (!IMG_Valid(img)) return FALSE; return IMG_IsMainExecutable(img); }
VOID Trace(TRACE trace, VOID *v) { if ( KnobNoSharedLibs.Value() && IMG_Type(SEC_Img(RTN_Sec(TRACE_Rtn(trace)))) == IMG_TYPE_SHAREDLIB) return; for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) { // Insert instrumentation to count the number of times the bbl is executed BBLSTATS * bblstats = new BBLSTATS(BBL_Address(bbl), BBL_Size(bbl)); INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(bblstats->_executed), IARG_END); // Remember the counter and stats so we can compute a summary at the end statsList.push_back(bblstats); } }
// ------------------------------------------------------------- // STool_LibraryIDByAddr // ------------------------------------------------------------- // Return ID of the library of the routine to which the instruction // at address rtnAddr belongs, or STool_INVALID_LIB, if rtnAddr does not belong to // any routine. UINT32 STool_LibraryIDByAddr(ADDRINT rtnAddr){ PIN_LockClient(); const RTN rtn = RTN_FindByAddress(rtnAddr); UINT32 libID; if( RTN_Valid(rtn) ) libID = IMG_Id(SEC_Img(RTN_Sec(rtn))); else libID = STool_INVALID_LIB; PIN_UnlockClient(); return libID; }
std::string getImageName(triton::__uint address) { RTN rtn; SEC sec; IMG img; PIN_LockClient(); rtn = RTN_FindByAddress(address); PIN_UnlockClient(); if (RTN_Valid(rtn)) { sec = RTN_Sec(rtn); if (SEC_Valid(sec)) { img = SEC_Img(sec); if (IMG_Valid(img)) { return IMG_Name(img); } } } return ""; }
triton::__uint getBaseAddress(triton::__uint address) { RTN rtn; SEC sec; IMG img; PIN_LockClient(); rtn = RTN_FindByAddress(address); PIN_UnlockClient(); if (RTN_Valid(rtn)) { sec = RTN_Sec(rtn); if (SEC_Valid(sec)) { img = SEC_Img(sec); if (IMG_Valid(img)) { return IMG_LowAddress(img); } } } return 0; }
const string& Target2LibName(ADDRINT target) { PIN_LockClient(); const RTN rtn = RTN_FindByAddress(target); static const string _invalid_rtn("[Unknown image]"); string name; if( RTN_Valid(rtn) ) { name = IMG_Name(SEC_Img(RTN_Sec(rtn))); } else { name = _invalid_rtn; } PIN_UnlockClient(); return *new string(name); }
VOID Routine(RTN rtn, VOID *v) { // Allocate a counter for this routine RTN_COUNT * rc = new RTN_COUNT; // The RTN goes away when the image is unloaded, so save it now // because we need it in the fini rc->_name = RTN_Name(rtn); rc->_image = StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str()); rc->_address = RTN_Address(rtn); rc->_next = RtnList; RtnList = rc; if(!startSymbolAddress && rc->_name == start_symbol) { startSymbolAddress = rc->_address; } if(!stopSymbolAddress && rc->_name == stop_symbol) { stopSymbolAddress = rc->_address; } RTN_Open(rtn); if (rc->_address == startSymbolAddress || rc->_address == stopSymbolAddress) { if (rc->_address == startSymbolAddress) { RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)startRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END); LOG("Instrumented start symbol\n"); } else { RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)stopRoutineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END); LOG("Instrumented stop symbol\n"); } }else { RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)routineEnter, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END); } RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)routineExit, IARG_FAST_ANALYSIS_CALL, IARG_PTR, reinterpret_cast<UINT64*>(rc), IARG_THREAD_ID, IARG_END); RTN_Close(rtn); }
VOID Trace(TRACE trace, VOID *v) { const RTN rtn = TRACE_Rtn(trace); if (! RTN_Valid(rtn)) return; const SEC sec = RTN_Sec(rtn); ASSERTX(SEC_Valid(sec)); const IMG img = SEC_Img(sec); ASSERTX(IMG_Valid(img)); if ( KnobNoSharedLibs.Value() && IMG_Type(img) == IMG_TYPE_SHAREDLIB) return; for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) { // Record the registers into a dummy buffer so we can count them #define MAX_STATS_PER_BLOCK (128*1024) UINT16 buffer[MAX_STATS_PER_BLOCK]; INT32 count = RecordRegisters(bbl, buffer, MAX_STATS_PER_BLOCK); ASSERTX(count < MAX_STATS_PER_BLOCK); // Summarize the stats for the bbl in a 0 terminated list // This is done at instrumentation time UINT16 * stats = new UINT16[count]; memcpy(stats, buffer, count * sizeof(UINT16)); // Insert instrumentation to count the number of times the bbl is executed BBLSTATS * bblstats = new BBLSTATS(stats); INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, bblstats->_counter, IARG_THREAD_ID, IARG_END); // Remember the counter and stats so we can compute a summary at the end statsList.push_back(bblstats); } }
VOID Trace(TRACE trace, VOID *v) { if ( KnobNoSharedLibs.Value() && IMG_Type(SEC_Img(RTN_Sec(TRACE_Rtn(trace)))) == IMG_TYPE_SHAREDLIB) return; const BOOL accurate_handling_of_predicates = KnobProfilePredicated.Value(); for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) { // Summarize the stats for the bbl in a 0 terminated list // This is done at instrumentation time UINT16 * stats = new UINT16[BBL_NumIns(bbl) + 1]; INT32 index = 0; for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins)) { // Count the number of times a predicated instruction is actually executed // this is expensive and hence disabled by default if( INS_IsPredicated(ins) && accurate_handling_of_predicates ) { INS_InsertPredicatedCall(ins, IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(GlobalStatsDynamic.predicated_true[INS_Category(ins)]), IARG_END); } stats[index++] = INS_GetStatsIndex(ins); } stats[index] = 0; // Insert instrumentation to count the number of times the bbl is executed BBLSTATS * bblstats = new BBLSTATS(stats); INS_InsertCall(BBL_InsHead(bbl), IPOINT_BEFORE, AFUNPTR(docount), IARG_PTR, &(bblstats->_counter), IARG_END); // Remember the counter and stats so we can compute a summary at the end statsList.push_back(bblstats); } }
VOID Trace(TRACE trace, VOID *v) { const BOOL print_args = KnobPrintArgs.Value(); for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) { INS tail = BBL_InsTail(bbl); if( INS_IsCall(tail) ) { if( INS_IsDirectBranchOrCall(tail) ) { const ADDRINT target = INS_DirectBranchOrCallTargetAddress(tail); if( print_args ) { INS_InsertPredicatedCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args), IARG_PTR, Target2String(target), IARG_G_ARG0_CALLER, IARG_END); } else { INS_InsertPredicatedCall(tail, IPOINT_BEFORE, AFUNPTR(do_call), IARG_PTR, Target2String(target), IARG_END); } } else { if( print_args ) { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_G_ARG0_CALLER, IARG_END); } else { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END); } } } else { // sometimes code is not in an image RTN rtn = TRACE_Rtn(trace); // also track stup jumps into share libraries if( RTN_Valid(rtn) && !INS_IsDirectBranchOrCall(tail) && ".plt" == SEC_Name( RTN_Sec( rtn ) )) { if( print_args ) { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_args_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_G_ARG0_CALLER, IARG_END); } else { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END); } } } } }
int rtn_sec (lua_State *L) { RTN* v1 = check_rtn(L,1); SEC_to_lua(L, RTN_Sec(*v1)); return 1; }
VOID Image(IMG img, VOID *v) { // Find main. We won't do anything before main starts. RTN rtn = RTN_FindByName(img, "main"); if (RTN_Valid(rtn)) { RTN_Open(rtn); RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)callBeforeMain, IARG_END); // RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)callAfterMain, IARG_END); RTN_Close(rtn); } // iterate all rtn for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec)) { for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn)) { // printf (" Rtn: %s\n", RTN_Name(rtn).c_str()); RTN_Open(rtn); const char * rtnName = StripPath(RTN_Name(rtn).c_str()); RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)RTNEntry, IARG_ADDRINT, rtnName, IARG_END); RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)RTNExit, IARG_ADDRINT, rtnName, IARG_END); RTN_Close(rtn); } } // Instrument the malloc() and free() functions. Print the input argument // of each malloc() or free(), and the return value of malloc(). // // Find the malloc() function. RTN mallocRtn = RTN_FindByName(img, MALLOC); if (RTN_Valid(mallocRtn)) { RTN_Open(mallocRtn); const char * imageName = StripPath(IMG_Name(SEC_Img(RTN_Sec(mallocRtn))).c_str()); // Instrument malloc() to print the input argument value and the return value. RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)MallocBefore, IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_ADDRINT, imageName, IARG_END); RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter, IARG_FUNCRET_EXITPOINT_VALUE, IARG_END); RTN_Close(mallocRtn); } // Find the free() function. RTN freeRtn = RTN_FindByName(img, FREE); if (RTN_Valid(freeRtn)) { RTN_Open(freeRtn); // Instrument free() to print the input argument value. RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)FreeBefore, IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_END); RTN_Close(freeRtn); } }
VOID Trace(TRACE trace, VOID *v) { for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl)) { INS tail = BBL_InsTail(bbl); if( INS_IsCall(tail) ) { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END); } else { // sometimes code is not in an image RTN rtn = TRACE_Rtn(trace); // also track stup jumps into share libraries if( RTN_Valid(rtn) && !INS_IsDirectBranchOrCall(tail) && ".plt" == SEC_Name( RTN_Sec( rtn ) )) { INS_InsertCall(tail, IPOINT_BEFORE, AFUNPTR(do_call_indirect), IARG_BRANCH_TARGET_ADDR, IARG_BRANCH_TAKEN, IARG_END); } } } }
// Pin calls this function every time a new rtn is executed VOID Routine(RTN rtn, VOID *v) { TraceFile << "Image: " << StripPath(IMG_Name(SEC_Img(RTN_Sec(rtn))).c_str()) << " Address: " << RTN_Address(rtn) << " Procedure: " << RTN_Name(rtn) << endl; }