Example #1
0
// typedef void (*on_NtOpenFile_return_t)(CPUState *cpu,target_ulong pc,uint32_t FileHandle,uint32_t DesiredAccess,uint32_t ObjectAttributes,uint32_t IoStatusBlock,uint32_t ShareAccess,uint32_t OpenOptions);
void windows_open_return(CPUState *cpu, target_ulong pc, uint32_t FileHandle, uint32_t DesiredAccess, uint32_t ObjectAttributes, uint32_t IoStatusBlock, uint32_t ShareAccess, uint32_t OpenOptions) {
    uint32_t Handle;
    panda_virtual_memory_rw(cpu, FileHandle, (uint8_t *)&Handle, 4, 0);
    if (debug) printf ("asid=0x%x filehandle=%d filename=[%s]\n", (uint)panda_current_asid(cpu), FileHandle, the_windows_filename.c_str());
    windows_filenames[panda_current_asid(cpu)][FileHandle] = the_windows_filename;
    open_return(cpu, Handle);
}
Example #2
0
void open_return(CPUState* env,target_ulong pc,target_ulong filename,int32_t flags,int32_t mode) {
    //    printf ("returning from open\n");
    if (saw_open && the_asid == panda_current_asid(env)) {
        saw_open = false;
        // get return value, which is the file descriptor for this file
        the_asid = panda_current_asid(env);
        the_fd = EAX;
        printf ("saw return from open of [%s]: asid=0x%x  fd=%d\n", taint_filename, the_asid, the_fd);
    }
            
}
Example #3
0
static stackid get_stackid(CPUArchState* env) {
#ifdef USE_STACK_HEURISTIC
    target_ulong asid;

    // Track all kernel-mode stacks together
    if (in_kernelspace(env))
        asid = 0;
    else
        asid = panda_current_asid(ENV_GET_CPU(env));

    // Invalidate cached stack pointer on ASID change
    if (cached_asid == 0 || cached_asid != asid) {
        cached_sp = 0;
        cached_asid = asid;
    }

    target_ulong sp = get_stack_pointer(env);

    // We can short-circuit the search in most cases
    if (std::abs(sp - cached_sp) < MAX_STACK_DIFF) {
        return std::make_pair(asid, cached_sp);
    }

    auto &stackset = stacks_seen[asid];
    if (stackset.empty()) {
        stackset.insert(sp);
        cached_sp = sp;
        return std::make_pair(asid,sp);
    }
    else {
        // Find the closest stack pointer we've seen
        auto lb = std::lower_bound(stackset.begin(), stackset.end(), sp);
        target_ulong stack1 = *lb;
        lb--;
        target_ulong stack2 = *lb;
        target_ulong stack = (std::abs(stack1 - sp) < std::abs(stack2 - sp)) ? stack1 : stack2;
        int diff = std::abs(stack-sp);
        if (diff < MAX_STACK_DIFF) {
            return std::make_pair(asid,stack);
        }
        else {
            stackset.insert(sp);
            cached_sp = sp;
            return std::make_pair(asid,sp);
        }
    }
#else
    return panda_current_asid(ENV_GET_CPU(env));
#endif
}
Example #4
0
// get current process before each bb execs
// which will probably help us actually know the current process
int osi_foo(CPUState *env, TranslationBlock *tb) {

    if (panda_in_kernel(env)) {

        OsiProc *p = get_current_process(env);      

        //some sanity checks on what we think the current process is
        // this means we didnt find current task
        if (p->offset == 0) return 0;
        // or the name
        if (p->name == 0) return 0;
        // this is just not ok
        if (((int) p->pid) == -1) return 0;
        uint32_t n = strnlen(p->name, 32);
        // name is one char?
        if (n<2) return 0;
        uint32_t np = 0;
        for (uint32_t i=0; i<n; i++) {
            np += (isprint(p->name[i]) != 0);
        }
        // name doesnt consist of solely printable characters
        //        printf ("np=%d n=%d\n", np, n);
        if (np != n) return 0;
        target_ulong asid = panda_current_asid(env);
        if (running_procs.count(asid) == 0) {
            printf ("adding asid=0x%x to running procs.  cmd=[%s]  task=0x%x\n", (unsigned int)  asid, p->name, (unsigned int) p->offset);
        }
        running_procs[asid] = *p;
    }
    
    return 0;
}
Example #5
0
void get_prog_point(CPUState* cpu, prog_point *p) {
    CPUArchState* env = (CPUArchState*)cpu->env_ptr;
    if (!p) return;

    // Get address space identifier
    target_ulong asid = panda_current_asid(ENV_GET_CPU(env));
    // Lump all kernel-mode CR3s together

    if(!in_kernelspace(env))
        p->cr3 = asid;

    // Try to get the caller
    int n_callers = 0;
    n_callers = get_callers(&p->caller, 1, cpu);

    if (n_callers == 0) {
#ifdef TARGET_I386
        // fall back to EBP on x86
        int word_size = (env->hflags & HF_LMA_MASK) ? 8 : 4;
        panda_virtual_memory_rw(cpu, env->regs[R_EBP]+word_size, (uint8_t *)&p->caller, word_size, 0);
#endif
#ifdef TARGET_ARM
        p->caller = env->regs[14]; // LR
#endif

    }

    p->pc = cpu->panda_guest_pc;
}
Example #6
0
// get current process before each bb executes
// which will probably help us actually know the current process
int osi_foo(CPUState *cpu, TranslationBlock *tb) {
    if (panda_in_kernel(cpu)) {
        OsiProc *p = get_current_process(cpu);
        //some sanity checks on what we think the current process is
        // this means we didnt find current task
        if (p->offset == 0) return 0;
        // or the name
        if (p->name == 0) return 0;
        // weird -- this is just not ok
        if (((int) p->pid) == -1) return 0;
        uint32_t n = strnlen(p->name, 32);
        // yuck -- name is one char
        if (n<2) return 0;
        uint32_t np = 0;
        for (uint32_t i=0; i<n; i++) {
            np += (isprint(p->name[i]) != 0);
        }
        // yuck -- name doesnt consist of solely printable characters
        if (np != n) return 0;
        target_ulong asid = panda_current_asid(cpu);
        if (running_procs.count(asid) == 0) {
            if (debug) printf ("adding asid=0x%x to running procs.  cmd=[%s]  task=0x%x\n", (unsigned int)  asid, p->name, (unsigned int) p->offset);
        }
        if (running_procs.count(asid) != 0) {
            /*
            OsiProc *p2 = running_procs[asid];
            // something there already
            if (p2)
                free_osiproc(p2);
            */
        }
        running_procs[asid] = *p;
    }
    return 0;
}
Example #7
0
void linux_mmap_pgoff_return(CPUState *cpu,target_ulong pc,uint32_t addr,uint32_t len,uint32_t prot,uint32_t flags,uint32_t fd,uint32_t pgoff) {
    CPUArchState *env = (CPUArchState*)cpu->env_ptr;
    target_ulong asid = panda_current_asid(cpu);
    if (running_procs.count(asid) == 0) {
        //printf ("linux_mmap_pgoff_enter for asid=0x%x fd=%d -- dont know about that asid.  discarding \n", (unsigned int) asid, (int) fd);
        return;
    }
    if ((int32_t) fd == -1){
        //printf ("linux_mmap_pgoff_enter for asid=0x%x fd=%d flags=%x -- not valid fd . . . \n", (unsigned int) asid, (int) fd, flags);
        return;
    }
    OsiProc proc = running_procs[asid];
    char *filename = osi_linux_fd_to_filename(cpu, &proc, fd);
    // gets us offset into the file.  could be useful
    //uint64_t pos = osi_linux_fd_to_pos(env, &proc, fd);
    // if a filename exists and permission is executable
    // TODO: fix this magic constant of 0x04 for PROT_EXEC
    if (filename != NULL && ((prot & 0x04) == 0x04)) {
        if (debug) {
            printf ("[loaded] linux_mmap_pgoff(fd=%d filename=[%s] "
                    "len=%d prot=%x flags=%x "
                    "pgoff=%d)=" TARGET_FMT_lx "\n", (int) fd,
                    filename, len, prot, flags, pgoff, env->regs[R_EAX]);
        }
        PPP_RUN_CB(on_library_load, cpu, pc, filename, env->regs[R_EAX], len)
    } else if ((prot & 0x04) == 0x04) {
Example #8
0
void linux_pread_enter(CPUState *cpu, target_ulong pc,
        uint32_t fd, uint32_t buf, uint32_t count, uint64_t pos) {
    target_ulong asid = panda_current_asid(cpu);
    if (running_procs.count(asid) == 0) {
        if (debug) printf ("linux_read_enter for asid=0x%x fd=%d -- dont know about that asid.  discarding \n", (unsigned int) asid, (int) fd);
        return;
    }
    char *filename;
    if (taint_stdin) {
        filename = stdin_filename;
        pos = 0;
    }
    else {
        OsiProc& proc = running_procs[asid];
        filename = osi_linux_fd_to_filename(cpu, &proc, fd);
        if (pos == (uint64_t)-1) {
            pos = osi_linux_fd_to_pos(cpu, &proc, fd);
        }
        if (filename==NULL) {
            if (debug)
                printf ("linux_read_enter for asid=0x%x pid=%d cmd=[%s] fd=%d -- that asid is known but resolving fd failed.  discarding\n",
                        (unsigned int) asid, (int) proc.pid, proc.name, (int) fd);
            return;
        }
        if (debug) printf ("linux_read_enter for asid==0x%x fd=%d filename=[%s] count=%d pos=%u\n", (unsigned int) asid, (int) fd, filename, count, (unsigned int) pos);
    }
    read_enter(cpu, pc, filename, pos, buf, count);
}
Example #9
0
// 3 long sys_read(unsigned int fd, char __user *buf, size_t count);
// typedef void (*on_sys_read_return_t)(CPUState *cpu,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count);
void read_return(CPUState *cpu, target_ulong pc, uint32_t buf, uint32_t actual_count) {
    if (saw_read && panda_current_asid(cpu) == the_asid) {
        // These are the start and end of the current range of labels.
        uint32_t read_start = last_pos;
        uint32_t read_end = last_pos + actual_count;
        if (debug) printf ("returning from read of [%s] count=%u\n", taint_filename, actual_count);
        // check if we overlap the range we want to label.
        if (read_start < end_label && read_end > start_label) {
            uint32_t range_start = std::max(read_start, start_label);
            uint32_t range_end = std::min(read_end, end_label);
            printf("*** applying %s taint labels %u..%u to buffer @ %lu\n",
                    positional_labels ? "positional" : "uniform",
                    range_start, range_end - 1, rr_get_guest_instr_count());
            uint32_t num_labeled = 0;
            uint32_t i = 0;
            for (uint32_t l = range_start; l < range_end; l++) {
                if (label_byte(cpu, last_read_buf + i,
                               positional_labels ? l : 1))
                    num_labeled ++;
                i ++;
            }
            printf("%u bytes labeled for this read\n", range_end - range_start);
        }
        last_pos += actual_count;
        //        printf (" ... done applying labels\n");
        saw_read = false;
    }
}
Example #10
0
void read_enter(CPUState *cpu, target_ulong pc, std::string filename, uint64_t pos, uint32_t buf, uint32_t count) {
    // these things are only known at enter of read call
    the_asid = panda_current_asid(cpu);
    last_read_buf = buf;
    last_pos = pos;
    saw_read = false;
    if (debug) printf ("read_enter filename=[%s]\n", filename.c_str());
    std::string read_filename = taint_stdin ? "stdin" : taint_filename;

    auto it = running_procs.find(the_asid);
    if (taint_stdin) {
        if (it == running_procs.end()) {
            if (debug) printf("read_enter unknown proc.\n");
            return;
        }
        std::string proc_name = it->second.name;
        if (proc_name.find(taint_stdin) == std::string::npos) {
            if (debug) printf("read_enter wrong proc %s.\n", proc_name.c_str());
            return;
        }
    }

    if (filename.find(read_filename) != std::string::npos) {
        if (debug) printf ("read_enter: asid=0x%x saw read of %d bytes in file we want to taint\n", the_asid, count);
        saw_read = true;
    }
}
Example #11
0
void read_enter(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count) { 
    uint32_t asid = panda_current_asid(env);
    char *filename = 0;
    if (asidfd_to_filename.count(std::make_pair(asid, fd)) != 0) {
        filename = asidfd_to_filename[std::make_pair(asid, fd)];
    }
    if (filename !=0) {
        printf ("filename = [%s]\n", filename);
    }
    /*
    else {
        printf ("filename is not known\n");
    }
    */

    // these things are only known at enter of read call
    last_read_fd = fd;
    last_read_count = count;
    last_read_buf = buf;

    if (asid == the_asid && fd == the_fd) {
        printf ("saw read of %d bytes in file we want to taint\n", count);
        saw_read = true;
    }
}
Example #12
0
void read_enter(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count) { 
    if (panda_current_asid(env) == the_asid && fd == the_fd) {
        the_buf = buf;
        the_count = count;
        printf ("saw read of [%s] %d bytes\n", taint_filename, count);
        saw_read = true;
    }
}
Example #13
0
void open_return(CPUState *cpu, uint32_t fd) {
    //    printf ("returning from open\n");
    if (saw_open && the_asid == panda_current_asid(cpu)) {
        saw_open = false;
        // get return value, which is the file descriptor for this file
        the_fd = fd;
        //        printf ("saw return from open of [%s]: asid=0x%x  fd=%d\n", taint_filename, the_asid, the_fd);
    }

}
Example #14
0
void open_enter(CPUState *cpu, target_ulong pc, std::string filename, int32_t flags, int32_t mode) {
    if (!filename.empty()) {
        if (debug) printf ("open_enter: saw open of [%s]\n", filename.c_str());
    }
    if (filename.find(taint_filename) != std::string::npos) {
        saw_open = true;
        printf ("saw open of file we want to taint: [%s] insn %" PRId64 "\n", taint_filename, rr_get_guest_instr_count());
        the_asid = panda_current_asid(cpu);
        if (enable_taint_on_open && !no_taint && !taint2_enabled()) {
            uint64_t ins = rr_get_guest_instr_count();
            taint2_enable_taint();
            if (debug) printf ("file_taint: enabled taint2 @ ins  %" PRId64 "\n", ins);
        }
    }
}
Example #15
0
// 3 long sys_read(unsigned int fd, char __user *buf, size_t count);
// typedef void (*on_sys_read_return_t)(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count);
void read_return(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count) { 

    
    if (saw_read && panda_current_asid(env) == the_asid) {
        count = EAX;
        printf ("count=%d\n", count);
        
        printf ("returning from read of [%s] count=%d\n", taint_filename, count);    
        printf ("*** applying %s taint labels %d..%d to buffer\n",
                positional_labels ? "positional" : "uniform",
                taint_label_number_start, taint_label_number_start + count - 1);
        for (uint32_t i=0; i<count; i++ ) {
            target_phys_addr_t pa = panda_virt_to_phys(env, the_buf+i);
            if (pandalog) {
                Panda__LogEntry ple = PANDA__LOG_ENTRY__INIT;
                ple.has_taint_label_virtual_addr = 1;
                ple.has_taint_label_physical_addr = 1;
                ple.has_taint_label_number = 1;
                ple.taint_label_virtual_addr = the_buf + i;
                ple.taint_label_physical_addr = pa;
                if (positional_labels) {
                    ple.taint_label_number = taint_label_number_start + i;
                }
                else {
                    ple.taint_label_number = 1;
                }
                pandalog_write_entry(&ple);           
            }
            if (!no_taint) {
                if (positional_labels) {
                    if (use_taint2) 
                        taint2_label_ram(pa, taint_label_number_start + i);
                    else 
                        taint_label_ram(pa, i);
                }
                else {
                    if (use_taint2) 
                        taint2_label_ram(pa, 1);
                    else 
                        taint_label_ram(pa, 1);
                }
            }
        }
        taint_label_number_start += count;
        printf (" ... done applying labels\n");
        saw_read = false;
    }
}
Example #16
0
void tbranch_on_branch_taint2(Addr a, uint64_t size) {
    if (pandalog) {
        // a is an llvm reg
        assert (a.typ == LADDR);
        // count number of tainted bytes on this reg
        // NB: assuming 8 bytes
        uint32_t num_tainted = 0;
        for (uint32_t o=0; o<size; o++) {
            Addr ao =a;
            ao.off = o;
            num_tainted += (taint2_query(ao) != 0);
        }
        if (num_tainted > 0) {
            if (summary) {
                CPUState *cpu = first_cpu;
                target_ulong asid = panda_current_asid(cpu);
                tainted_branch[asid].insert(panda_current_pc(cpu));
            }
            else {
                Panda__TaintedBranch *tb = (Panda__TaintedBranch *) malloc(sizeof(Panda__TaintedBranch));
                *tb = PANDA__TAINTED_BRANCH__INIT;
                tb->call_stack = pandalog_callstack_create();
                tb->n_taint_query = num_tainted;
                tb->taint_query = (Panda__TaintQuery **) malloc (sizeof (Panda__TaintQuery *) * num_tainted);
                uint32_t i=0;
                for (uint32_t o=0; o<size; o++) {
                    Addr ao = a;
                    ao.off = o;
                    if (taint2_query(ao)) {
                        tb->taint_query[i++] = taint2_query_pandalog(ao, o);
                    }
                }
                Panda__LogEntry ple = PANDA__LOG_ENTRY__INIT;
                ple.tainted_branch = tb;
                pandalog_write_entry(&ple);
                pandalog_callstack_free(tb->call_stack);
                for (uint32_t i=0; i<num_tainted; i++) {
                    pandalog_taint_query_free(tb->taint_query[i]);
                }
                free(tb);
            }
        }
    }
}
Example #17
0
// Derive taint ops
int before_block_exec(CPUState *env, TranslationBlock *tb){

    shadow->asid = panda_current_asid(env);

    //printf("%s\n", tcg_llvm_get_func_name(tb));

    if (taintEnabled){
        // process taint ops in io thread taint op buffer
        // NB: we don't need a dynval buffer here.
        tob_process(tob_io_thread, shadow, NULL);
        tob_clear(tob_io_thread);

        taintfpm->run(*(tb->llvm_function));
        DynValBuffer *dynval_buffer = PIFP->PIV->getDynvalBuffer();
        clear_dynval_buffer(dynval_buffer);
    }

    return 0;
}
Example #18
0
void taint_change(Addr a) {
    if (taint2_query(a)) {
        extern CPUState *cpu_single_env;
        CPUState *env = cpu_single_env;
        target_ulong asid = panda_current_asid(env);
        if (asid != last_asid) {
            Panda__LogEntry ple = PANDA__LOG_ENTRY__INIT;
            ple.has_asid = 1;
            ple.asid = asid;
            pandalog_write_entry(&ple);           
            last_asid = asid;
        }
        Panda__LogEntry ple = PANDA__LOG_ENTRY__INIT;
        ple.tainted_instr = true;
        pandalog_write_entry(&ple);
        taint2_query_pandalog(a,0);    
        callstack_pandalog();
    }
}
Example #19
0
// 3 long sys_read(unsigned int fd, char __user *buf, size_t count);
// typedef void (*on_sys_read_return_t)(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count);
void read_return(CPUState* env,target_ulong pc,uint32_t fd,target_ulong buf,uint32_t count) { 
    if (saw_read && panda_current_asid(env) == the_asid) {
        count = EAX;
        // These are the start and end of the current range of labels.
        uint32_t read_start = file_pos;
        uint32_t read_end = file_pos + count;
        
        printf ("returning from read of [%s] count=%u\n", taint_filename, count);    
        // check if we overlap the range we want to label.
        if (prob_label_u32 < 1e-9 && read_start < end_label &&
                read_end > start_label) {
            uint32_t range_start = std::max(read_start, start_label);
            uint32_t range_end = std::min(read_end, end_label);
            printf("*** applying %s taint labels %u..%u to buffer\n",
                    positional_labels ? "positional" : "uniform",
                    range_start, range_end - 1);

            for (uint32_t i = range_start; i < range_end; i++) {
                label_byte(env, last_read_buf + i,
                        positional_labels ? i : 0);
            }
            printf("%u bytes labeled for this read\n", range_end - range_start);
        } else {
            // iterate over uint32 blobs
            for (uint32_t i=0; i<count/4; i++) {
                if (pdice(prob_label_u32)) {
                    uint32_t label_num = read_start + i*4;
                    printf ("labeling uint32 %d..%d\n", i*4, i*4+3);
                    // we will label this uint32
                    for (uint32_t j=0; j<4; j++) {
                        uint32_t offset = i*4 + j;
                        label_byte(env, last_read_buf + offset, label_num);
                    }
                }
            }
        }
        file_pos += count;
        //        printf (" ... done applying labels\n");
        saw_read = false;
    }


}
Example #20
0
int before_block_exec(CPUState *env, TranslationBlock *tb){

  if (tubtf_on) {
    char *llvm_fn_name = (char *) tcg_llvm_get_func_name(tb);
    uint32_t pc, unk;
    sscanf(llvm_fn_name, "tcg-llvm-tb-%d-%x", &unk, &pc);
    env->panda_guest_pc = pc;
    tubtf_write_el_64(panda_current_asid(env), pc, TUBTFE_LLVM_FN, unk, 0, 0, 0);
  }
  else {
    fprintf(funclog, "%s\n", tcg_llvm_get_func_name(tb));
    DynValBuffer *dynval_buffer = PIFP->PIV->getDynvalBuffer();
    if (dynval_buffer->cur_size > 0){
        // Buffer wasn't flushed before, have to flush it now
      fwrite(dynval_buffer->start, dynval_buffer->cur_size, 1, memlog);
    }
    clear_dynval_buffer(dynval_buffer);
  }
    return 0;
}
Example #21
0
int coverage_before_block_exec(CPUState *env, TranslationBlock *tb) {
#ifdef CONFIG_SOFTMMU
    OsiProc *p = get_current_process(env);
    uint64_t asid = panda_current_asid(env);    
    if (process_asid == 0) {
        // look for process matching the one we want
        if (p && p->name) {
            if (strcmp(process_name, p->name) == 0) {
                process_asid = asid;
                printf ("coverage plugin: saw cr3=0x%" PRIx64 " for process=[%s]\n",
                        asid, process_name);
            }
        }
    }
    if (process_asid !=0 && process_asid == asid) {
        // collect bb for this asid
        process_bb.insert(tb->pc);
        // and count number of bb executed (regardless of repetetion)
        process_total_bb ++;
    }
    free_osiproc(p);
#endif
    return 0;
}
Example #22
0
void open_enter(CPUState* env,target_ulong pc,target_ulong filename,int32_t flags,int32_t mode) {
    uint32_t i;
    char the_filename[MAX_FILENAME];
    the_filename[0] = 0;
    for (i=0; i<MAX_FILENAME; i++) {
        uint8_t c;
        panda_virtual_memory_rw(env, filename+i, &c, 1, 0);
        the_filename[i] = c;
        if (c==0) {            
            break;
        }
    }
    the_filename[MAX_FILENAME-1] = 0;
    if (i != 0 ) {
        printf ("saw open of [%s]\n", the_filename);
    }
    if (i == strlen(taint_filename)) {
        if (strncmp(the_filename, taint_filename, strlen(the_filename)) == 0) {
            saw_open = true;
            printf ("saw open of file we want to taint: [%s]\n", taint_filename);
            the_asid = panda_current_asid(env);
        }
    }
}
Example #23
0
void write_dynval_buffer(DynValBuffer *dynval_buf, DynValEntry *entry){
    if (tubtf_on) {
        // XXX Fixme: note that when using tubt format, we still create that DynValBuffer.  Waste of memory
        uint64_t cr3, pc, typ;
        uint64_t arg1, arg2, arg3, arg4;
        arg1 = arg2 = arg3 = arg4 = 0;
        assert (tubtf->colw == TUBTF_COLW_64);
        uint32_t element_size = tubtf_element_size();
        // assert that there must be enough room in dynval buffer
        uint32_t bytes_used = dynval_buf->ptr - dynval_buf->start;
        uint32_t bytes_left = dynval_buf->max_size - bytes_used;
        assert (bytes_left > element_size);
        cr3 = panda_current_asid(env);  // virtual address space -- cr3 for x86
        pc = panda_current_pc(env);
        typ = 0;
        switch (entry->entrytype) {
            case ADDRENTRY:
                {
                    LogOp op = entry->entry.memaccess.op;
                    assert (op == LOAD ||op == STORE);
                    Addr *a = &(entry->entry.memaccess.addr);
                    typ = TUBTFE_LLVM_DV_LOAD;
                    if (op == STORE) {
                        typ = TUBTFE_LLVM_DV_STORE;
                    }
                    // a->type fits easily in a byte -- 1 .. 5
                    arg1 = (a->typ) | ((a->flag & 0xff) << 8) | (a->off << 16);
                    uint64_t val;

                    switch (a->typ) {
                        case HADDR:
                            val = a->val.ha;
                            break;
                        case MADDR:
                            val = a->val.ma;
                            break;
                        case IADDR:
                            val = a->val.ia;
                            break;
                        case LADDR:
                            val = a->val.la;
                            break;
                        case GREG:
                            val = a->val.gr;
                            break;
                        case GSPEC:
                            val = a->val.gs;
                            break;
                        case UNK:
                            val = a->val.ua;
                            break;
                        case CONST:
                            val = a->val.con;
                            break;
                        case RET:
                            val = a->val.ret;
                            break;
                        default:
                            assert (1==0);
                    }
                    arg2 = val;
                    break;
                }
            case PADDRENTRY:
                {
                    LogOp op = entry->entry.portaccess.op;
                    assert (op == PLOAD ||op == PSTORE);
                    Addr *a = &(entry->entry.portaccess.addr);
                    typ = TUBTFE_LLVM_DV_LOAD;
                    if (op == PSTORE) {
                        typ = TUBTFE_LLVM_DV_STORE;
                    }
                    // a->type fits easily in a byte -- 1 .. 5
                    arg1 = (a->typ) | ((a->flag & 0xff) << 8) | (a->off << 16);
                    uint64_t val;

                    switch (a->typ) {
                        case PADDR:
                            val = a->val.pa;
                            break;
                        default:
                            assert (1==0);
                    }
                    arg2 = val;
                    break;
                }
            case BRANCHENTRY:
                {
                    typ = TUBTFE_LLVM_DV_BRANCH;
                    arg1 = entry->entry.branch.br;
                    break;
                }
            case SELECTENTRY:
                {
                    typ = TUBTFE_LLVM_DV_SELECT;
                    arg1 = entry->entry.select.sel;
                    break;
                }
            case SWITCHENTRY:
                {
                    typ = TUBTFE_LLVM_DV_SWITCH;
                    arg1 = entry->entry.switchstmt.cond;
                    break;
                }
            case EXCEPTIONENTRY:
                {
                    typ = TUBTFE_LLVM_EXCEPTION;
                }
        }
        tubtf_write_el_64(cr3, pc, typ, arg1, arg2, arg3, arg4);
    }
    else {
        uint32_t bytes_used = dynval_buf->ptr - dynval_buf->start;
        assert(dynval_buf->max_size - bytes_used >= sizeof(DynValEntry));
        memcpy(dynval_buf->ptr, entry, sizeof(DynValEntry));
        dynval_buf->ptr += sizeof(DynValEntry);
        dynval_buf->cur_size = dynval_buf->ptr - dynval_buf->start;
    }
}
Example #24
0
void linux_open_enter(CPUState *cpu, target_ulong pc, uint32_t filename, int32_t flags, int32_t mode) {
    char the_filename[MAX_FILENAME];
    guest_strncpy(cpu, the_filename, MAX_FILENAME, filename);
    if (debug) printf ("linux open asid=0x%x filename=[%s]\n", (unsigned int) panda_current_asid(cpu), the_filename);
    open_enter(cpu, pc, the_filename, flags, mode);
}