ADDRINT GetInstructionLength (ADDRINT ip)
{
xed_state_t dstate;
xed_error_enum_t xed_error;
xed_decoded_inst_t xedd;
ostringstream os;
if (sizeof(ADDRINT) == 4)
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
else
xed_state_init(&dstate,
XED_MACHINE_MODE_LONG_64,
XED_ADDRESS_WIDTH_64b,
XED_ADDRESS_WIDTH_64b);
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
UINT32 len = 15;
xed_error = xed_decode(&xedd, reinterpret_cast<const UINT8*>(ip), len);
if (xed_error != XED_ERROR_NONE)
{
printf ("Failure to decode at %p\n", (char *)ip);
exit (1);
}
return xed_decoded_inst_get_length(&xedd);
}
void init_disas(void)
{
xed_tables_init();
xed_state_zero(&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b);
}
Disasm::Disasm(const Disasm::Options& opts)
: m_opts(opts)
{
#ifdef HAVE_LIBXED
xed_state_init(&m_xedState, XED_MACHINE_MODE_LONG_64,
XED_ADDRESS_WIDTH_64b, XED_ADDRESS_WIDTH_64b);
xed_tables_init();
xed_register_disassembly_callback(addressToSymbol);
#endif // HAVE_LIBXED
}
Disasm::Disasm(const Disasm::Options& opts)
: m_opts(opts)
{
#ifdef HAVE_LIBXED
xed_state_init(&m_xedState, XED_MACHINE_MODE_LONG_64,
XED_ADDRESS_WIDTH_64b, XED_ADDRESS_WIDTH_64b);
xed_tables_init();
#if XED_ENCODE_ORDER_MAX_ENTRIES == 28 // Older version of XED library
xed_register_disassembly_callback(addressToSymbol);
#endif
#endif // HAVE_LIBXED
}
/* XED2 initialization */
void xed2_init()
{
xed_tables_init ();
xed_state_zero (&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
// Format options
xed_format_options_t xed_foptions;
xed_foptions.hex_address_before_symbolic_name = 1;
xed_foptions.no_sign_extend_signed_immediates = 1;
xed_foptions.omit_unit_scale = 1;
xed_foptions.xml_a = 0;
xed_foptions.xml_f = 0;
xed_format_set_options(xed_foptions);
}
int
main(int argc, char** argv)
{
xed_error_enum_t xed_error;
xed_bool_t long_mode = 0;
xed_bool_t real_mode = 0;
xed_bool_t protected_16 = 0;
xed_state_t dstate;
unsigned int first_argv;
unsigned int bytes = 0;
unsigned char itext[XED_MAX_INSTRUCTION_BYTES];
int i;
unsigned int u;
xed_decoded_inst_t xedd;
#define BUFLEN 1000
char buffer[BUFLEN];
xed_bool_t ok;
unsigned int isyntax;
xed_syntax_enum_t syntax;
unsigned int memop_index = 0;
unsigned int memops = 0;
xed_uint64_t out_addr = 0;
xed_tables_init();
xed_agen_register_callback( register_callback, segment_callback);
xed_state_zero(&dstate);
xed_set_verbosity( 99 );
if (argc > 2 && strcmp(argv[1], "-64") == 0)
long_mode = 1;
if (argc > 2 && strcmp(argv[1], "-r") == 0)
real_mode = 1;
if (argc > 2 && strcmp(argv[1], "-16") == 0)
protected_16 = 1;
if (long_mode) {
first_argv = 2;
dstate.mmode=XED_MACHINE_MODE_LONG_64;
}
else if (protected_16) {
first_argv = 2;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_16,
XED_ADDRESS_WIDTH_16b,
XED_ADDRESS_WIDTH_16b);
}
else if (real_mode) {
first_argv = 2;
/* we say that real mode uses 16b addressing even though the
addresses returned are 20b long. */
xed_state_init(&dstate,
XED_MACHINE_MODE_REAL_16,
XED_ADDRESS_WIDTH_16b,
XED_ADDRESS_WIDTH_16b);
}
else {
first_argv=1;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
}
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
for( i=first_argv ; i < argc; i++) {
xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i]));
assert(bytes < XED_MAX_INSTRUCTION_BYTES);
itext[bytes++] = x;
}
if (bytes == 0) {
fprintf(stderr, "Must supply some hex bytes\n");
exit(1);
}
printf("PARSING BYTES: ");
for( u=0; u<bytes; u++)
printf("%02x ", STATIC_CAST(unsigned int,itext[u]));
printf("\n");
xed_error = xed_decode(&xedd,
REINTERPRET_CAST(const xed_uint8_t*,itext),
bytes);
switch(xed_error)
{
case XED_ERROR_NONE:
break;
case XED_ERROR_BUFFER_TOO_SHORT:
fprintf(stderr,"Not enough bytes provided\n");
exit(1);
case XED_ERROR_GENERAL_ERROR:
fprintf(stderr,"Could not decode given input.\n");
exit(1);
default:
fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
xed_decoded_inst_dump(&xedd,buffer, BUFLEN);
printf("%s\n",buffer);
for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) {
syntax = STATIC_CAST(xed_syntax_enum_t, isyntax);
ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0);
if (ok)
printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer);
else
printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax));
}
memops = xed_decoded_inst_number_of_memory_operands(&xedd);
printf("\nNumber of memory operands: %d\n", (int)memops);
for(memop_index=0; memop_index<memops; memop_index++) {
xed_error = xed_agen(&xedd, memop_index, 0, &out_addr);
if (xed_error != XED_ERROR_NONE) {
fprintf(stderr,"Agen error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
printf("\tMemory agen%d: " XED_FMT_LX "\n", (int)memop_index, out_addr);
}
return 0;
}
//! Standard callback function - Initialize the plugin interface
plugin_interface_t * init_plugin()
{
// Fail to create the plugin log
if (!(loghandle = fopen(logfile, "w"))) {
fprintf(stderr, "cannot create %s\n", logfile);
return NULL;
}
// Init the function map, Don't really know its role
// Check the definition in shared/hooks/function_map
function_map_init();
// Same as above, Don't know nothing about it
// Check the definition in shared/hookapi
init_hookapi();
// Check the definition in shared/procmod
procmod_init();
// Check the definition in shared/reduce_taint. There
// is no documentation. The f**k.
reduce_taint_init();
// XED2 is a X86 Encoder / Decoder. My guess is that
// TEMU use this tool to translate instruction from
// assembly to machine language.
// Check the following link for XED2 documentation
// www.cs.virginia.edu/kim/publicity/pin/docs/24110/Xed/html/main.html
// Init XED instruction table
xed_tables_init();
// Zero-out the structure ?
xed_state_zero( &xed_state );
// Update the XED2 structure with some pre-defined values
xed_state_init( &xed_state, XED_MACHINE_MODE_LEGACY_32, XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b);
// The following portion of code registers all the
// call-back functions. Check the file TEMU_main.h
// for the full list of these functions.
// These functions are user-defined functions which
// we will play with
// Cleanup
interface.plugin_cleanup = detector_cleanup;
// How the taint analysis works
interface.taint_record_size = sizeof(taint_record_t);
interface.taint_propagate = detector_taint_propagate;
// Copy from sample plugin & hookfinder
interface.guest_message = detector_guest_message;
// Beginning of a block, used to indentify process
interface.block_begin = detector_block_begin;
// Beginning of an instruction
interface.insn_begin = detector_insn_begin;
// These twos are for user-interface
interface.term_cmds = detector_term_cmds;
interface.info_cmds = detector_info_cmds;
// Send a tainted keystroke
interface.send_keystroke = detector_send_keystroke;
// What to do with network I/O, we don't need this yet
// my_interface.nic_recv = detector_nic_recv;
// my_interface.nic_send = detector_nic_send;
// Need this to get the value of CR3 register
interface.monitored_cr3 = 0;
// We have TEMU interface now
return & interface;
}
static string
disassemble(UINT64 start, UINT64 stop) {
UINT64 pc = start;
xed_state_t dstate;
xed_syntax_enum_t syntax = XED_SYNTAX_INTEL;
xed_error_enum_t xed_error;
xed_decoded_inst_t xedd;
ostringstream os;
if (sizeof(ADDRINT) == 4)
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
else
xed_state_init(&dstate,
XED_MACHINE_MODE_LONG_64,
XED_ADDRESS_WIDTH_64b,
XED_ADDRESS_WIDTH_64b);
/*while( pc < stop )*/ {
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
UINT32 len = 15;
if (stop - pc < 15)
len = stop-pc;
xed_error = xed_decode(&xedd, reinterpret_cast<const UINT8*>(pc), len);
bool okay = (xed_error == XED_ERROR_NONE);
iostream::fmtflags fmt = os.flags();
os << std::setfill('0')
<< "XDIS "
<< std::hex
<< std::setw(sizeof(ADDRINT)*2)
<< pc
<< std::dec
<< ": "
<< std::setfill(' ')
<< std::setw(4);
if (okay) {
char buffer[200];
unsigned int dec_len, sp;
os << xed_extension_enum_t2str(xed_decoded_inst_get_extension(&xedd));
dec_len = xed_decoded_inst_get_length(&xedd);
print_hex_line(buffer, reinterpret_cast<UINT8*>(pc), dec_len);
os << " " << buffer;
for ( sp=dec_len; sp < 12; sp++) // pad out the instruction bytes
os << " ";
os << " ";
memset(buffer,0,200);
int dis_okay = xed_format(syntax, &xedd, buffer, 200, pc);
if (dis_okay)
os << buffer << endl;
else
os << "Error disasassembling pc 0x" << std::hex << pc << std::dec << endl;
pc += dec_len;
}
else { // print the byte and keep going.
UINT8 memval = *reinterpret_cast<UINT8*>(pc);
os << "???? " // no extension
<< std::hex
<< std::setw(2)
<< std::setfill('0')
<< static_cast<UINT32>(memval)
<< std::endl;
pc += 1;
}
os.flags(fmt);
}
return os.str();
}
int main(int argn, char **argv)
{
uint32_t depend_id = 0;
char *tail;
static struct option long_options[] = {
{"depend_id", 1, 0, 'd'},
{0, 0, 0, 0}
};
xed_tables_init();
// The state of the machine -- required for decoding
xed_state_t dstate;
xed_state_zero(&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
while (1) {
int option_index = 0;
int c = getopt_long(argn, argv, "d:", long_options,
&option_index);
if (c == -1) break;
switch (c)
{
case 0:
if (long_options[option_index].flag != 0)
break;
printf ("option %s", long_options[option_index].name);
if (optarg)
printf(" with arg %s", optarg);
printf("\n");
break;
case 'd':
depend_id = strtol(optarg, &tail, 0);
break;
default:
abort();
}
}
//trace_record_t rec;
if(optind >= argn) {
printf("usage: %s [-d id] trace_file\n", argv[0]);
return -1;
}
FILE *fp = fopen(argv[optind++],"r");
if(!fp) {
printf("cannnot open %s! errno=%d\n", argv[optind-1], errno);
return -1;
}
if(depend_id == 0)
print_all_records(fp);
else
trace_back(fp, depend_id);
fclose(fp);
return 0;
}
int
main(int argc, char** argv)
{
xed_error_enum_t xed_error;
xed_bool_t long_mode = 0;
xed_state_t dstate;
unsigned int first_argv;
unsigned int bytes = 0;
unsigned char itext[XED_MAX_INSTRUCTION_BYTES];
int i;
unsigned int u;
xed_decoded_inst_t xedd;
#define BUFLEN 1000
char buffer[BUFLEN];
xed_bool_t ok;
unsigned int isyntax;
xed_syntax_enum_t syntax;
xed_tables_init();
xed_state_zero(&dstate);
xed_set_verbosity( 99 );
if (argc > 2 && strcmp(argv[1], "-64") == 0)
long_mode = 1;
if (long_mode) {
first_argv = 2;
dstate.mmode=XED_MACHINE_MODE_LONG_64;
}
else {
first_argv=1;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
}
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
for( i=first_argv ;i < argc; i++) {
xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i]));
assert(bytes < XED_MAX_INSTRUCTION_BYTES);
itext[bytes++] = x;
}
if (bytes == 0) {
fprintf(stderr, "Must supply some hex bytes\n");
exit(1);
}
printf("PARSING BYTES: ");
for( u=0;u<bytes; u++)
printf("%02x ", STATIC_CAST(unsigned int,itext[u]));
printf("\n");
xed_error = xed_decode(&xedd,
REINTERPRET_CAST(const xed_uint8_t*,itext),
bytes);
switch(xed_error)
{
case XED_ERROR_NONE:
break;
case XED_ERROR_BUFFER_TOO_SHORT:
fprintf(stderr,"Not enough bytes provided\n");
exit(1);
case XED_ERROR_GENERAL_ERROR:
fprintf(stderr,"Could not decode given input.\n");
exit(1);
default:
fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
//memset(buffer,0,BUFLEN);
xed_decoded_inst_dump(&xedd,buffer, BUFLEN);
printf("%s\n",buffer);
for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) {
syntax = STATIC_CAST(xed_syntax_enum_t, isyntax);
ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0);
if (ok)
printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer);
else
printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax));
}
return 0;
}
void OfflineX86Code::xedInit() {
xed_state_init(&xed_state, XED_MACHINE_MODE_LONG_64,
XED_ADDRESS_WIDTH_64b, XED_ADDRESS_WIDTH_64b);
xed_tables_init();
xed_syntax = getenv("HHVM_INTEL_DISAS") ? XED_SYNTAX_INTEL : XED_SYNTAX_ATT;
}
