void init_disas(void)
{
xed_tables_init();
xed_state_zero(&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b);
}
/* XED2 initialization */
void xed2_init()
{
xed_tables_init ();
xed_state_zero (&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
// Format options
xed_format_options_t xed_foptions;
xed_foptions.hex_address_before_symbolic_name = 1;
xed_foptions.no_sign_extend_signed_immediates = 1;
xed_foptions.omit_unit_scale = 1;
xed_foptions.xml_a = 0;
xed_foptions.xml_f = 0;
xed_format_set_options(xed_foptions);
}
int
main(int argc, char** argv)
{
xed_error_enum_t xed_error;
xed_bool_t long_mode = 0;
xed_bool_t real_mode = 0;
xed_bool_t protected_16 = 0;
xed_state_t dstate;
unsigned int first_argv;
unsigned int bytes = 0;
unsigned char itext[XED_MAX_INSTRUCTION_BYTES];
int i;
unsigned int u;
xed_decoded_inst_t xedd;
#define BUFLEN 1000
char buffer[BUFLEN];
xed_bool_t ok;
unsigned int isyntax;
xed_syntax_enum_t syntax;
unsigned int memop_index = 0;
unsigned int memops = 0;
xed_uint64_t out_addr = 0;
xed_tables_init();
xed_agen_register_callback( register_callback, segment_callback);
xed_state_zero(&dstate);
xed_set_verbosity( 99 );
if (argc > 2 && strcmp(argv[1], "-64") == 0)
long_mode = 1;
if (argc > 2 && strcmp(argv[1], "-r") == 0)
real_mode = 1;
if (argc > 2 && strcmp(argv[1], "-16") == 0)
protected_16 = 1;
if (long_mode) {
first_argv = 2;
dstate.mmode=XED_MACHINE_MODE_LONG_64;
}
else if (protected_16) {
first_argv = 2;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_16,
XED_ADDRESS_WIDTH_16b,
XED_ADDRESS_WIDTH_16b);
}
else if (real_mode) {
first_argv = 2;
/* we say that real mode uses 16b addressing even though the
addresses returned are 20b long. */
xed_state_init(&dstate,
XED_MACHINE_MODE_REAL_16,
XED_ADDRESS_WIDTH_16b,
XED_ADDRESS_WIDTH_16b);
}
else {
first_argv=1;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
}
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
for( i=first_argv ; i < argc; i++) {
xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i]));
assert(bytes < XED_MAX_INSTRUCTION_BYTES);
itext[bytes++] = x;
}
if (bytes == 0) {
fprintf(stderr, "Must supply some hex bytes\n");
exit(1);
}
printf("PARSING BYTES: ");
for( u=0; u<bytes; u++)
printf("%02x ", STATIC_CAST(unsigned int,itext[u]));
printf("\n");
xed_error = xed_decode(&xedd,
REINTERPRET_CAST(const xed_uint8_t*,itext),
bytes);
switch(xed_error)
{
case XED_ERROR_NONE:
break;
case XED_ERROR_BUFFER_TOO_SHORT:
fprintf(stderr,"Not enough bytes provided\n");
exit(1);
case XED_ERROR_GENERAL_ERROR:
fprintf(stderr,"Could not decode given input.\n");
exit(1);
default:
fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
xed_decoded_inst_dump(&xedd,buffer, BUFLEN);
printf("%s\n",buffer);
for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) {
syntax = STATIC_CAST(xed_syntax_enum_t, isyntax);
ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0);
if (ok)
printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer);
else
printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax));
}
memops = xed_decoded_inst_number_of_memory_operands(&xedd);
printf("\nNumber of memory operands: %d\n", (int)memops);
for(memop_index=0; memop_index<memops; memop_index++) {
xed_error = xed_agen(&xedd, memop_index, 0, &out_addr);
if (xed_error != XED_ERROR_NONE) {
fprintf(stderr,"Agen error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
printf("\tMemory agen%d: " XED_FMT_LX "\n", (int)memop_index, out_addr);
}
return 0;
}
//! Standard callback function - Initialize the plugin interface
plugin_interface_t * init_plugin()
{
// Fail to create the plugin log
if (!(loghandle = fopen(logfile, "w"))) {
fprintf(stderr, "cannot create %s\n", logfile);
return NULL;
}
// Init the function map, Don't really know its role
// Check the definition in shared/hooks/function_map
function_map_init();
// Same as above, Don't know nothing about it
// Check the definition in shared/hookapi
init_hookapi();
// Check the definition in shared/procmod
procmod_init();
// Check the definition in shared/reduce_taint. There
// is no documentation. The f**k.
reduce_taint_init();
// XED2 is a X86 Encoder / Decoder. My guess is that
// TEMU use this tool to translate instruction from
// assembly to machine language.
// Check the following link for XED2 documentation
// www.cs.virginia.edu/kim/publicity/pin/docs/24110/Xed/html/main.html
// Init XED instruction table
xed_tables_init();
// Zero-out the structure ?
xed_state_zero( &xed_state );
// Update the XED2 structure with some pre-defined values
xed_state_init( &xed_state, XED_MACHINE_MODE_LEGACY_32, XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b);
// The following portion of code registers all the
// call-back functions. Check the file TEMU_main.h
// for the full list of these functions.
// These functions are user-defined functions which
// we will play with
// Cleanup
interface.plugin_cleanup = detector_cleanup;
// How the taint analysis works
interface.taint_record_size = sizeof(taint_record_t);
interface.taint_propagate = detector_taint_propagate;
// Copy from sample plugin & hookfinder
interface.guest_message = detector_guest_message;
// Beginning of a block, used to indentify process
interface.block_begin = detector_block_begin;
// Beginning of an instruction
interface.insn_begin = detector_insn_begin;
// These twos are for user-interface
interface.term_cmds = detector_term_cmds;
interface.info_cmds = detector_info_cmds;
// Send a tainted keystroke
interface.send_keystroke = detector_send_keystroke;
// What to do with network I/O, we don't need this yet
// my_interface.nic_recv = detector_nic_recv;
// my_interface.nic_send = detector_nic_send;
// Need this to get the value of CR3 register
interface.monitored_cr3 = 0;
// We have TEMU interface now
return & interface;
}
static void decode_insn(struct pt_insn_decoder *decoder,
const struct ptxed_options *options,
struct ptxed_stats *stats)
{
xed_state_t xed;
uint64_t offset, sync, time;
if (!options) {
printf("[internal error]\n");
return;
}
xed_state_zero(&xed);
offset = 0ull;
sync = 0ull;
time = 0ull;
for (;;) {
struct pt_insn insn;
int errcode;
/* Initialize the IP - we use it for error reporting. */
insn.ip = 0ull;
errcode = pt_insn_sync_forward(decoder);
if (errcode < 0) {
uint64_t new_sync;
if (errcode == -pte_eos)
break;
diagnose_insn("sync error", decoder, &insn, errcode);
/* Let's see if we made any progress. If we haven't,
* we likely never will. Bail out.
*
* We intentionally report the error twice to indicate
* that we tried to re-sync. Maybe it even changed.
*/
errcode = pt_insn_get_offset(decoder, &new_sync);
if (errcode < 0 || (new_sync <= sync))
break;
sync = new_sync;
continue;
}
for (;;) {
if (options->print_offset) {
errcode = pt_insn_get_offset(decoder, &offset);
if (errcode < 0)
break;
}
if (options->print_time) {
errcode = pt_insn_time(decoder, &time, NULL,
NULL);
if (errcode < 0)
break;
}
errcode = pt_insn_next(decoder, &insn, sizeof(insn));
if (errcode < 0) {
/* Even in case of errors, we may have succeeded
* in decoding the current instruction.
*/
if (insn.iclass != ptic_error) {
if (!options->quiet)
print_insn(&insn, &xed, options,
offset, time);
if (stats)
stats->insn += 1;
}
break;
}
if (!options->quiet)
print_insn(&insn, &xed, options, offset, time);
if (stats)
stats->insn += 1;
if (errcode & pts_eos) {
if (!insn.disabled && !options->quiet)
printf("[end of trace]\n");
errcode = -pte_eos;
break;
}
}
/* We shouldn't break out of the loop without an error. */
if (!errcode)
errcode = -pte_internal;
/* We're done when we reach the end of the trace stream. */
if (errcode == -pte_eos)
break;
diagnose_insn("error", decoder, &insn, errcode);
}
}
int main(int argc, char** argv) {
xed_ild_t ild;
xed_uint_t uargc = (xed_uint_t)argc;
xed_uint_t length = 0;
xed_uint_t dlen = 0;
xed_uint_t i,j,input_nibbles=0;
xed_uint8_t itext[XED_MAX_INSTRUCTION_BYTES];
char src[MAX_INPUT_NIBBLES+1];
xed_state_t dstate;
xed_decoded_inst_t xedd;
xed_uint_t first_argv;
xed_uint_t bytes;
xed_error_enum_t xed_error;
xed_chip_enum_t chip = XED_CHIP_INVALID;
int already_set_mode = 0;
// initialize the XED tables -- one time.
xed_tables_init();
xed_state_zero(&dstate);
first_argv = 1;
dstate.mmode=XED_MACHINE_MODE_LEGACY_32;
dstate.stack_addr_width=XED_ADDRESS_WIDTH_32b;
for(i=1;i< uargc;i++) {
if (strcmp(argv[i], "-64") == 0) {
assert(already_set_mode == 0);
already_set_mode = 1;
dstate.mmode=XED_MACHINE_MODE_LONG_64;
first_argv++;
}
else if (strcmp(argv[i], "-16") == 0) {
assert(already_set_mode == 0);
already_set_mode = 1;
dstate.mmode=XED_MACHINE_MODE_LEGACY_16;
dstate.stack_addr_width=XED_ADDRESS_WIDTH_16b;
first_argv++;
}
else if (strcmp(argv[i], "-s16") == 0) {
already_set_mode = 1;
dstate.stack_addr_width=XED_ADDRESS_WIDTH_16b;
first_argv++;
}
else if (strcmp(argv[i], "-chip") == 0) {
assert(i+1 < uargc);
chip = str2xed_chip_enum_t(argv[i+1]);
printf("Setting chip to %s\n", xed_chip_enum_t2str(chip));
assert(chip != XED_CHIP_INVALID);
first_argv+=2;
}
}
assert(first_argv < uargc);
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
if (first_argv >= uargc) {
printf("Need some hex instruction nibbles");
exit(1);
}
for(i=first_argv;i<uargc;i++) {
for(j=0;argv[i][j];j++) {
assert(input_nibbles < MAX_INPUT_NIBBLES);
src[input_nibbles] = argv[i][j];
input_nibbles++;
}
}
src[input_nibbles] = 0;
if (input_nibbles & 1) {
printf("Need an even number of nibbles");
exit(1);
}
bytes = xed_convert_ascii_to_hex(src, itext, XED_MAX_INSTRUCTION_BYTES);
printf("Attempting to decode: ");
for(i=0;i<bytes;i++) {
printf("%02x", itext[i]);
}
printf("\n");
xed_ild_init(&ild, dstate.mmode, chip, itext, XED_MAX_INSTRUCTION_BYTES);
length = xed_instruction_length_decode(&ild);
print_ild(&ild);
printf("ILD length = %d\n",length);
xed_decoded_inst_set_input_chip(&xedd, chip);
xed_error = xed_decode(&xedd,
XED_REINTERPRET_CAST(const xed_uint8_t*,itext),
bytes);
switch(xed_error) {
case XED_ERROR_NONE:
break;
case XED_ERROR_BUFFER_TOO_SHORT:
printf("Not enough bytes provided\n");
exit(1);
case XED_ERROR_INVALID_FOR_CHIP:
printf("The instruction was not valid for the specified chip.\n");
exit(1);
case XED_ERROR_GENERAL_ERROR:
printf("Could not decode given input.\n");
exit(1);
default:
printf("Unhandled error code %s\n",xed_error_enum_t2str(xed_error));
exit(1);
}
dlen = xed_decoded_inst_get_length(&xedd);
printf ("Traditional length = %d\n", dlen);
if (dlen != length) {
printf ("Length error\n");
exit(1);
}
printf ("Length matched\n");
return 0;
}
int main(int argn, char **argv)
{
uint32_t depend_id = 0;
char *tail;
static struct option long_options[] = {
{"depend_id", 1, 0, 'd'},
{0, 0, 0, 0}
};
xed_tables_init();
// The state of the machine -- required for decoding
xed_state_t dstate;
xed_state_zero(&dstate);
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
while (1) {
int option_index = 0;
int c = getopt_long(argn, argv, "d:", long_options,
&option_index);
if (c == -1) break;
switch (c)
{
case 0:
if (long_options[option_index].flag != 0)
break;
printf ("option %s", long_options[option_index].name);
if (optarg)
printf(" with arg %s", optarg);
printf("\n");
break;
case 'd':
depend_id = strtol(optarg, &tail, 0);
break;
default:
abort();
}
}
//trace_record_t rec;
if(optind >= argn) {
printf("usage: %s [-d id] trace_file\n", argv[0]);
return -1;
}
FILE *fp = fopen(argv[optind++],"r");
if(!fp) {
printf("cannnot open %s! errno=%d\n", argv[optind-1], errno);
return -1;
}
if(depend_id == 0)
print_all_records(fp);
else
trace_back(fp, depend_id);
fclose(fp);
return 0;
}
int
main(int argc, char** argv)
{
xed_error_enum_t xed_error;
xed_bool_t long_mode = 0;
xed_state_t dstate;
unsigned int first_argv;
unsigned int bytes = 0;
unsigned char itext[XED_MAX_INSTRUCTION_BYTES];
int i;
unsigned int u;
xed_decoded_inst_t xedd;
#define BUFLEN 1000
char buffer[BUFLEN];
xed_bool_t ok;
unsigned int isyntax;
xed_syntax_enum_t syntax;
xed_tables_init();
xed_state_zero(&dstate);
xed_set_verbosity( 99 );
if (argc > 2 && strcmp(argv[1], "-64") == 0)
long_mode = 1;
if (long_mode) {
first_argv = 2;
dstate.mmode=XED_MACHINE_MODE_LONG_64;
}
else {
first_argv=1;
xed_state_init(&dstate,
XED_MACHINE_MODE_LEGACY_32,
XED_ADDRESS_WIDTH_32b,
XED_ADDRESS_WIDTH_32b);
}
xed_decoded_inst_zero_set_mode(&xedd, &dstate);
for( i=first_argv ;i < argc; i++) {
xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i]));
assert(bytes < XED_MAX_INSTRUCTION_BYTES);
itext[bytes++] = x;
}
if (bytes == 0) {
fprintf(stderr, "Must supply some hex bytes\n");
exit(1);
}
printf("PARSING BYTES: ");
for( u=0;u<bytes; u++)
printf("%02x ", STATIC_CAST(unsigned int,itext[u]));
printf("\n");
xed_error = xed_decode(&xedd,
REINTERPRET_CAST(const xed_uint8_t*,itext),
bytes);
switch(xed_error)
{
case XED_ERROR_NONE:
break;
case XED_ERROR_BUFFER_TOO_SHORT:
fprintf(stderr,"Not enough bytes provided\n");
exit(1);
case XED_ERROR_GENERAL_ERROR:
fprintf(stderr,"Could not decode given input.\n");
exit(1);
default:
fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error));
exit(1);
}
//memset(buffer,0,BUFLEN);
xed_decoded_inst_dump(&xedd,buffer, BUFLEN);
printf("%s\n",buffer);
for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) {
syntax = STATIC_CAST(xed_syntax_enum_t, isyntax);
ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0);
if (ok)
printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer);
else
printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax));
}
return 0;
}