Example #1
0
void FunctionMonitor::slotTraceCall(S2EExecutionState *state, FunctionMonitorState *fns)
{
    static int f = 0;

    FunctionMonitor::ReturnSignal returnSignal;
    returnSignal.connect(sigc::bind(sigc::mem_fun(*this, &FunctionMonitor::slotTraceRet), f));
    fns->registerReturnSignal(state, returnSignal);

    s2e()->getMessagesStream(state) << "Calling function " << f
                << " at " << hexval(state->getPc()) << std::endl;
    ++f;
}
Example #2
0
/**
 *  A call handler can invoke this function to register a return handler.
 *  XXX: We assume that the passed execution state corresponds to the state in which
 *  this instance of FunctionMonitorState is used.
 */
void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig)
{
    if(sig.empty()) {
        return;
    }

    uint32_t sp;

#ifdef TARGET_ARM
    bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[13]),
                                             &sp, sizeof(target_ulong));
#elif defined(TARGET_I386)
    bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]),
                                             &sp, sizeof(target_ulong));
#else
    assert(false);
#endif

    uint64_t pid = state->getPid();
    if (m_plugin->m_monitor) {
        pid = m_plugin->m_monitor->getPid(state, state->getPc());
    }

    if(!ok) {
        m_plugin->s2e()->getWarningsStream(state)
            << "Function call with symbolic SP!" << std::endl
            << "  PC=" << hexval(state->getPc()) << " PID=" << hexval(pid) << std::endl;
        return;
    }

    ReturnDescriptor descriptor = {pid, sig };
    m_returnDescriptors.insert(std::make_pair(sp, descriptor));
}
Example #3
0
/**
 *  A call handler can invoke this function to register a return handler.
 *  XXX: We assume that the passed execution state corresponds to the state in which
 *  this instance of FunctionMonitorState is used.
 */
void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig)
{
    if(sig.empty()) {
        return;
    }

    uint32_t esp;

    bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]),
                                             &esp, sizeof(target_ulong));
    if(!ok) {
        m_plugin->s2e()->getWarningsStream(state)
            << "Function call with symbolic ESP!" << std::endl
            << "  EIP=" << hexval(state->getPc()) << " CR3=" << hexval(state->getPid()) << std::endl;
        return;
    }

    uint64_t pid = state->getPid();
    if (m_plugin->m_monitor) {
        pid = m_plugin->m_monitor->getPid(state, state->getPc());
    }
    ReturnDescriptor descriptor = {pid, sig };
    m_returnDescriptors.insert(std::make_pair(esp, descriptor));
}