Exemple #1
0
//--------------------------------------------------------------------------
static VOID app_start_cb(VOID *v)
{
  IMG img = APP_ImgHead();
  for( SEC sec= IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec) )
  {
    ADDRINT sec_ea = SEC_Address(sec);
    if ( sec_ea != 0 )
    {
      ADDRINT check;
      size_t bytes = PIN_SafeCopy(&check, (void*)sec_ea, sizeof(ADDRINT));
      if ( bytes == sizeof(ADDRINT) )
      {
        if ( min_ea > sec_ea || min_ea == 0 )
          min_ea = sec_ea;
        if ( max_ea < sec_ea || max_ea == (unsigned)-1 )
          max_ea = sec_ea;

        segdata_t seg;
        seg.size = SEC_Size(sec);
        seg.check = check;
        seg.written = false;
        seg_bytes[sec_ea] = seg;
        //cerr << "Monitoring segment " << SEC_Name(sec) << " " << hexstr(sec_ea)
        //     << ":" << hexstr(sec_ea+SEC_Size(sec)) << endl;
      }
    }
  }
}
//return the entropy value of the entire program
float ProcInfo::GetEntropy(){
	IMG binary_image = APP_ImgHead();
	// trick in order to convert a ln in log2
	const double d1log2 = 1.4426950408889634073599246810023;
	double Entropy = 0.0;
	unsigned long Entries[256];
	unsigned char* Buffer;
	//calculate the entropy only on the main module address space
	ADDRINT start_address = IMG_LowAddress(binary_image);
	ADDRINT end_address = IMG_HighAddress(binary_image);
	UINT32 size = end_address - start_address;
	// copy the main module in a buffer in order to analyze it
	Buffer = (unsigned char *)malloc(size);
	PIN_SafeCopy(Buffer , (void const *)start_address , size);
	// set to all zero the matrix of the bytes occurrence
	memset(Entries, 0, sizeof(unsigned long) * 256);
	// increment the counter of the current read byte (Buffer[i])in the occurence matrix (Entries)
	for (unsigned long i = 0; i < size; i++)
		Entries[Buffer[i]]++;
	// do the shannon formula on the occurence matrix ( H = sum(P(i)*log2(P(i)) )
	for (unsigned long i = 0; i < 256; i++)
	{
		double Temp = (double) Entries[i] / (double) size;
		if (Temp > 0)
			Entropy += - Temp*(log(Temp)*d1log2); 
	}
	return Entropy;
}
Exemple #3
0
static BOOL DebugInterpreter(THREADID tid, CONTEXT *ctxt, const string &cmd, string *result, VOID *)
{
    TINFO_MAP::iterator it = ThreadInfos.find(tid);
    if (it == ThreadInfos.end())
        return FALSE;
    TINFO *tinfo = it->second;

    std::string line = TrimWhitespace(cmd);
    *result = "";

    if (line == "help")
    {
        result->append("mappings             -- Mappings.\n");
        return TRUE;
    }
    else if(line == "mappings")
    {
      tinfo->_os.str("");
      tinfo->_os << "{"; //open JSON
      for( IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img) )
      {
        const string& name = LEVEL_PINCLIENT::IMG_Name(img);
        tinfo->_os <<"\""<< name << "\":{"; //open img
        ADDRINT address = LEVEL_PINCLIENT::IMG_LowAddress(img);
        tinfo->_os << "\"start\":" << address << ",";
        address = LEVEL_PINCLIENT::IMG_HighAddress(img);
        tinfo->_os << "\"end\":" << address << ",";
        tinfo->_os << "\"sections\":" << "{"; //open sections
        for( SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
        {
          const string& name = LEVEL_PINCLIENT::SEC_Name(sec);
          if(name != "")
          {
            tinfo->_os << "\"" << name <<"\":{"; //open section
            ADDRINT address = LEVEL_PINCLIENT::SEC_Address(sec);
            tinfo->_os << "\"start\":" << address << ",";
            USIZE size = LEVEL_PINCLIENT::SEC_Size(sec);
            if(SEC_Valid(SEC_Next(sec)))
            {
              tinfo->_os << "\"size\":" << size << "},"; //close section
            }else
            {
              tinfo->_os << "\"size\":" << size << "}}"; //close section and sections
            }
          }
        }
        if(IMG_Valid(IMG_Next(img)))
        {
          tinfo->_os << "},"; //close img
        }else
        {
          tinfo->_os << "}}"; //close img and json
        }
      }
      *result = tinfo->_os.str();
      return TRUE;
    }

    return FALSE;   /* Unknown command */
}
static void reportError(ADDRINT addr)
{
    fprintf (stderr, "BAD Fetch from 0x%08x\n", addr);
    for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
    {
        fprintf (stderr, "%-30s: 0x%08x:0x%08x\n", IMG_Name(img).c_str(),
                 IMG_LowAddress(img),IMG_HighAddress(img));
    }
    exit (-1);
}
Exemple #5
0
VOID InstructionProp(INS ins, VOID *v)
{
	PIN_LockClient();
	for (IMG image = APP_ImgHead();image!=IMG_Invalid();image=IMG_Next(image))
	{
		inst_func_summary(image);
	}
	PIN_UnlockClient();

}
// Print the list of images currently loaded, with some information about each.
static VOID PrintImageList()
{
    for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
    {
        ADDRESS_RANGE range = FindImageTextMargin(img);

        fprintf (trace, "   L  %-40s %2d [0x%llx:0x%llx] offset 0x%llx %4d RTNs\n", IMG_Name(img).c_str(), (int)IMG_Id(img),
                 (unsigned long long)range._low, (unsigned long long)range._high, (unsigned long long)IMG_LoadOffset(img),
                   CountImageRtns (img));
    }    
}
// Print the list of images currently loaded, with some information about each.
static VOID PrintImageList()
{
    for (IMG img= APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
    {
        int nSecs;
        int nRtns;

        CountImageSecsAndRtns (img, &nSecs, &nRtns);
        fprintf (trace, "   L  %-40s %2d [0x%lx:0x%lx] offset 0x%lx %2d SECs %4d RTNs\n", IMG_Name(img).c_str(), IMG_Id(img),
                 (unsigned long)IMG_LowAddress(img), (unsigned long)IMG_HighAddress(img), (unsigned long)IMG_LoadOffset(img), nSecs, nRtns);
    }    
}
Exemple #8
0
/**
* Given an address, this function determines the name of the loaded module the
* address belongs to. If the address does not belong to any module, the empty
* string is returned.
**/
std::string getModule(ADDRINT address)
{
	// To find the module name of an address, iterate over all sections of all
	// modules until a section is found that contains the address.

	for(IMG img=APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
	{
		for(SEC sec=IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
		{
			if (address >= SEC_Address(sec) && address < SEC_Address(sec) + SEC_Size(sec))
			{
				return extractFilename(IMG_Name(img));
			}
		}
	}

	return "";
}
Exemple #9
0
/**
* Determines whether a given address belongs to a known module or not.
**/
bool isUnknownAddress(ADDRINT address)
{
	// An address belongs to a known module, if the address belongs to any
	// section of any module in the target address space.

	for(IMG img=APP_ImgHead(); IMG_Valid(img); img = IMG_Next(img))
	{
		for(SEC sec=IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
		{
			if (address >= SEC_Address(sec) && address < SEC_Address(sec) + SEC_Size(sec))
			{
				return false;
			}
		}
	}

	return true;
}
float ProcInfo::GetEntropy(){

	IMG binary_image = APP_ImgHead();

	const double d1log2 = 1.4426950408889634073599246810023;
	double Entropy = 0.0;
	unsigned long Entries[256];
	unsigned char* Buffer;

	ADDRINT start_address = IMG_LowAddress(binary_image);
	ADDRINT end_address = IMG_HighAddress(binary_image);
	UINT32 size = end_address - start_address;

	Buffer = (unsigned char *)malloc(size);

	MYLOG("size to dump is %d" , size);
	MYLOG("Start address is %08x" , start_address);
	MYLOG("Start address is %08x" , end_address);
	MYLOG("IMAGE NAME IS %s" , IMG_Name(binary_image));

	PIN_SafeCopy(Buffer , (void const *)start_address , size);

	memset(Entries, 0, sizeof(unsigned long) * 256);

	for (unsigned long i = 0; i < size; i++)
		Entries[Buffer[i]]++;
	for (unsigned long i = 0; i < 256; i++)
	{
		double Temp = (double) Entries[i] / (double) size;
		if (Temp > 0)
			Entropy += - Temp*(log(Temp)*d1log2); 
	}

	MYLOG("ENTROPY IS %f" , Entropy);

	return Entropy;
}