static VOID on_module_loading(IMG img, VOID *data)
{
if (IMG_IsMainExecutable(img))
{
RTN routine = RTN_FindByName(img, "foo1");
if (RTN_Valid(routine) && RTN_IsSafeForProbedReplacement(routine))
{
PROTO foo1_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"foo1", PIN_PARG_END() );
AFUNPTR foo1_ptr = RTN_ReplaceSignatureProbed(routine, (AFUNPTR)foo1_rep,
IARG_PROTOTYPE, foo1_proto,
IARG_ORIG_FUNCPTR,
IARG_END);
ASSERTX(foo1_ptr != 0);
}
routine = RTN_FindByName(img, "foo2");
if (RTN_Valid(routine) && RTN_IsSafeForProbedInsertion(routine))
{
PROTO foo2_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
"foo2",
PIN_PARG_END() );
RTN_InsertCallProbed(routine, IPOINT_BEFORE, AFUNPTR( foo2_before ),
IARG_PROTOTYPE, foo2_proto,
IARG_END);
RTN_InsertCallProbed(routine, IPOINT_AFTER, AFUNPTR( foo2_after ),
IARG_PROTOTYPE, foo2_proto,
IARG_END);
}
VOID Image(IMG img, VOID * v)
{
if ( (IMG_Name(img).find("ntdll.dll") != string::npos) ||
(IMG_Name(img).find("NTDLL.DLL") != string::npos) ||
(IMG_Name(img).find("NTDLL.dll") != string::npos) )
{
return;
}
if ( (IMG_Name(img).find("MSVCR") != string::npos) ||
(IMG_Name(img).find("msvcr") != string::npos) )
{ // _NLG_Return2 causes problems
return;
}
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
if (RTN_Name(rtn).find(".text") != string::npos)
{
continue;
}
BOOL canBeProbed = RTN_IsSafeForProbedInsertion(rtn);
if (canBeProbed && RTN_Name(rtn)[0] != '_' && RTN_Name(rtn)[0] != '.')
{
RTN_InsertCallProbed( rtn, IPOINT_BEFORE, AFUNPTR(AtRtn), IARG_PTR, RTN_Name(rtn).c_str(), IARG_TSC, IARG_END);
}
}
}
}
static VOID on_module_loading(IMG img, VOID *data)
{
if (IMG_IsMainExecutable(img))
{
RTN routine = RTN_FindByName(img, "foo");
if (!RTN_Valid(routine))
{
routine = RTN_FindByName(img, "@foo@28");
}
if (RTN_Valid(routine))
{
PROTO foo_proto = PROTO_Allocate( PIN_PARG(int), CALL_TYPE,
"foo",
PIN_PARG(int), PIN_PARG(int),
PIN_PARG(int), PIN_PARG(int),
PIN_PARG(int), PIN_PARG(int),
PIN_PARG(int), PIN_PARG_END() );
RTN_InsertCallProbed(routine, IPOINT_BEFORE, AFUNPTR( foo_before ),
IARG_PROTOTYPE, foo_proto,
IARG_FUNCARG_ENTRYPOINT_VALUE, 6,
IARG_FUNCARG_ENTRYPOINT_VALUE, 5,
IARG_FUNCARG_ENTRYPOINT_VALUE, 4,
IARG_FUNCARG_ENTRYPOINT_VALUE, 3,
IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
IARG_END);
RTN_InsertCallProbed(routine, IPOINT_AFTER, AFUNPTR( foo_after ),
IARG_PROTOTYPE, foo_proto,
IARG_RETURN_IP,
IARG_END);
}
}
}
