// Is called for every instruction and instruments reads and writes
VOID Instruction(INS ins, VOID *v)
{
BOOL hasReadSegmentedMemAccess = FALSE;
BOOL hasWriteSegmentedMemAccess = FALSE;
if (INS_SegmentRegPrefix(ins) == TESTED_SEG_REG)
//INS_OperandMemorySegmentReg, INS_SegPrefixIsMemoryRead, INS_OperandMemoryDisplacement
{
if (INS_IsMemoryRead(ins))
{
HandleAccess (ins, TRUE /* isRead*/, &hasReadSegmentedMemAccess) ;
}
if (INS_IsMemoryWrite(ins))
{
HandleAccess (ins, FALSE /* isRead*/, &hasWriteSegmentedMemAccess);
}
if (!hasReadSegmentedMemAccess && !hasWriteSegmentedMemAccess)
{
fprintf(trace, "**ERROR SegMemAccess-Lies %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());
hadError = TRUE;
}
}
/*fprintf(trace, "%p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());
fflush (trace);*/
}
void AccessToken::AdjustPrivilege(RCString spriv) {
TOKEN_PRIVILEGES tp = { 1 };
Win32Check(::LookupPrivilegeValue(0, spriv, &tp.Privileges[0].Luid));
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
::SetLastError(0);
Win32Check(::AdjustTokenPrivileges((HANDLE)(intptr_t)HandleAccess(_self), FALSE, &tp, 0, (PTOKEN_PRIVILEGES)0, 0) && !::GetLastError()); // can return TRUE even when ERROR_NOT_ALL_ASSIGNED
}
int FrameBuffer::ExceptionFilter(unsigned int code, struct _EXCEPTION_POINTERS *ep)
{
if (ep->ExceptionRecord->ExceptionCode != EXCEPTION_ACCESS_VIOLATION)
return EXCEPTION_CONTINUE_SEARCH;
if ((m_pEvenLines == NULL) || (m_pOddLines == NULL))
return EXCEPTION_CONTINUE_SEARCH;
char* pMemAddr = (char*) ep->ExceptionRecord->ExceptionInformation[1];
if (IsInBlock(m_pEvenLines, 720*576, pMemAddr))
return HandleAccess(m_pEvenLines, pMemAddr, ep->ExceptionRecord->ExceptionInformation[0]);
if (IsInBlock(m_pOddLines, 720*576, pMemAddr))
return HandleAccess(m_pOddLines, pMemAddr, ep->ExceptionRecord->ExceptionInformation[0]);
return EXCEPTION_CONTINUE_SEARCH;
}
Sid AccessToken::get_User() {
BYTE buf[1000];
DWORD dw;
Win32Check(::GetTokenInformation((HANDLE)(intptr_t)HandleAccess(_self), TokenUser, buf, sizeof(buf), &dw));
return (SID*)((TOKEN_USER*)buf)->User.Sid;
}
AccessToken::AccessToken(Process& process) {
HANDLE h;
Win32Check(::OpenProcessToken((HANDLE)(intptr_t)HandleAccess(*process.m_pimpl), MAXIMUM_ALLOWED, &h));
Attach(h);
}
// Is called for every instruction and instruments reads and writes
VOID Instruction(INS ins, VOID *v)
{
BOOL readsMemory, writesMemory, hasReadSegmentedMemAccess, hasWriteSegmentedMemAccess;
if (INS_EffectiveAddressWidth(ins)==16)
{
if (INS_SegmentRegPrefix(ins) == TESTED_SEG_REG)
{
readsMemory = INS_SegPrefixIsMemoryRead(ins);
writesMemory = INS_SegPrefixIsMemoryWrite(ins);
if(readsMemory)
{
if (INS_IsMemoryRead(ins))
{
HandleSegmentedAccess (ins, TRUE /* isRead*/, &hasReadSegmentedMemAccess) ;
}
}
if (writesMemory)
{
if (INS_IsMemoryWrite(ins))
{
HandleSegmentedAccess (ins, FALSE /* isRead*/, &hasWriteSegmentedMemAccess);
}
}
if (!hasReadSegmentedMemAccess && !hasWriteSegmentedMemAccess)
{
fprintf(trace, "**ERROR SegMemAccess-Lies %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());
hadError = TRUE;
}
else
{
fprintf (trace, "Instrumented ins: %x %s\n",
INS_Address(ins), INS_Disassemble(ins).c_str());
}
fflush(trace);
}
else if (INS_IsMemoryRead(ins) || INS_IsMemoryWrite(ins))
{
fprintf (trace, "Instrumented ins: %x %s\n",
INS_Address(ins), INS_Disassemble(ins).c_str());
fflush (trace);
HandleAccess (ins, INS_IsMemoryRead(ins)) ;
}
}
#ifndef TARGET_LINUX
UINT32 operandCount = INS_OperandCount (ins);
UINT32 i;
for (i=0; i<operandCount; i++)
{
if (INS_OperandIsReg (ins, i) && REG_is_seg(INS_OperandReg (ins, i)) && INS_OperandWritten(ins, i))
{
fprintf(trace, "**ERROR SegOperand-WRITE, not supported %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());
fflush(trace);
hadError = TRUE;
}
}
#endif
/*fprintf(trace, "%p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());
fflush (trace);*/
}
