void mterpBBCallback(DECAF_Callback_Params* params)
{
if ( (mterpMap == NULL) || (params == NULL) )
{
return;
}
CPUState* env = params->bb.env;
TranslationBlock* tb = params->bb.tb;
Dalvik_Callback_Params dalvikparams;
DEFENSIVE_CHECK0((env == NULL) || (tb == NULL));
MterpInfo* pInfo = NULL;
if (OpaqueHashmap_getVal(mterpMap, getCurrentPID(), (void**)&pInfo) != 0)
{
return;
}
//check to make sure that the BB is for the right iBaseRange first
uint32_t opcode = mterpAddrToOpcode(pInfo->iBase, tb->pc);
if (opcode != INV_ADDR)
{
if (RangeList_exist(pInfo->ranges, getDalvikPC(env)))
{
dalvikparams.ib.env = env;
dalvikparams.ib.dalvik_pc = getDalvikPC(env);
dalvikparams.ib.opcode = opcode;
SimpleCallback_dispatch(&DS_Mterp_callbacks[DS_DALVIK_INSN_BEGIN_CB], &dalvikparams);
}
}
}
int openFiles(int argc, char **argv) {
uint32_t pid;
char msg[128];
Stream *lcd;
pid = getCurrentPID();
lcd = svc_myFopen("/dev/lcd/lcd");
svc_myFopen("/dev/button/sw1");
svc_myCreate("dev/fs/data");
svc_myFopen("/dev/fs/data");
sprintf(msg, "Hello from PID %d. Leaving 3 files open, will be closed on kill.\r\n", (int) pid);
efputs(msg, STDOUT);
efflush(STDOUT);
svc_myFputs(msg, lcd);
sprintf(msg, "About to kill PID %d.\r\n", (int) pid);
efputs(msg, STDOUT);
efflush(STDOUT);
svc_myFputs(msg, lcd);
/* kill me */
svc_myKill(pid);
return 0;
}
void disableJitBBCallback(DECAF_Callback_Params* params)
{
if ( (disableJitMap == NULL) || (params == NULL) )
{
return;
}
CPUState* env = params->bb.env;
TranslationBlock* tb = params->bb.tb;
Dalvik_Callback_Params dalvikparams;
DEFENSIVE_CHECK0((env == NULL) || (tb == NULL));
DisableJitInfo* pInfo = NULL;
if (OpaqueHashmap_getVal(disableJitMap, getCurrentPID(), (void**)&pInfo) != 0)
{
return;
}
if (tb->pc == pInfo->getCodeAddr)
{
if (pInfo->retHandle != DECAF_NULL_HANDLE)
{
return;
}
if (RangeList_exist(pInfo->ranges, DECAF_getFirstParam(env)))
{
pInfo->retAddr = lp_strip(DECAF_getReturnAddr(env));
pInfo->retHandle = DECAF_registerOptimizedBlockBeginCallback(&disableJitBBCallback, pInfo->retAddr, OCB_CONST);
}
/** TESTING SETTING THE TARGET ADDRESS TO 0 -- RESULTS: It doesn't make sense why the performance is so much lower
than the original method of replacing the return value with 0. This is particularly true for the string tests
in com.android.cm3 since most of the work is being done outside of the library. Also setting it to 0 makes
gives in consistent results in the . and + in terms of the calls and returns. Before I made this change
there seems to be two .s per + in linpack (which is weird in itself) but after this change there seems to be
many .s per + like thousands more - it is just one single line change - perhaps it has something to do with
the code itself where changing the address to 0 is NOT forcing a NULL to be returned**/
//printf("%x\n", env->regs[0]);
//env->regs[0] = 0;
/** END TEST **/
}
else if ( (pInfo->retHandle != DECAF_NULL_HANDLE) && (lp_strip(tb->pc) == pInfo->retAddr) )
{
#ifdef TARGET_ARM
env->regs[0] = 0;
#elif defined(TARGET_I386)
env->regs[R_EAX] = 0;
#endif
DECAF_unregisterOptimizedBlockBeginCallback(pInfo->retHandle);
pInfo->retHandle = DECAF_NULL_HANDLE;
pInfo->retAddr = INV_ADDR;
//printf("+");
}
}
static void DIT_IBCallback(Dalvik_Callback_Params* params)
{
int insnWidth = 0;
DecodedInstruction decInsn;
u2 insns[128];
if (params == NULL)
{
return;
}
CPUState* env = params->ib.env;
gva_t rpc = params->ib.dalvik_pc;
if (getDalvikInstruction(env, rpc, &insnWidth, insns, 128) != 0)
{
DECAF_printf("Could not read the instruction at [%x]\n", rpc);
return;
}
if (eLogLevel == LOG_LEVEL_SIMPLE)
{
char symbolName[128];
if (getSymbol(symbolName, 128, getCurrentPID(), rpc) == 0)
{
DECAF_printf(" ***** %s ***** \n", symbolName);
}
DECAF_printf("[%08x] %s ", rpc, dalvikOpcodeToString(params->ib.opcode));
int i = 0;
for (i = 0; i < 8; i++) {
if (i < insnWidth) {
if (i == 7) {
DECAF_printf(" ... ");
} else {
/* print 16-bit value in little-endian order */
const u1* bytePtr = (const u1*) &insns[i];
DECAF_printf(" %02x%02x", bytePtr[0], bytePtr[1]);
}
} else {
DECAF_printf(" ");
}
}
DECAF_printf("\n");
return;
}
decodeDalvikInstruction(insns, &decInsn);
dumpDalvikInstruction(stdout, env, insns, 0, insnWidth, &decInsn, 0, rpc, eLogLevel);
}
/* there is a race condition when reading the button value */
int sw2message(int argc, char **argv) {
Stream *sw2;
int c;
uint32_t pid;
char msg[64];
pid = getCurrentPID();
sw2 = svc_myFopen("/dev/button/sw2");
while(TRUE) {
c = svc_myFgetc(sw2);
if (c == EOF) {
efputs("sw2message: end of file received from button\r\n", STDOUT);
}
if (c) {
sprintf(msg, "Hello from PID %d. sw2 was pressed\r\n", (int) pid);
efputs(msg, STDOUT);
}
}
}
int mterpBBCondFunc(DECAF_callback_type_t cbType, gva_t curPC, gva_t nextPC)
{
DEFENSIVE_CHECK1(cbType != DECAF_BLOCK_BEGIN_CB, 0);
if (mterpMap == NULL)
{
return (0);
}
MterpInfo* pInfo = NULL;
if (OpaqueHashmap_getVal(mterpMap, getCurrentPID(), (void**)&pInfo) != 0)
{
return (0);
}
if ( (curPC >= pInfo->iBase) && (curPC <= (pInfo->iBase + (256 << 6))) )
{
return (1);
}
return (0);
}
TEST_F(MemoryTest, GetCurrentPID) {
EXPECT_EQ(0, getCurrentPID());
}
/**
* Instruction Begin callback.
*/
void nd_instruction_begin_callback(DECAF_Callback_Params* params){
DEFENSIVE_CHECK0(params == NULL);
DEFENSIVE_CHECK0(getCurrentPID() != ND_GLOBAL_TRACING_PID);
CPUState* env = params->ib.env;
gva_t cur_pc = params->ib.cur_pc;
//since for thumb instruction, the last bit is '1'
gva_t cur_pc_even = cur_pc & 0xfffffffe;
if(!nd_in_blacklist(cur_pc_even)){
return;
}
//ARM Instruction
union _tmpARMInsn{
target_ulong insn;
char chars[4];
} tmpARMInsn;
//Thumb Instruction
union _tmpThumbInsn{
unsigned short insn;
char chars[2];
} tmpThumbInsn;
//Thumb2 Instruction
union _tmpThumb2Insn{
target_ulong insn;
char chars[4];
} tmpThumb2Insn;
//undefined instruction
if(cur_pc == -1){
return;
}
//the first instruction of target native method
SourcePolicy* sourcePolicy = findSourcePolicy(cur_pc_even);
if(sourcePolicy != NULL){
DECAF_printf("Step into Native\n");
sourcePolicy->handler(sourcePolicy, env);
}
//DECAF_printf("%x %x\n", cur_pc_even, lastCallSysLibAddrRet);
//return from JNI API calls/system library calls
if(cur_pc_even == lastCallJNIAddrRet){
if(lastJniHandler != NULL){
lastJniHandler(env, 0);
lastJniHandler = NULL;
lastCallJNIAddrRet = -1;
}
}
if(cur_pc_even == lastCallSysLibAddrRet){
if(lastSysLibHandler != NULL){
lastSysLibHandler(env, 0);
lastSysLibHandler = NULL;
lastCallSysLibAddrRet = -1;
}
}
//Thumb instruction
if(env->thumb == 1){
if(DECAF_read_mem(env, cur_pc_even, tmpThumbInsn.chars, 2) != -1){
darm_t d;
//darm_str_t str;
// magic table constructed based on section A6.1 of the ARM manual
static uint8_t is_thumb2[0x20] = {
[0x01d] = 1,
[0x01e] = 1,
[0x01f] = 1,
};
if(is_thumb2[tmpThumbInsn.insn >> 11]){
//Thumb2 instruction
if(DECAF_read_mem(env, cur_pc_even, tmpThumb2Insn.chars, 4) != -1){
if(darm_thumb2_disasm(&d, tmpThumb2Insn.insn & 0x0000ffff,
tmpThumb2Insn.insn >> 16, env) == 0){
//if(darm_str(&d, &str, env) == 0){
//DECAF_printf("T2 %x: %s\n", cur_pc, str.total);
//}
}
}
}else{
//Thumb instruction
if(darm_thumb_disasm(&d, tmpThumbInsn.insn, env) == 0){
//if(darm_str(&d, &str, env) == 0){
//DECAF_printf("T %x: %s\n", cur_pc, str.total);
//}
}
}
}
/**
* Instruction Begin callback.
*/
void nd_instruction_begin_callback(DECAF_Callback_Params* params){
DEFENSIVE_CHECK0(params == NULL);
DEFENSIVE_CHECK0(getCurrentPID() != ND_GLOBAL_TRACING_PID);
CPUState* env = params->ib.env;
gva_t cur_pc = params->ib.cur_pc;
//since for thumb instruction, the last bit is '1'
gva_t cur_pc_even = cur_pc & 0xfffffffe;
//ARM Instruction
union _tmpARMInsn{
target_ulong insn;
char chars[4];
} tmpARMInsn;
//Thumb Instruction
union _tmpThumbInsn{
unsigned short insn;
char chars[2];
} tmpThumbInsn;
//Thumb2 Instruction
union _tmpThumb2Insn{
target_ulong insn;
char chars[4];
} tmpThumb2Insn;
//undefined instruction
if(cur_pc == -1){
return;
}
//the first instruction of target native method
SourcePolicy* sourcePolicy = findSourcePolicy(cur_pc_even);
if(sourcePolicy != NULL){
sourcePolicy->handler(sourcePolicy, env);
}
//Thumb instruction
if(env->thumb == 1){
if(DECAF_read_mem(env, cur_pc_even, tmpThumbInsn.chars, 2) != -1){
darm_t d;
darm_str_t str;
// magic table constructed based on section A6.1 of the ARM manual
static uint8_t is_thumb2[0x20] = {
[0x01d] = 1,
[0x01e] = 1,
[0x01f] = 1,
};
if(is_thumb2[tmpThumbInsn.insn >> 11]){
//Thumb2 instruction
if(DECAF_read_mem(env, cur_pc_even, tmpThumb2Insn.chars, 4) != -1){
if(darm_thumb2_disasm(&d, tmpThumb2Insn.insn >> 16, tmpThumb2Insn.insn & 0x0000ffff) == 0){
if(darm_str(&d, &str) == 0){
//DECAF_printf("T2 %x: %s\n", cur_pc, str.total);
}
}
}
}else{
//Thumb instruction
if(darm_thumb_disasm(&d, tmpThumbInsn.insn) == 0){
if(darm_str(&d, &str) == 0){
//DECAF_printf("T %x: %s\n", cur_pc, str.total);
}
}
}
}
