void tracing_insn_end(DECAF_Callback_Params* params) { CPUState * env; /* If not decoding, return */ if (skip_decode_address || !params) return; env = params->ie.env; if (DECAF_is_in_kernel(env) && should_trace_all_kernel) goto TRACE_KERNEL; /* If tracing start condition not satisified, or not tracing return */ if ((!tracing_start_condition) || (tracepid == 0)) return; /* If not tracing kernel and kernel instruction , return */ if (DECAF_is_in_kernel(env) && !tracing_kernel()) return; /* If partially tracing kernel but did not access user memory, return */ if (DECAF_is_in_kernel(env)) { if (tracing_kernel_partial() && (!access_user_mem)) return; #ifdef CONFIG_TCG_TAINT if (tracing_kernel_tainted() && (!insn_tainted)) return; #endif } if(DECAF_getPGD(/* AWH cpu_single_*/ env) != tracecr3 && (!DECAF_is_in_kernel(env))) return; TRACE_KERNEL: /* Update the eflags */ // eh.eflags = *DECAF_cpu_eflags; #if 0 // AWH eh.eflags = compute_eflag(); #else #define DF_MASK 0x00000400 eh.eflags = env->eflags | helper_cc_compute_all(env->cc_op) | (env->df & DF_MASK); #endif // AWH //for test //check taint value after insn is executed int k, j; for (k = 0; k < eh.num_operands; k++) { if (eh.operand[k].length) set_operand_data(&(eh.operand[k]), 0); for (j = 0; j < MAX_NUM_MEMREGS; j++) { if (eh.memregs[k][j].length) set_operand_data(&(eh.memregs[k][j]), 0); } } eh.df = (/* AWH cpu_single_*/ env->df == 1) ? 0x1 : 0xff; //TODO:fix this -hu /* Clear eh.tp if inside a function hook */ // if (get_st(current_tid) > 0) eh.tp = TP_NONE; // else { /* Update eh.tp if rep instruction */ if ((eh.operand[2].usage == counter) && (eh.operand[2].tainted_begin != 0)) eh.tp = TP_REP_COUNTER; /* Updated eh.tp if sysenter */ else if ((eh.rawbytes[0] == 0x0f) && (eh.rawbytes[1] == 0x34)) eh.tp = TP_SYSENTER; //} /* Split written operands if requested */ if (conf_write_ops_at_insn_end) { update_written_operands(&eh); } /* If not writing to trace, or instruction already written, return */ if (skip_trace_write || (insn_already_written == 1)) return; /* Write the disassembled instruction to the trace */ if (tracing_tainted_only()) { #ifdef CONFIG_TCG_TAINT if (insn_tainted) write_insn(tracelog,&eh); #endif } else { if (conf_trace_only_after_first_taint) { if ((received_tainted_data == 1) && (has_page_fault == 0)) { write_insn(tracelog, &eh); } } else { if (has_page_fault == 0) write_insn(tracelog, &eh); } } /* If first trace instruction, save state if requested */ if ((tstats.insn_counter_traced == 1) && conf_save_state_at_trace_start) { char prestatename[128]; snprintf(prestatename, 128, "%s.pre", tracename_p); //TODO: fix this -hu // int err = save_state_by_cr3(tracecr3, prestatename); // if (err) { // DECAF_printf( "Could not save state"); // } } /* Record the thread ID of the first instruction in the trace, if needed */ if (tracing_single_thread_only()) { if (tid_to_trace == -1 && insn_already_written == 1) { // If tid_to_trace is not -1, we record trace only the given thread id. tid_to_trace = current_tid; } } }
void tracing_insn_end(DECAF_Callback_Params* params) { /* If not decoding, return */ if (skip_decode_address) return; /* If tracing start condition not satisified, return */ if (!tracing_start_condition) return ; /* If not tracing, return */ // This should not be needed, as if not tracing insn_end unregistered // if (tracepid == 0) // return; /* If not tracing kernel and kernel instruction, return */ // This should not be needed, as should_monitor captures this condition //if ( DECAF_is_in_kernel() && !tracing_kernel() ) // return; /* If partially tracing kernel but did not access user memory, return */ if (DECAF_is_in_kernel()) { if (tracing_kernel_partial() && (!access_user_mem)) return; #ifdef TAINT_ENABLED if (tracing_kernel_tainted() && (!insn_tainted)) return; #endif } /* Update the eflags */ eh.eflags = *DECAF_cpu_eflags; #ifndef TRACE_VERSION_50 if (eflags_idx != -1) { eh.operand[eflags_idx].value.val32 = *DECAF_cpu_eflags; } #endif eh.df = (*DECAF_cpu_df == 1)? 0x1 : 0xff; /* Clear eh.tp if inside a function hook */ if (get_st(current_tid) > 0) eh.tp = TP_NONE; else { /* Update eh.tp if rep instruction */ if ((eh.operand[2].usage == counter) && (eh.operand[2].tainted != 0)) eh.tp = TP_REP_COUNTER; /* Updated eh.tp if sysenter */ else if ((eh.rawbytes[0] == 0x0f) && (eh.rawbytes[1] == 0x34)) eh.tp = TP_SYSENTER; } /* Split written operands if requested */ if (conf_write_ops_at_insn_end) { update_written_operands (&eh); } /* If not writing to trace, or instruction already written, return */ if (skip_trace_write || (insn_already_written == 1)) return; /* Write the disassembled instruction to the trace */ if (tracing_tainted_only()) { #ifdef TAINT_ENABLED if (insn_tainted) write_insn(tracelog,&eh); #endif } else { if (conf_trace_only_after_first_taint) { if (received_tainted_data == 1) { write_insn(tracelog,&eh); } } else { write_insn(tracelog,&eh); } } /* If first trace instruction, save state if requested */ if ((tstats.insn_counter_traced == 1) && conf_save_state_at_trace_start) { char prestatename[128]; snprintf(prestatename, 128, "%s.pre", tracename_p); #ifdef STATE_VERSION_20 int err = save_state_by_cr3(tracecr3, prestatename); #else int err = save_state_by_cr3(tracecr3, prestatename, conf_save_state_at_trace_start); #endif // #ifdef STATE_VERSION_20 if (err) { monitor_printf(default_mon, "Could not save state"); } } /* Record the thread ID of the first instruction in the trace, if needed */ if (tracing_single_thread_only()) { if (tid_to_trace == -1 && insn_already_written == 1) { // If tid_to_trace is not -1, we record trace only the given thread id. tid_to_trace = current_tid; } } }