void tracing_insn_end(DECAF_Callback_Params* params) {
CPUState * env;
/* If not decoding, return */
if (skip_decode_address || !params)
return;
env = params->ie.env;
if (DECAF_is_in_kernel(env) && should_trace_all_kernel)
goto TRACE_KERNEL;
/* If tracing start condition not satisified, or not tracing return */
if ((!tracing_start_condition) || (tracepid == 0))
return;
/* If not tracing kernel and kernel instruction , return */
if (DECAF_is_in_kernel(env) && !tracing_kernel())
return;
/* If partially tracing kernel but did not access user memory, return */
if (DECAF_is_in_kernel(env)) {
if (tracing_kernel_partial() && (!access_user_mem))
return;
#ifdef CONFIG_TCG_TAINT
if (tracing_kernel_tainted() && (!insn_tainted))
return;
#endif
}
if(DECAF_getPGD(/* AWH cpu_single_*/ env) != tracecr3 && (!DECAF_is_in_kernel(env)))
return;
TRACE_KERNEL:
/* Update the eflags */
// eh.eflags = *DECAF_cpu_eflags;
#if 0 // AWH
eh.eflags = compute_eflag();
#else
#define DF_MASK 0x00000400
eh.eflags = env->eflags | helper_cc_compute_all(env->cc_op) |
(env->df & DF_MASK);
#endif // AWH
//for test
//check taint value after insn is executed
int k, j;
for (k = 0; k < eh.num_operands; k++) {
if (eh.operand[k].length)
set_operand_data(&(eh.operand[k]), 0);
for (j = 0; j < MAX_NUM_MEMREGS; j++) {
if (eh.memregs[k][j].length)
set_operand_data(&(eh.memregs[k][j]), 0);
}
}
eh.df = (/* AWH cpu_single_*/ env->df == 1) ? 0x1 : 0xff;
//TODO:fix this -hu
/* Clear eh.tp if inside a function hook */
// if (get_st(current_tid) > 0) eh.tp = TP_NONE;
// else {
/* Update eh.tp if rep instruction */
if ((eh.operand[2].usage == counter) && (eh.operand[2].tainted_begin != 0))
eh.tp = TP_REP_COUNTER;
/* Updated eh.tp if sysenter */
else if ((eh.rawbytes[0] == 0x0f) && (eh.rawbytes[1] == 0x34))
eh.tp = TP_SYSENTER;
//}
/* Split written operands if requested */
if (conf_write_ops_at_insn_end) {
update_written_operands(&eh);
}
/* If not writing to trace, or instruction already written, return */
if (skip_trace_write || (insn_already_written == 1))
return;
/* Write the disassembled instruction to the trace */
if (tracing_tainted_only()) {
#ifdef CONFIG_TCG_TAINT
if (insn_tainted)
write_insn(tracelog,&eh);
#endif
} else {
if (conf_trace_only_after_first_taint) {
if ((received_tainted_data == 1) && (has_page_fault == 0)) {
write_insn(tracelog, &eh);
}
} else {
if (has_page_fault == 0)
write_insn(tracelog, &eh);
}
}
/* If first trace instruction, save state if requested */
if ((tstats.insn_counter_traced == 1) && conf_save_state_at_trace_start) {
char prestatename[128];
snprintf(prestatename, 128, "%s.pre", tracename_p);
//TODO: fix this -hu
// int err = save_state_by_cr3(tracecr3, prestatename);
// if (err) {
// DECAF_printf( "Could not save state");
// }
}
/* Record the thread ID of the first instruction in the trace, if needed */
if (tracing_single_thread_only()) {
if (tid_to_trace == -1 && insn_already_written == 1) {
// If tid_to_trace is not -1, we record trace only the given thread id.
tid_to_trace = current_tid;
}
}
}
void tracing_insn_end(DECAF_Callback_Params* params)
{
/* If not decoding, return */
if (skip_decode_address)
return;
/* If tracing start condition not satisified, return */
if (!tracing_start_condition)
return ;
/* If not tracing, return */
// This should not be needed, as if not tracing insn_end unregistered
// if (tracepid == 0)
// return;
/* If not tracing kernel and kernel instruction, return */
// This should not be needed, as should_monitor captures this condition
//if ( DECAF_is_in_kernel() && !tracing_kernel() )
// return;
/* If partially tracing kernel but did not access user memory, return */
if (DECAF_is_in_kernel()) {
if (tracing_kernel_partial() && (!access_user_mem))
return;
#ifdef TAINT_ENABLED
if (tracing_kernel_tainted() && (!insn_tainted))
return;
#endif
}
/* Update the eflags */
eh.eflags = *DECAF_cpu_eflags;
#ifndef TRACE_VERSION_50
if (eflags_idx != -1) {
eh.operand[eflags_idx].value.val32 = *DECAF_cpu_eflags;
}
#endif
eh.df = (*DECAF_cpu_df == 1)? 0x1 : 0xff;
/* Clear eh.tp if inside a function hook */
if (get_st(current_tid) > 0) eh.tp = TP_NONE;
else {
/* Update eh.tp if rep instruction */
if ((eh.operand[2].usage == counter) && (eh.operand[2].tainted != 0))
eh.tp = TP_REP_COUNTER;
/* Updated eh.tp if sysenter */
else if ((eh.rawbytes[0] == 0x0f) && (eh.rawbytes[1] == 0x34))
eh.tp = TP_SYSENTER;
}
/* Split written operands if requested */
if (conf_write_ops_at_insn_end) {
update_written_operands (&eh);
}
/* If not writing to trace, or instruction already written, return */
if (skip_trace_write || (insn_already_written == 1))
return;
/* Write the disassembled instruction to the trace */
if (tracing_tainted_only()) {
#ifdef TAINT_ENABLED
if (insn_tainted)
write_insn(tracelog,&eh);
#endif
}
else {
if (conf_trace_only_after_first_taint) {
if (received_tainted_data == 1) {
write_insn(tracelog,&eh);
}
}
else {
write_insn(tracelog,&eh);
}
}
/* If first trace instruction, save state if requested */
if ((tstats.insn_counter_traced == 1) && conf_save_state_at_trace_start) {
char prestatename[128];
snprintf(prestatename, 128, "%s.pre", tracename_p);
#ifdef STATE_VERSION_20
int err =
save_state_by_cr3(tracecr3, prestatename);
#else
int err =
save_state_by_cr3(tracecr3, prestatename,
conf_save_state_at_trace_start);
#endif // #ifdef STATE_VERSION_20
if (err) {
monitor_printf(default_mon, "Could not save state");
}
}
/* Record the thread ID of the first instruction in the trace, if needed */
if (tracing_single_thread_only()) {
if (tid_to_trace == -1 && insn_already_written == 1) {
// If tid_to_trace is not -1, we record trace only the given thread id.
tid_to_trace = current_tid;
}
}
}
