void get_prog_point(CPUState* cpu, prog_point *p) { CPUArchState* env = (CPUArchState*)cpu->env_ptr; if (!p) return; // Get address space identifier target_ulong asid = panda_current_asid(ENV_GET_CPU(env)); // Lump all kernel-mode CR3s together if(!in_kernelspace(env)) p->cr3 = asid; // Try to get the caller int n_callers = 0; n_callers = get_callers(&p->caller, 1, cpu); if (n_callers == 0) { #ifdef TARGET_I386 // fall back to EBP on x86 int word_size = (env->hflags & HF_LMA_MASK) ? 8 : 4; panda_virtual_memory_rw(cpu, env->regs[R_EBP]+word_size, (uint8_t *)&p->caller, word_size, 0); #endif #ifdef TARGET_ARM p->caller = env->regs[14]; // LR #endif } p->pc = cpu->panda_guest_pc; }
int mem_callback(CPUState *env, target_ulong pc, target_ulong addr, target_ulong size, void *buf, bool is_write, std::map<prog_point,string_pos> &text_tracker) { prog_point p = {}; get_prog_point(env, &p); string_pos &sp = text_tracker[p]; for (unsigned int i = 0; i < size; i++) { uint8_t val = ((uint8_t *)buf)[i]; for(int str_idx = 0; str_idx < num_strings; str_idx++) { if (tofind[str_idx][sp.val[str_idx]] == val) sp.val[str_idx]++; else sp.val[str_idx] = 0; if (sp.val[str_idx] == strlens[str_idx]) { // Victory! printf("%s Match of str %d at: instr_count=%lu : " TARGET_FMT_lx " " TARGET_FMT_lx " " TARGET_FMT_lx "\n", (is_write ? "WRITE" : "READ"), str_idx, rr_get_guest_instr_count(), p.caller, p.pc, p.cr3); matches[p].val[str_idx]++; sp.val[str_idx] = 0; // Also get the full stack here fullstack f = {0}; f.n = get_callers(f.callers, 16, env); f.pc = p.pc; f.asid = p.cr3; matchstacks[p] = f; // call the i-found-a-match registered callbacks here PPP_RUN_CB(on_ssm, env, pc, addr, tofind[str_idx], strlens[str_idx], is_write) } } }