static int tracing_init(void)
{
// Setup signal handler to stop tracing
signal(SIGUSR1, stoptracing);
// SIGUSR2 is used by QEMU
// Setup signal handler to exit emulator
signal(SIGTERM, killqemu);
// Clear trace start condition buffers
procname_clear();
modname_clear();
// No Sleuthkit for now
// bzero(disk_info, sizeof(disk_info_t) * IF_COUNT * MAX_DISKS);
// qemu_pread = (qemu_pread_t)DECAF_bdrv_pread;
// Parse configuration file
int err = check_ini(ini_main_default_filename);
if (err) {
monitor_printf (default_mon, "Could not find INI file: %s\n"
"Use the command 'load_config <filename> to provide it.\n",
ini_main_default_filename);
}
return 0;
}
static void my_loadmodule_notify(VMI_Callback_Params *params) {
char *name = params->lm.name;
if (modname_is_set()) {
if (modname_match(name)
&& (decaf_plugin->monitored_cr3 == cpu_single_env->cr[3])) {
tracing_start_condition = 1;
modname_clear();
}
}
}
void tracing_block_begin(DECAF_Callback_Params* params)
{
char current_proc[512] = "";
CPUState* env = NULL;
if (params != NULL)
{
env = params->bb.env;
}
/* Get thread id (needs to be done before checking hooks) */
// TODO: Are hooks checked before or after invoking block begin handler?
current_tid = get_current_tid(env);
// Let DECAF now that we want to hook the instructions in this block
should_monitor =
(decaf_plugin->monitored_cr3 == DECAF_cpu_cr[3]) &&
(!DECAF_is_in_kernel() || tracing_kernel());
/* If not right context, return */
if (!should_monitor)
return;
/* No need to check if we are tracing, otherwise block_begin unregistered */
//if ((tracepid == 0) && (!procname_is_set()))
// return;
/* If tracing module, check if we are in traced module */
if (modname_is_set()) {
// Get current module name
tmodinfo_t *mi =
locate_module(*DECAF_cpu_eip, DECAF_cpu_cr[3], current_proc);
// Check if right module
if (mi && (modname_match(mi->name))) {
tracing_start_condition = 1;
modname_clear();
}
}
return;
}
