/** * A call handler can invoke this function to register a return handler. * XXX: We assume that the passed execution state corresponds to the state in which * this instance of FunctionMonitorState is used. */ void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig) { if(sig.empty()) { return; } uint32_t sp; #ifdef TARGET_ARM bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[13]), &sp, sizeof(target_ulong)); #elif defined(TARGET_I386) bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]), &sp, sizeof(target_ulong)); #else assert(false); #endif uint64_t pid = state->getPid(); if (m_plugin->m_monitor) { pid = m_plugin->m_monitor->getPid(state, state->getPc()); } if(!ok) { m_plugin->s2e()->getWarningsStream(state) << "Function call with symbolic SP!" << std::endl << " PC=" << hexval(state->getPc()) << " PID=" << hexval(pid) << std::endl; return; } ReturnDescriptor descriptor = {pid, sig }; m_returnDescriptors.insert(std::make_pair(sp, descriptor)); }
/** * A call handler can invoke this function to register a return handler. * XXX: We assume that the passed execution state corresponds to the state in which * this instance of FunctionMonitorState is used. */ void FunctionMonitorState::registerReturnSignal(S2EExecutionState *state, FunctionMonitor::ReturnSignal &sig) { if(sig.empty()) { return; } uint32_t esp; bool ok = state->readCpuRegisterConcrete(CPU_OFFSET(regs[R_ESP]), &esp, sizeof(target_ulong)); if(!ok) { m_plugin->s2e()->getWarningsStream(state) << "Function call with symbolic ESP!" << std::endl << " EIP=" << hexval(state->getPc()) << " CR3=" << hexval(state->getPid()) << std::endl; return; } uint64_t pid = state->getPid(); if (m_plugin->m_monitor) { pid = m_plugin->m_monitor->getPid(state, state->getPc()); } ReturnDescriptor descriptor = {pid, sig }; m_returnDescriptors.insert(std::make_pair(esp, descriptor)); }