VOID onImageLoad(IMG img, VOID *data) { SYM sym; if (IMG_IsMainExecutable(img)) { bool foundStatic = false; bool foundDynamic = false; for (sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym)) { if (SYM_Name(sym).find("statdyn_app_staticFunction") != string::npos) { assert(SYM_Dynamic(sym) == false); foundStatic = true; } if (SYM_Name(sym).find("statdyn_app_dynamicFunction") != string::npos) { assert(SYM_Dynamic(sym) == true); foundDynamic = true; } } assert(foundStatic == true); assert(foundDynamic == true); } }
static VOID OnImage(IMG img, VOID *) { for (SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym)) { if (SYM_Name(sym) == "Breakpoint") { FoundBreakpointFunction = TRUE; BreakpointFunction = SYM_Address(sym); } if (SYM_Name(sym) == "BreakpointLocation") { FoundBreakpointLocation = TRUE; BreakpointLocation = SYM_Address(sym); } if (SYM_Name(sym) == "One") { FoundOneFunction = TRUE; OneFunction = SYM_Address(sym); } if (SYM_Name(sym) == "Two") { FoundTwoFunction = TRUE; TwoFunction = SYM_Address(sym); } } }
void report_sym_structure( SYM sym, int depth ) { // TODO int k = 0; for ( k = 0; k< depth ; k ++ ) TraceFile << "\t" ; TraceFile << "<SYM>"; string sym_1 = PIN_UndecorateSymbolName(SYM_Name(sym), UNDECORATION_NAME_ONLY); string sym_2 = PIN_UndecorateSymbolName(SYM_Name(sym), UNDECORATION_COMPLETE ); ADDRINT offset = SYM_Value( sym ); TraceFile << hex << offset << " sym.1:" << sym_1 << " sym.2:" << sym_2 << "</SYM>" << endl; }
static void I_ImageLoad(IMG img, void *v) { static bool main_rtn_instrumented = false; if( !main_rtn_instrumented ) { RTN rtn = RTN_FindByName(img, "main"); if( rtn == RTN_Invalid() ) { rtn = RTN_FindByName(img, "__libc_start_main"); } // Instrument main if( rtn != RTN_Invalid() ) { main_rtn_instrumented = true; RTN_Open(rtn); RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)A_EnterMainImage, IARG_INST_PTR, IARG_ADDRINT, RTN_Address(rtn), IARG_REG_VALUE, REG_STACK_PTR, IARG_END); RTN_Close(rtn); } } for( SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym) ) { if( strstr(SYM_Name(sym).c_str(), "MAID_register_address" ) ) { RTN rtn; rtn = RTN_FindByName(img, SYM_Name(sym).c_str()); ASSERTX(RTN_Valid(rtn)); RTN_Open(rtn); RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)A_RegisterAddr, IARG_G_ARG0_CALLEE, IARG_END); RTN_Close(rtn); } else if( strstr(SYM_Name(sym).c_str(), "MAID_unregister_address" ) ) { RTN rtn; rtn = RTN_FindByName(img, SYM_Name(sym).c_str()); ASSERTX(RTN_Valid(rtn)); RTN_Open(rtn); RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)A_UnregisterAddr, IARG_G_ARG0_CALLEE, IARG_END); RTN_Close(rtn); } } }
void osdep_iterate_symbols (IMG img, osdep_process_symbol proc, void *priv) { ADDRINT imaddr = IMG_StartAddress(img); for (SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym)) { proc(priv, SYM_Name(sym).c_str(), imaddr + SYM_Value(sym)); } }
VOID Image(IMG img, VOID *v) { // Walk through the symbols in the symbol table. // for (SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym)) { string undFuncName = PIN_UndecorateSymbolName(SYM_Name(sym), UNDECORATION_NAME_ONLY); // Find the RtlAllocHeap() function. if (undFuncName == "RtlAllocateHeap") { RTN allocRtn = RTN_FindByAddress(IMG_LowAddress(img) + SYM_Value(sym)); if (RTN_Valid(allocRtn)) { // Instrument to print the input argument value and the return value. RTN_Open(allocRtn); RTN_InsertCall(allocRtn, IPOINT_BEFORE, (AFUNPTR)Before, IARG_ADDRINT, "RtlAllocateHeap", IARG_FUNCARG_ENTRYPOINT_VALUE, 0, IARG_FUNCARG_ENTRYPOINT_VALUE, 1, IARG_FUNCARG_ENTRYPOINT_VALUE, 2, IARG_END); RTN_InsertCall(allocRtn, IPOINT_AFTER, (AFUNPTR)After, IARG_ADDRINT, "RtlAllocateHeap", IARG_FUNCRET_EXITPOINT_VALUE, IARG_END); RTN_Close(allocRtn); } } } }
VOID ImageLoad (IMG img, VOID *v) { outfile << "Loaded image " << IMG_Name(img) << std::endl; if (IMG_Name(img).find("bundle") == std::string::npos) return; for( SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym) ) { outfile << IMG_Name(img) << "::" << SYM_Name(sym) << std::endl; } }
RTN FindRTN(IMG img, const char *func_name) { RTN rtn = RTN_FindByName(img, func_name); if (RTN_Valid(rtn)) return rtn; // handle those symbols with version numbers. // e.g. pthread_create has global name: pthread_create@@GLIBC... std::string func_name_v(func_name); func_name_v.append("@@"); for(SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym)) { if (SYM_Name(sym).find(func_name_v) != std::string::npos) { RTN rtn = RTN_FindByAddress(SYM_Address(sym)); DEBUG_ASSERT(RTN_Valid(rtn)); return rtn; } } return RTN_Invalid(); }
static VOID tpss_instrument_module(IMG img, VOID *data) { SYM sym; std::string::size_type pos; const char *module_name = tpss_extract_mod_name_with_ext(IMG_Name(img).c_str()); if (strcmp(module_name, "kernel32.dll") == 0) { for (sym = IMG_RegsymHead(img); SYM_Valid(sym) == TRUE; sym = SYM_Next(sym)) { /* in case of availablity of symbols for system libraries PIN can provide * decorated names so we need to undecorate it first */ std::string uname(SYM_Name(sym).c_str()); pos = uname.find("@"); if (pos != std::string::npos) { uname = uname.substr(0, pos); if (uname[0] == '_') { uname = uname.substr(1, std::string::npos); } } if (strcmp("LoadLibraryW", uname.c_str()) == 0) { RTN routine = RTN_FindByName(img, "LoadLibraryW"); if (RTN_Valid(routine)) { g_LoadLibraryW_ptr = RTN_ReplaceProbed(routine, (AFUNPTR)(tpss_LoadLibraryW_ver0)); } } } free((void *)(module_name)); } }
static const char *SYM_Name_detour(SYM sym) { return strdup(SYM_Name(sym).c_str()); }
int sym_name (lua_State *L) { SYM* v1 = check_sym(L,1); string r = SYM_Name(*v1); lua_pushstring(L, r.c_str()); return 1; }