int
main(int argc, char *argv[], char *envp[])
{
RSIM_Linux32 sim;
int n = sim.configure(argc, argv, envp);
sim.install_callback(new RSIM_Tools::UnhandledInstruction);
/**************************************************************************************************************************
* Debugging callbacks...
**************************************************************************************************************************/
#if 0
/* Parse the ELF container so we can get to the symbol table. */
char *rose_argv[4];
rose_argv[0] = argv[0];
rose_argv[1] = strdup("-rose:read_executable_file_format_only");
rose_argv[2] = argv[n];
rose_argv[3] = NULL;
SgProject *project = frontend(3, rose_argv);
/* Disassemble when we hit main() */
rose_addr_t disassemble_va = RSIM_Tools::FunctionFinder().address(project, "main");
assert(disassemble_va>0);
sim.install_callback(new RSIM_Tools::MemoryDisassembler(disassemble_va));
/* Print a stack trace and memory dump for every system call */
struct SyscallStackTrace: public RSIM_Callbacks::SyscallCallback {
virtual SyscallStackTrace *clone() {
return this;
}
virtual bool operator()(bool enabled, const Args &args) {
if (enabled) {
RTS_Message *trace = args.thread->tracing(TRACE_SYSCALL);
args.thread->report_stack_frames(trace, "Stack frames for following system call:");
args.thread->get_process()->mem_showmap(trace, "Memory map for following system call:", " ");
}
return enabled;
}
};
sim.get_callbacks().add_syscall_callback(RSIM_Callbacks::BEFORE, new SyscallStackTrace);
#endif
/***************************************************************************************************************************
* The main program...
***************************************************************************************************************************/
sim.exec(argc-n, argv+n);
sim.install_callback(new MemoryTransactionTester(sim.get_process()->get_ep_orig_va()), RSIM_Callbacks::BEFORE, true);
// sim.activate();
sim.main_loop();
// sim.deactivate();
sim.describe_termination(stderr);
sim.terminate_self(); // probably doesn't return
return 0;
}
// Main program is almost standard RSIM boilerplate. The only thing we add is the instantiation and installation of the
// SymbolicBombDetector callback.
int
main(int argc, char *argv[], char *envp[])
{
RSIM_Linux32 sim;
sim.install_callback(new RSIM_Tools::UnhandledInstruction);
int n = sim.configure(argc, argv, envp);
sim.exec(argc-n, argv+n);
sim.install_callback(new IntervalAnalysis(sim.get_process()->get_ep_start_va()), RSIM_Callbacks::BEFORE, true);
sim.main_loop();
sim.describe_termination(stderr);
sim.terminate_self();
return 0;
}
int
main(int argc, char *argv[], char *envp[])
{
std::ios::sync_with_stdio();
// Parse command-line switches understood by MultiWithConversion and leave the rest for the simulator.
rose_addr_t target_va = 0; // analysis address (i.e., the "arbitrary offset"). Zero implies the program's OEP
for (int i=1; i<argc; ++i) {
if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h") || !strcmp(argv[i], "-?")) {
std::cout <<"usage: " <<argv[0] <<" [--target=ADDRESS] [SIMULATOR_SWITCHES] SPECIMEN [SPECIMEN_ARGS...]\n";
exit(0);
} else if (!strncmp(argv[i], "--target=", 9)) {
target_va = strtoull(argv[i]+9, NULL, 0);
memmove(argv+i, argv+i+1, (argc-- -i)*sizeof(*argv)); // argv has argc+1 elements
--i;
} else {
break;
}
}
// Our instruction callback. We can't set its trigger address until after we load the specimen, but we want to register
// the callback with the simulator before we create the first thread.
SemanticController semantic_controller;
// All of this (except the part where we register our SemanticController) is standard boilerplate and documented in
// the first page of doxygen.
RSIM_Linux32 sim;
sim.install_callback(new RSIM_Tools::UnhandledInstruction); // needed by some versions of ld-linux.so
sim.install_callback(&semantic_controller); // it mustn't be destroyed while the simulator's running
int n = sim.configure(argc, argv, envp);
sim.exec(argc-n, argv+n);
// Register our instruction callback and tell it to trigger at the specimen's original entry point (OEP). This will cause
// our analysis to run as soon as the dynamic linker is finished. We don't know the OEP until after the sim.exec() call
// that loads the specimen into memory, so by time we can register our callback, the RSIM_Process has copied
rose_addr_t trigger_va = sim.get_process()->get_ep_orig_va();
semantic_controller.arm(trigger_va, 0==target_va ? trigger_va : target_va);
//sim.activate();
sim.main_loop();
//sim.deactivate();
sim.describe_termination(stderr);
sim.terminate_self(); // probably doesn't return
return 0;
}