forked from Trietptm-on-Security/tracer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
symbol.c
executable file
·121 lines (102 loc) · 3.62 KB
/
symbol.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
* _______
* |__ __|
* | |_ __ __ _ ___ ___ _ __
* | | '__/ _` |/ __/ _ \ '__|
* | | | | (_| | (_| __/ |
* |_|_| \__,_|\___\___|_|
*
* Written by Dennis Yurichev <dennis(a)yurichev.com>, 2013
*
* This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
* To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/.
*
*/
#include "symbol.h"
#include "dmalloc.h"
#include "tracer.h"
#include "utils.h"
#include "one_time_INT3_BP.h"
#include "oassert.h"
#include "ostrings.h"
#include "opts.h"
#include "memorycache.h"
static symbol *create_symbol (symbol_type t, char *n)
{
symbol *rt=DCALLOC (symbol, 1, "symbol");
rt->t=t;
rt->skip_on_tracing=Fuzzy_Undefined;
rt->name=DSTRDUP(n, "name");
return rt;
};
void add_symbol (address a, char *name, add_symbol_params *params)
{
module *m=params->m;
rbtree *symtbl=m->symbols;
oassert(symtbl && "symbols=NULL in module");
MemoryCache *mc=params->mc;
if (one_time_int3_bp_re && params->t==SYM_TYPE_PE_EXPORT && module_adr_in_executable_section (m, a))
{
strbuf sb=STRBUF_INIT;
strbuf_addstr (&sb, get_module_name(m));
strbuf_addc (&sb, '!');
strbuf_addstr (&sb, name);
if (regexec (one_time_int3_bp_re, sb.buf, 0, NULL, 0)==0)
set_onetime_INT3_BP(a, params->p, m, name, mc);
strbuf_deinit (&sb);
};
if (dump_seh && string_is_ends_with (name, "security_cookie"))
{
m->security_cookie_adr=a;
m->security_cookie_adr_known=true;
if (symbol_c_debug)
L ("%s() got address of security_cookie (0x" PRI_REG_HEX ") for %s!%s\n", __FUNCTION__, a, get_module_name(m), name);
};
bool dump_symbol=false;
if (dump_all_symbols_re)
{
strbuf sb=STRBUF_INIT;
strbuf_addstr (&sb, get_module_name(m));
strbuf_addc (&sb, '!');
strbuf_addstr (&sb, name);
if (regexec (dump_all_symbols_re, sb.buf, 0, NULL, 0)==0)
dump_symbol=true;
strbuf_deinit (&sb);
};
if (dump_symbol || (dump_all_symbols_re==NULL && dump_all_symbols))
{
dump_PID_if_need(params->p);
L("New symbol. Module=[%s], address=[0x" PRI_ADR_HEX "], name=[%s]\n", get_module_name(m), a, name);
};
symbol *new_sym=create_symbol(params->t, name);
symbol *first_sym=(symbol*)rbtree_lookup(symtbl, (void*)a);
if (first_sym)
new_sym->next=first_sym; // insert at beginning of list
rbtree_insert(symtbl, (void*)a, (void*)new_sym);
};
bool symbol_skip_on_tracing(module *m, symbol *s)
{
if (m->skip_all_symbols_in_module_on_trace)
return true;
if (s->skip_on_tracing==Fuzzy_False)
return false;
if (s->skip_on_tracing==Fuzzy_True)
return true;
// run regexp, etc
int j;
trace_skip_element * i;
for (i=trace_skip_options, j=0; i; i=i->next, j++)
{
if (regexec (&i->re_path, m->path, 0, NULL, 0)==0)
if (regexec (&i->re_module, get_module_name(m), 0, NULL, 0)==0)
if (regexec (&i->re_function, s->name, 0, NULL, 0)==0)
{
L ("Symbol %s!%s!%s will be skipped during tracing\n", m->path, get_module_name(m), s->name);
s->skip_on_tracing=Fuzzy_True;
return true;
};
};
s->skip_on_tracing=Fuzzy_False;
return false;
};
/* vim: set expandtab ts=4 sw=4 : */