Exemplo n.º 1
0
static VOID Image(IMG img, VOID *v)
{
    if (foundReplayException && foundReadyForException)
        return;

    // hook the functions in the image. If these functions are called then it means
    // that pin has not lost control.
    RTN rtn = RTN_FindByName(img, "ReplayException");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(reRaiseException), IARG_THREAD_ID, IARG_END);
        RTN_Close(rtn);
        foundReplayException = TRUE;
    }

	rtn = RTN_FindByName(img, "ReadyForExceptionFromAppMain");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ToolReadyForExceptionFromAppMain), IARG_END);
        RTN_Close(rtn);
        foundReadyForException = TRUE;
    }
}
Exemplo n.º 2
0
static VOID OnImage(IMG img, VOID *)
{
#if defined(TARGET_MAC)
    RTN rtn = RTN_FindByName(img, "_ReplaySignal1");
#else
    RTN rtn = RTN_FindByName(img, "ReplaySignal1");
#endif
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ReplayHandled), IARG_THREAD_ID, IARG_CONTEXT, IARG_END);
        RTN_Close(rtn);
    }
#if defined(TARGET_MAC)
    rtn = RTN_FindByName(img, "_ReplaySignal2");
#else
    rtn = RTN_FindByName(img, "ReplaySignal2");
#endif
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(ReplayFatal), IARG_THREAD_ID, IARG_CONTEXT, IARG_END);
        RTN_Close(rtn);
    }
}
Exemplo n.º 3
0
VOID Image(IMG img, VOID *v)
{
    // Instrument the malloc() and free() functions.  Print the input argument
    // of each malloc() or free(), and the return value of malloc().
    //
    //  Find the malloc() function.
    RTN mallocRtn = RTN_FindByName(img, MALLOC);
    if (RTN_Valid(mallocRtn))
    {
        RTN_Open(mallocRtn);

        // Instrument malloc() to print the input argument value and the return value.
        RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
                       IARG_ADDRINT, MALLOC,
                       IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
                       IARG_END);
        RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
                       IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);

        RTN_Close(mallocRtn);
    }

    // Find the free() function.
    RTN freeRtn = RTN_FindByName(img, FREE);
    if (RTN_Valid(freeRtn))
    {
        RTN_Open(freeRtn);
        // Instrument free() to print the input argument value.
        RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
                       IARG_ADDRINT, FREE,
                       IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
                       IARG_END);
        RTN_Close(freeRtn);
    }
}
Exemplo n.º 4
0
VOID Image(IMG img, VOID *v)
{

    // hook the functions in the image. If these functions are called then it means
    // that pin has not lost control.
    RTN rtn = RTN_FindByName(img, "PinVerifyInTry");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInTry), IARG_END);
        RTN_Close(rtn);
    }
    rtn = RTN_FindByName(img, "PinVerifyInCatch");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInCatch), IARG_END);
        RTN_Close(rtn);
    }
    rtn = RTN_FindByName(img, "PinVerifyAfterCatch");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyAfterCatch), IARG_END);
        RTN_Close(rtn);
    }
    rtn = RTN_FindByName(img, "PinVerifyInDestructor");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforePinVerifyInDestructor), IARG_END);
        RTN_Close(rtn);
    }
}
Exemplo n.º 5
0
VOID ImageLoad( IMG img, VOID *v )
{
	RTN rtn;
	fprintf( LogFile, "Loaded %s\r\n", IMG_Name( img ).c_str() );
	// UDP
	if ( (rtn = RTN_FindByName( img, "recvfrom" )) != RTN_Invalid() )
	{
		HookRecvFrom( img );
	}
	if ( (rtn = RTN_FindByName( img, "sendto" )) != RTN_Invalid() )
	{
		HookSendTo( img );
	}

	// TCP	
	if ( (rtn = RTN_FindByName( img, "recv" )) != RTN_Invalid() )
	{
		HookRecv( img );
	}
	if ( (rtn = RTN_FindByName( img, "send" )) != RTN_Invalid() )
	{
		HookSend( img );
	}
	/*
	Uncomment if necessary, untested though!
	if ( (rtn = RTN_FindByName( img, "WSASendTo" )) != RTN_Invalid() )
	{
		HookWSASendTo( img, (AFUNPTR)replacementWSASendTo, "WSASendTo" );
	}
	*/
}
Exemplo n.º 6
0
VOID Image(IMG img, VOID *v)
{
    RTN mmapRtn = RTN_FindByName(img, FUNC_PREFIX "mmap");
    if (RTN_Valid(mmapRtn))
    {
        RTN_Open(mmapRtn);
        RTN_InsertCall(mmapRtn, IPOINT_BEFORE, AFUNPTR(MmapArgs), IARG_RETURN_IP, IARG_G_ARG0_CALLEE, IARG_G_ARG1_CALLEE, IARG_G_ARG2_CALLEE, IARG_G_ARG3_CALLEE, IARG_G_ARG4_CALLEE, IARG_G_ARG5_CALLEE, IARG_END);
        RTN_Close(mmapRtn);
    }
    RTN foobarRtn = RTN_FindByName(img, FUNC_PREFIX "foobar");
    if (RTN_Valid(foobarRtn))
    {
        foobarAddress = RTN_Address(foobarRtn);
        
        RTN_Open(foobarRtn);
        RTN_InsertCall(foobarRtn, IPOINT_BEFORE, AFUNPTR(FoobarArgs), IARG_G_ARG0_CALLEE, IARG_G_ARG1_CALLEE, IARG_END);
        RTN_Close(foobarRtn);
    }

    RTN bazRtn = RTN_FindByName(img, FUNC_PREFIX "baz");
    if (RTN_Valid(bazRtn))
    {
        RTN_Open(bazRtn);
        RTN_InsertCall(bazRtn, IPOINT_BEFORE, AFUNPTR(BazArg), IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0, IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1, IARG_FUNCARG_ENTRYPOINT_REFERENCE, 2, IARG_END);
        RTN_Close(bazRtn);
    }

}
Exemplo n.º 7
0
VOID Image(IMG img, VOID *v)
{
    // Skip all images, but kernel32.dll
    if (!CmpBaseImageName(IMG_Name(img), "kernel32.dll"))
    {
        return;
    }

    // hook the functions in the image. If these functions are called then it means
    // that pin has not lost control.
    RTN rtn = RTN_FindByName(img, "OutputDebugStringA");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforeOutputDebugString), IARG_END);
        RTN_Close(rtn);
    }
    rtn = RTN_FindByName(img, "OutputDebugStringW");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(BeforeOutputDebugString), IARG_END);
        RTN_Close(rtn);
    }
    
}
Exemplo n.º 8
0
// Image load callback - inserts the probes.
void ImgLoad(IMG img, void *v)
{
    // Called every time a new image is loaded

    if ( (IMG_Name(img).find("libncurses.so") != string::npos) ||
         (IMG_Name(img).find("LIBNCURSES.SO") != string::npos) ||
         (IMG_Name(img).find("LIBNCURSES.so") != string::npos) )
    {
        RTN rtngetch = RTN_FindByName(img, "getch");
        if (RTN_Valid(rtngetch) && RTN_IsSafeForProbedReplacement(rtngetch))
        {
            OutFile << CurrentTime() << "Inserting probe for getch at " << RTN_Address(rtngetch) << endl;
            OutFile.flush();
            AFUNPTR fptr = (RTN_ReplaceProbed(rtngetch, AFUNPTR(mygetch)));
            fptrgetch = (int (*)())fptr;
        }

        RTN rtnmvgetch = RTN_FindByName(img, "mvgetch");
        if (RTN_Valid(rtnmvgetch) && RTN_IsSafeForProbedReplacement(rtnmvgetch))
        {
            OutFile << CurrentTime() << "Inserting probe for mvgetch at " << RTN_Address(rtnmvgetch) << endl;
            OutFile.flush();
            AFUNPTR fptr = (RTN_ReplaceProbed(rtnmvgetch, AFUNPTR(mymvgetch)));
            fptrmvgetch = (int (*)(int, int))fptr;
        }
    }
    // finished instrumentation
}
Exemplo n.º 9
0
VOID Image(IMG img, void *v)
{
    RTN rtn = RTN_FindByName(img, "ReplacedXmmRegs");
    if (RTN_Valid(rtn))
    {
        PROTO proto = PROTO_Allocate(PIN_PARG(int), CALLINGSTD_DEFAULT, "ReplacedXmmRegs", PIN_PARG_END());
        RTN_ReplaceSignature(rtn, AFUNPTR(REPLACE_ReplacedXmmRegs),
                             IARG_PROTOTYPE, proto,
                             (KnobUseIargConstContext)?IARG_CONST_CONTEXT:IARG_CONTEXT,
                             IARG_THREAD_ID,
                             IARG_ORIG_FUNCPTR,
                             IARG_END);
        PROTO_Free(proto);
        printf ("TOOL found and replaced ReplacedXmmRegs\n");
        fflush (stdout);

        RTN rtn = RTN_FindByName(img, "ExecutedAtFunc");
        if (RTN_Valid(rtn))
        {
            executeAtAddr = RTN_Address(rtn);
            printf ("TOOL found ExecutedAtFunc for later PIN_ExecuteAt\n");
            fflush (stdout);
        }

        rtn = RTN_FindByName(img, "DumpXmmRegsAtException");
        if (RTN_Valid(rtn))
        {
            dumpXmmRegsAtExceptionAddr = RTN_Address(rtn);
            printf ("TOOL found DumpXmmRegsAtException for later Exception\n");
            fflush (stdout);
        }
    }
}
Exemplo n.º 10
0
static VOID on_module_loading(IMG img, VOID *data)
{
    if (IMG_IsMainExecutable(img))
	{
		RTN routine = RTN_FindByName(img, "foo1");

		if (RTN_Valid(routine) && RTN_IsSafeForProbedReplacement(routine))
		{
            PROTO foo1_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
                                             "foo1", PIN_PARG_END() );
            AFUNPTR foo1_ptr = RTN_ReplaceSignatureProbed(routine, (AFUNPTR)foo1_rep,
                IARG_PROTOTYPE, foo1_proto,
                IARG_ORIG_FUNCPTR,
                IARG_END);
            ASSERTX(foo1_ptr != 0);
		}
        
        routine = RTN_FindByName(img, "foo2");
        if (RTN_Valid(routine) && RTN_IsSafeForProbedInsertion(routine))
        {
            PROTO foo2_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
                                              "foo2",
                                              PIN_PARG_END() );

            RTN_InsertCallProbed(routine, IPOINT_BEFORE, AFUNPTR( foo2_before ),
                                 IARG_PROTOTYPE, foo2_proto,
                                 IARG_END);

            RTN_InsertCallProbed(routine, IPOINT_AFTER, AFUNPTR( foo2_after ),
                                 IARG_PROTOTYPE, foo2_proto,
                                 IARG_END);
        }
Exemplo n.º 11
0
VOID Image(IMG img, VOID *v)
{
  RTN mallocRtn = RTN_FindByName(img, "malloc");
  RTN freeRtn = RTN_FindByName(img, "free");

  if (RTN_Valid(mallocRtn)){
    RTN_Open(mallocRtn);

    RTN_InsertCall(
        mallocRtn, 
        IPOINT_BEFORE, (AFUNPTR)callbackBeforeMalloc,
        IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
        IARG_END);

    RTN_InsertCall(
        mallocRtn, 
        IPOINT_AFTER, (AFUNPTR)callbackAfterMalloc,
        IARG_FUNCRET_EXITPOINT_VALUE, 
        IARG_END);

    RTN_Close(mallocRtn);
  }

  if (RTN_Valid(freeRtn)){
    RTN_Open(freeRtn);
    RTN_InsertCall(
        freeRtn, 
        IPOINT_BEFORE, (AFUNPTR)callbackBeforeFree,
        IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
        IARG_END);
    RTN_Close(freeRtn);
  }
}
Exemplo n.º 12
0
/*
 * Instrumentation-time routine looking for the routine we'd like to instrument.
 */
static VOID ImageLoad(IMG img, VOID * v)
{
    if (IMG_IsMainExecutable(img))
    {
        *outFile << "In main application image" << endl;
        // Search for the assembly routine in the application
        RTN AsmRtn = RTN_FindByName(img, "operImmCmds");
        if (!RTN_Valid(AsmRtn))
        {
            AsmRtn = RTN_FindByName(img, "_operImmCmds");
        }
        if (RTN_Valid(AsmRtn))
        {
            *outFile << "Function operImmCmds found" << endl;
            RTN_Open(AsmRtn);
            // Go over each of the routine's instructions
            for (INS ins = RTN_InsHead(AsmRtn); INS_Valid(ins); ins = INS_Next(ins))
            {
                Instruction(ins, 0);
            }
            RTN_Close(AsmRtn);
            *outFile << "Done with function operImmCmds" << endl;
        }
        else
        {
            *outFile << "Function operImmCmds not found!" << endl;
        }
    }
}
Exemplo n.º 13
0
    /* Image instrumentation */
    static void IMG_Instrumentation(IMG img, void *v) {
      /* Lock / Unlock the Analysis from a Entry point */
      if (tracer::pintool::options::startAnalysisFromEntry) {
        tracer::pintool::options::startAnalysisFromEntry = false;
        /* IMG_LoadOffset(img) + IMG_Entry(img) for PIE binaries (see #524) */
        tracer::pintool::options::startAnalysisFromAddress.insert(IMG_LoadOffset(img) + IMG_Entry(img));
      }

      /* Lock / Unlock the Analysis from a symbol */
      if (tracer::pintool::options::startAnalysisFromSymbol != nullptr){

        RTN targetRTN = RTN_FindByName(img, tracer::pintool::options::startAnalysisFromSymbol);
        if (RTN_Valid(targetRTN)) {
          RTN_Open(targetRTN);

          RTN_InsertCall(targetRTN,
              IPOINT_BEFORE,
              (AFUNPTR) toggleWrapper,
              IARG_BOOL, true,
              IARG_END);

          RTN_InsertCall(targetRTN,
              IPOINT_AFTER,
              (AFUNPTR) toggleWrapper,
              IARG_BOOL, false,
              IARG_END);

          RTN_Close(targetRTN);
        }
      }

      /* Callback on routine entry */
      std::map<const char *, PyObject *>::iterator it;
      for (it = tracer::pintool::options::callbackRoutineEntry.begin(); it != tracer::pintool::options::callbackRoutineEntry.end(); it++) {
        RTN targetRTN = RTN_FindByName(img, it->first);
        if (RTN_Valid(targetRTN)){
          RTN_Open(targetRTN);
          RTN_InsertCall(targetRTN, IPOINT_BEFORE, (AFUNPTR)callbackRoutineEntry, IARG_CONTEXT, IARG_THREAD_ID, IARG_PTR, it->second, IARG_END);
          RTN_Close(targetRTN);
        }
      }

      /* Callback on routine exit */
      for (it = tracer::pintool::options::callbackRoutineExit.begin(); it != tracer::pintool::options::callbackRoutineExit.end(); it++) {
        RTN targetRTN = RTN_FindByName(img, it->first);
        if (RTN_Valid(targetRTN)){
          RTN_Open(targetRTN);
          RTN_InsertCall(targetRTN, IPOINT_AFTER, (AFUNPTR)callbackRoutineExit, IARG_CONTEXT, IARG_THREAD_ID, IARG_PTR, it->second, IARG_END);
          RTN_Close(targetRTN);
        }
      }

      /*
       * Callback when a new image is loaded.
       * This callback must be called even outside the range analysis.
       */
      if (IMG_Valid(img))
        tracer::pintool::callbackImageLoad(img);
    }
Exemplo n.º 14
0
static VOID ImageLoad(IMG img, VOID *v)
{
    static UINT32 mallocCount = 0;

    PROTO protoMalloc = PROTO_Allocate(PIN_PARG(void *), CALLINGSTD_DEFAULT,
        "malloc", PIN_PARG(size_t), PIN_PARG_END());

    RTN rtnMalloc = RTN_FindByName(img, "malloc");
    if (RTN_Valid(rtnMalloc))
    {
        TraceFile << "probing malloc #" << mallocCount << " in " << IMG_Name(img) << std::endl;

        RTN_ReplaceSignatureProbed(rtnMalloc, AFUNPTR(MallocProbe),
            IARG_PROTOTYPE, protoMalloc,
            IARG_ORIG_FUNCPTR,
            IARG_UINT32, static_cast<UINT32>(mallocCount),
            IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
#if defined(TARGET_IPF)
            IARG_REG_VALUE, REG_TP,
#else
            IARG_ADDRINT, static_cast<ADDRINT>(0),
#endif
            IARG_END);

        mallocCount++;
    }

    PROTO_Free(protoMalloc);


    static UINT32 freeCount = 0;

    PROTO protoFree = PROTO_Allocate(PIN_PARG(void), CALLINGSTD_DEFAULT,
        "free", PIN_PARG(void *), PIN_PARG_END());

    RTN freeRtn = RTN_FindByName(img, "free");
    if (RTN_Valid(freeRtn))
    {
        TraceFile << "probing free #" << freeCount << " in " << IMG_Name(img) << std::endl;

        RTN_ReplaceSignatureProbed(freeRtn, AFUNPTR(FreeProbe),
            IARG_PROTOTYPE, protoFree,
            IARG_ORIG_FUNCPTR,
            IARG_UINT32, static_cast<UINT32>(freeCount),
            IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
#if defined(TARGET_IPF)
            IARG_REG_VALUE, REG_TP,
#else
            IARG_ADDRINT, static_cast<ADDRINT>(0),
#endif
            IARG_END);

        freeCount++;
    }

    PROTO_Free(protoFree);
}
Exemplo n.º 15
0
VOID Image(IMG img, VOID *)
{
    RTN rtn = RTN_FindByName(img, NAME("NotTraced"));
    if (RTN_Valid(rtn))
        AddrNotTraced = RTN_Address(rtn);

    rtn = RTN_FindByName(img, NAME("IsTraced"));
    if (RTN_Valid(rtn))
        AddrIsTraced = RTN_Address(rtn);
}
Exemplo n.º 16
0
VOID Image(IMG img, VOID *v)
{
	// TraceFile << "Loading" << IMG_Name(img) << ", Image id = " << IMG_Id(img) << endl;

    /* Find main. We won't do anything before main starts. */
    RTN rtn = RTN_FindByName(img, "main");
    if(RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, (AFUNPTR)callBeforeMain, IARG_END);
        RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)callAfterMain, IARG_END);
        RTN_Close(rtn);
    }

    // Instrument the malloc() and free() functions.  Print the input argument
    // of each malloc() or free(), and the return value of malloc().
    //
    //  Find the malloc() function.
    RTN mallocRtn = RTN_FindByName(img, MALLOC);
    if (RTN_Valid(mallocRtn))
    {
        RTN_Open(mallocRtn);
	
		// const char * imageName = StripPath(IMG_Name(SEC_Img(RTN_Sec(mallocRtn))).c_str());

        // Instrument malloc() to print the input argument value and the return value.
        RTN_InsertCall(mallocRtn, IPOINT_BEFORE, (AFUNPTR)MallocBefore,
                        IARG_ADDRINT, MALLOC,
                        IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
					//    IARG_ADDRINT, imageName,	
                       IARG_END);
        // RTN_InsertCall(mallocRtn, IPOINT_AFTER, (AFUNPTR)MallocAfter,
        //                 IARG_FUNCRET_EXITPOINT_VALUE, IARG_END);

        RTN_Close(mallocRtn);
    }

    // Find the free() function.
	/**
    RTN freeRtn = RTN_FindByName(img, FREE);
    if (RTN_Valid(freeRtn))
    {
        RTN_Open(freeRtn);
        // Instrument free() to print the input argument value.
        RTN_InsertCall(freeRtn, IPOINT_BEFORE, (AFUNPTR)Arg1Before,
                       IARG_ADDRINT, FREE,
                       IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
                       IARG_END);
        RTN_Close(freeRtn);
    }
	*/
}
Exemplo n.º 17
0
/*
 * ImageLoad
 * Replace native malloc, realloc, free functions with my custum functions
 * so that I can get mem allocation informations.
 */
VOID ImageLoad(IMG img, VOID *v)
{
    RTN mallocRtn = RTN_FindByName(img, "malloc");
    if (RTN_Valid(mallocRtn))
    {
        PROTO proto_malloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
                                             "malloc", PIN_PARG(size_t), PIN_PARG_END() );

        RTN_ReplaceSignature(
            mallocRtn, AFUNPTR( Malloc ),
            IARG_PROTOTYPE, proto_malloc,
            IARG_CONTEXT,
            IARG_ORIG_FUNCPTR,
            IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
            IARG_CALL_ORDER, CALL_ORDER_FIRST,
            IARG_END);
    }

    RTN reallocRtn = RTN_FindByName(img, "realloc");
    if (RTN_Valid(reallocRtn))
    {
        PROTO proto_realloc = PROTO_Allocate( PIN_PARG(void *), CALLINGSTD_DEFAULT,
                                             "realloc", PIN_PARG(void *), PIN_PARG(size_t), PIN_PARG_END() );

        RTN_ReplaceSignature(
            reallocRtn, AFUNPTR( Realloc ),
            IARG_PROTOTYPE, proto_realloc,
            IARG_CONTEXT,
            IARG_ORIG_FUNCPTR,
            IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
            IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
            IARG_CALL_ORDER, CALL_ORDER_FIRST+1,
            IARG_END);
    }

    RTN freeRtn = RTN_FindByName(img, "free");
    if (RTN_Valid(freeRtn))
    {
        PROTO proto_free = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
                                           "free", PIN_PARG(void *), PIN_PARG_END() );

        RTN_ReplaceSignature(
            freeRtn, AFUNPTR( Free ),
            IARG_PROTOTYPE, proto_free,
            IARG_CONTEXT,
            IARG_ORIG_FUNCPTR,
            IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
            IARG_CALL_ORDER, CALL_ORDER_FIRST+2,
            IARG_END);
    }
}
Exemplo n.º 18
0
static VOID OnImage(IMG img, VOID *)
{
#if defined(TARGET_MAC)
    RTN rtn = RTN_FindByName(img, "_MakeSegv");
#else
    RTN rtn = RTN_FindByName(img, "MakeSegv");
#endif
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(DoSafeCopy), IARG_END);
        RTN_Close(rtn);
    }
}
Exemplo n.º 19
0
static void 
I_ImageLoad(IMG img, void *v) 
{
  static bool main_rtn_instrumented = false;

  if( !main_rtn_instrumented ) {
    RTN rtn = RTN_FindByName(img, "main");
    if( rtn == RTN_Invalid() ) {
      rtn = RTN_FindByName(img, "__libc_start_main");      
    }
    // Instrument main
    if( rtn != RTN_Invalid() ) {
      main_rtn_instrumented = true;
      RTN_Open(rtn);
      RTN_InsertCall(rtn, IPOINT_BEFORE,
		     (AFUNPTR)A_EnterMainImage,
		     IARG_INST_PTR,
		     IARG_ADDRINT, RTN_Address(rtn),
		     IARG_REG_VALUE, REG_STACK_PTR,
		     IARG_END);
      RTN_Close(rtn);
    }
  }

  for( SYM sym = IMG_RegsymHead(img); SYM_Valid(sym); sym = SYM_Next(sym) ) {
    if( strstr(SYM_Name(sym).c_str(), "MAID_register_address" ) ) {
      RTN rtn;
      rtn = RTN_FindByName(img, SYM_Name(sym).c_str());
      ASSERTX(RTN_Valid(rtn));

      RTN_Open(rtn);
      RTN_InsertCall(rtn, IPOINT_BEFORE,
                     (AFUNPTR)A_RegisterAddr,
                     IARG_G_ARG0_CALLEE,
                     IARG_END);
      RTN_Close(rtn);
    } else if( strstr(SYM_Name(sym).c_str(), "MAID_unregister_address" ) ) {
      RTN rtn;
      rtn = RTN_FindByName(img, SYM_Name(sym).c_str());
      ASSERTX(RTN_Valid(rtn));
      RTN_Open(rtn);
      RTN_InsertCall(rtn, IPOINT_BEFORE,
		     (AFUNPTR)A_UnregisterAddr,
		     IARG_G_ARG0_CALLEE,
		     IARG_END);
      RTN_Close(rtn);
    }
  }

}
Exemplo n.º 20
0
static VOID OnImage(IMG img, VOID *)
{
#if defined(TARGET_MAC)
    RTN rtn = RTN_FindByName(img, "_HandlerIsEstablished");
#else
    RTN rtn = RTN_FindByName(img, "HandlerIsEstablished");
#endif
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(Check), IARG_THREAD_ID, IARG_END);
        RTN_Close(rtn);
    }
}
Exemplo n.º 21
0
static VOID on_module_loading(IMG img, VOID *data)
{
    if (IMG_IsMainExecutable(img))
	{
		RTN routine = RTN_FindByName(img, "foo");
		if (!RTN_Valid(routine))
		{
            routine = RTN_FindByName(img, "_foo");
        }

		if (RTN_Valid(routine))
		{
			foo_ptr = RTN_ReplaceProbed(routine, (AFUNPTR)(foo_rep));
		}
	}
}
Exemplo n.º 22
0
static VOID on_module_loading(IMG img, VOID *data)
{
    RTN routine = RTN_FindByName(img, "baserel_in_probe");
    if (!RTN_Valid(routine))
    {
        routine = RTN_FindByName(img, "_baserel_in_probe");
    }

    if (RTN_Valid(routine))
    {
        if (!RTN_IsSafeForProbedInsertion(routine) && !RTN_IsSafeForProbedReplacement(routine))
        {
            printf("failed to set probe\n");
        }
    }
}
Exemplo n.º 23
0
// Hooks
VOID HookUDP( const IMG img, const AFUNPTR replacement, const char *functionName )
{
	std::cerr << "Found " << functionName << "..." << endl;
	RTN rtn = RTN_FindByName(img, functionName );

	PROTO proto = 
		PROTO_Allocate( PIN_PARG(WINDOWS::INT),		// retval
				CALLINGSTD_STDCALL,
				functionName,
				PIN_PARG(WINDOWS::SOCKET),			// s,
				PIN_PARG(WINDOWS::CHAR *),			// buf,
				PIN_PARG(WINDOWS::INT),				// len
				PIN_PARG(WINDOWS::INT),				// flags
				PIN_PARG(WINDOWS::SOCKADDR *),		// from|to,
				PIN_PARG(WINDOWS::INT *),			// fromlen|tolen,
				PIN_PARG_END()
				);

	RTN_ReplaceSignature(rtn, replacement,
			IARG_PROTOTYPE, proto,
			IARG_ORIG_FUNCPTR,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 3,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 4,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 5,
			IARG_CONTEXT,
			IARG_PTR, functionName,
			IARG_END
			);
	std::cerr << "Replaced " << RTN_Name( rtn ) << " and stuff. " << endl;
	PROTO_Free(proto);
}
Exemplo n.º 24
0
VOID HookTCP( const IMG img, const AFUNPTR replacement, const char *functionName )
{
	fprintf(LogFile, "Found %s...\r\n", functionName );
	std::cerr << "Found " << functionName << "..." << endl;

	// hook 
	RTN rtn = RTN_FindByName( img, functionName );

	PROTO proto = 
		PROTO_Allocate( PIN_PARG(WINDOWS::INT),
				CALLINGSTD_STDCALL,
				functionName,
				PIN_PARG(WINDOWS::SOCKET),			// s,
				PIN_PARG(WINDOWS::CHAR *),			// buf,
				PIN_PARG(WINDOWS::INT),				// len
				PIN_PARG(WINDOWS::INT),				// flags
				PIN_PARG_END()
				);
	
	RTN_ReplaceSignature( rtn, replacement,
			IARG_PROTOTYPE, proto,
			IARG_ORIG_FUNCPTR,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 2,
			IARG_FUNCARG_ENTRYPOINT_VALUE, 3,
			IARG_CONTEXT,
			IARG_PTR, functionName,
			IARG_END
			);

	PROTO_Free( proto );
}
Exemplo n.º 25
0
VOID AddPthreadsCallbacks(IMG img) {
    RTN rtn;
    rtn = RTN_FindByName(img, "pthread_join");
    if (RTN_Valid(rtn)) {
        cerr << IMG_Name(img) << ": pthread_join" << endl;

        RTN_Open(rtn);
        RTN_InsertCall(rtn,
                       IPOINT_BEFORE,
                       AFUNPTR(PTHREAD_beforeJoin),
                       IARG_THREAD_ID,
                       IARG_FUNCARG_ENTRYPOINT_VALUE,
                       0,
                       IARG_CALL_ORDER,
                       CALL_ORDER_FIRST,
                       IARG_END);
        RTN_InsertCall(rtn,
                       IPOINT_AFTER,
                       AFUNPTR(PTHREAD_afterJoin),
                       IARG_THREAD_ID,
                       IARG_CALL_ORDER,
                       CALL_ORDER_LAST,
                       IARG_END);
        RTN_Close(rtn);
    }
}
Exemplo n.º 26
0
/* This function is invoked from Dytan. Modify this function to
 * specify custom function wrappers
 */
void taint_routines(IMG img, void *v)
{
	RTN rtn = RTN_FindByName(img, "main");
    if (RTN_Valid(rtn)) {

		printf("instrument main function\n");
        RTN_Open(rtn);
        /* This function call inserts main_wrapper_func before the
         * function main is executed. Since main takes two parameters,
         * we have supplied two pairs of
         * IARG_FUNCARG_ENTRYPOINT_REFERENCE, <number>
         */
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(main_wrapper_func),
                IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0,
                IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1,
                IARG_END);
        RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(main_wrapper_func_end),
                IARG_END);
        RTN_Close(rtn);
    }
/*
	else if (rtn_name == taint_function[1]) {
		RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_AFTER, AFUNPTR(main_wrapper_func2),
				IARG_FUNCARG_CALLSITE_VALUE, 4,
                IARG_END);
        RTN_Close(rtn);
    }
*/
}
Exemplo n.º 27
0
VOID ImageLoad(IMG img, VOID *v)
{
    RTN exitRtn = RTN_FindByName(img, "_exit");
    if (RTN_Valid(exitRtn) && RTN_IsSafeForProbedReplacement(exitRtn))
    {
        origExit = (EXITFUNCPTR) RTN_ReplaceProbed(exitRtn, AFUNPTR(ExitInProbeMode));
    }
    else
    {
        exitRtn = RTN_FindByName(img, "exit");    
        if (RTN_Valid(exitRtn) && RTN_IsSafeForProbedReplacement(exitRtn))
        {
            origExit = (EXITFUNCPTR) RTN_ReplaceProbed(exitRtn, AFUNPTR(ExitInProbeMode));
        }
    }
}
Exemplo n.º 28
0
static VOID Image(IMG img, VOID *v)
{
    RTN rtn = RTN_FindByName(img, watch_rtn);

    if (!RTN_Valid(rtn))
    {
        return;
    }
    printf("Instrumenting %s at %p\n", watch_rtn, reinterpret_cast<void *>(RTN_Address(rtn)));
    RTN_Open(rtn);
    INS ins = RTN_InsHeadOnly(rtn);
    ASSERTX (INS_Valid(ins));
    // version_reg is used to select the version, use the first
    // argument of watch_rtn to set it
    INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(select_version),
                   IARG_FUNCARG_ENTRYPOINT_VALUE, 0,
                   IARG_REG_VALUE, version_reg,
                   IARG_RETURN_REGS, version_reg,
                   IARG_END);
    // Note that the version instrumentation will occur before any
    // instrumentation done on this ins from Trace or Instruction 
    // instrumentation time callbacks
    INS_InsertVersionCase(ins, version_reg, 10, VERSION_1, IARG_END);
    INS_InsertVersionCase(ins, version_reg, 20, VERSION_2, IARG_END);
    RTN_Close(rtn);
}
Exemplo n.º 29
0
static VOID OnImage(IMG img, VOID *)
{
    RTN rtn = RTN_FindByName(img, "PIN_TEST_FOO");
    if (RTN_Valid(rtn))
    {
        RTN_Open(rtn);
        RTN_InsertCall(rtn, IPOINT_BEFORE, AFUNPTR(OnFoo), IARG_CONTEXT, IARG_THREAD_ID, IARG_END);
        RTN_Close(rtn);
    }

    rtn = RTN_FindByName(img, "PIN_TEST_BAR");
    if (RTN_Valid(rtn))
    {
        BarAddr = RTN_Address(rtn);
        FoundBar = TRUE;
    }
}
Exemplo n.º 30
0
VOID ImageLoad(IMG img, VOID *v)
{
    RTN rtn = RTN_FindByName(img, "TestIargPreserveInReplacement");

    if (RTN_Valid(rtn))
    {
        printf ("found TestIargPreserveInReplacement\n");
        fflush (stdout);
        PROTO proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
                                      "TestIargPreserveInReplacementProto", PIN_PARG_END() );
        REGSET regsFP;
        REGSET_Clear(regsFP);
        REGSET_Insert (regsFP, REG_X87);
        RTN_ReplaceSignature(
            rtn, AFUNPTR(TestIargPreserveReplacement),
            IARG_PROTOTYPE, proto,
            IARG_CONTEXT,
            IARG_ORIG_FUNCPTR,
            IARG_PRESERVE, &regsFP,
            IARG_END);
        PROTO_Free( proto );
    }


    rtn = RTN_FindByName(img, "TestIargPreserveInReplacement1");

    if (RTN_Valid(rtn))
    {
        printf ("found TestIargPreserveInReplacement1\n");
        fflush (stdout);
        PROTO proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT,
                                      "TestIargPreserveInReplacementProto", PIN_PARG_END() );

        RTN_ReplaceSignature(
            rtn, AFUNPTR(TestIargPreserveReplacement1),
            IARG_PROTOTYPE, proto,
            IARG_CONTEXT,
            IARG_ORIG_FUNCPTR,
            IARG_END);
        PROTO_Free( proto );
    }

}