static VOID InstrumentInstruction(INS ins, VOID *)
{
if (INS_IsPredicated(ins))
{
INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)returnArg, IARG_EXECUTING, IARG_END);
INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)increment, IARG_ADDRINT, ADDRINT(&predicatedTrueCount), IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)add, IARG_ADDRINT, ADDRINT(&predicatedTrueCountArg),
IARG_EXECUTING, IARG_END);
// CountOp = TRUE;
}
if (INS_HasRealRep(ins))
{
INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)returnArg, IARG_FIRST_REP_ITERATION, IARG_END);
INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)increment, IARG_ADDRINT, ADDRINT(&firstRepCount), IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)add, IARG_ADDRINT, ADDRINT(&firstRepCountArg),
IARG_FIRST_REP_ITERATION, IARG_END);
}
if (INS_IsBranch(ins))
{
UINT32 op = INS_Opcode(ins);
INS_InsertIfCall(ins, IPOINT_BEFORE, (AFUNPTR)returnArg, IARG_BRANCH_TAKEN, IARG_END);
INS_InsertThenCall(ins, IPOINT_BEFORE, (AFUNPTR)increment,
IARG_ADDRINT, ADDRINT(&(branchCounts[op].taken)),
IARG_END);
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)add,
IARG_ADDRINT, ADDRINT(&(branchCounts[op].takenArg)),
IARG_BRANCH_TAKEN, IARG_END);
}
}
VOID Instruction(INS ins, VOID *v)
{
//if (RTN_Valid(INS_Rtn(ins)) && RTN_Name(INS_Rtn(ins)) == "__SEH_epilog4") {
// cerr << "image " << IMG_Name(SEC_Img(RTN_Sec(INS_Rtn(ins)))) << endl;
//}
if ( leaflag && INS_IsLea(ins) ) {
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(LeaAdd),
IARG_THREAD_ID,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_INST_PTR,
IARG_REG_VALUE, REG_GBP,
IARG_END);
}
if ( INS_IsBranch(ins) && !(INS_IsCall(ins)) && !(INS_IsRet(ins)) ) {
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(Branch),
IARG_THREAD_ID,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsRet(ins)) {
INS prev = INS_Prev(ins);
//cout<< "CALL TO RET" << endl;
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(Ret),
IARG_THREAD_ID,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_INST_PTR,
IARG_UINT32, (INS_Valid(prev) && INS_Opcode(prev) == XED_CATEGORY_PUSH),
IARG_END);
}
else if (INS_IsCall(ins)) {
//cout << "CALL TO CALL" << endl;
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, AFUNPTR(Call),
IARG_THREAD_ID,
IARG_REG_VALUE, REG_STACK_PTR,
IARG_BRANCH_TARGET_ADDR,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins)) {
//cout<< "CALL TO MEWRITE" << endl;
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(MemWrite),
IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_END);
}
}
void instrumentBranch(INS ins, void * v) {
if (INS_IsBranch(ins) && INS_HasFallThrough(ins)) {
INS_InsertCall(ins, IPOINT_TAKEN_BRANCH, (AFUNPTR) handleBranch,
IARG_INST_PTR, IARG_BOOL, TRUE, IARG_END);
INS_InsertCall(ins, IPOINT_AFTER, (AFUNPTR) handleBranch, IARG_INST_PTR,
IARG_BOOL, FALSE, IARG_END);
}
}
void log_ins(INS ins)
{
// dump the instruction
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR) &execute_instruction,
IARG_INST_PTR, IARG_PTR, strdup(INS_Disassemble(ins).c_str()),
IARG_END);
// reads memory (1)
if(INS_IsMemoryRead(ins) != 0) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR) &dump_read_memory,
IARG_MEMORYREAD_EA, IARG_MEMORYREAD_SIZE, IARG_END);
}
// reads memory (2)
if(INS_HasMemoryRead2(ins) != 0) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR) &dump_read_memory,
IARG_MEMORYREAD2_EA, IARG_MEMORYREAD_SIZE, IARG_END);
}
IPOINT after = IPOINT_AFTER;
if(INS_IsCall(ins) != 0) {
// TODO is this correct?
after = IPOINT_TAKEN_BRANCH;
}
else if(INS_IsSyscall(ins) != 0) {
// TODO support syscalls
return;
}
else if(INS_HasFallThrough(ins) == 0 && (INS_IsBranch(ins) != 0 ||
INS_IsRet(ins) != 0)) {
// TODO is this correct?
after = IPOINT_TAKEN_BRANCH;
}
// dump written memory
if(INS_IsMemoryWrite(ins) != 0) {
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR) &dump_written_memory_before, IARG_MEMORYWRITE_EA,
IARG_MEMORYWRITE_SIZE, IARG_END);
INS_InsertCall(ins, after, (AFUNPTR) &dump_written_memory_after,
IARG_END);
}
// dump all affected registers
for (UINT32 i = 0; i < INS_OperandCount(ins); i++) {
if(INS_OperandIsMemory(ins, i) != 0) {
if(INS_OperandMemoryBaseReg(ins, i) != REG_INVALID()) {
REG base_reg = INS_OperandMemoryBaseReg(ins, i);
if(g_reg_index[base_reg] != 0) {
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR) &dump_reg_before,
IARG_UINT32, g_reg_index[base_reg]-1,
IARG_REG_VALUE, INS_OperandMemoryBaseReg(ins, i),
IARG_END);
INS_InsertCall(ins, after,
(AFUNPTR) &dump_reg_r_after,
IARG_UINT32, g_reg_index[base_reg]-1, IARG_END);
}
}
if(INS_OperandMemoryIndexReg(ins, i) != REG_INVALID()) {
REG index_reg = INS_OperandMemoryIndexReg(ins, i);
if(g_reg_index[index_reg] != 0) {
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR) &dump_reg_before,
IARG_UINT32, g_reg_index[index_reg]-1,
IARG_REG_VALUE, INS_OperandMemoryIndexReg(ins, i),
IARG_END);
INS_InsertCall(ins, after,
(AFUNPTR) &dump_reg_r_after,
IARG_UINT32, g_reg_index[index_reg]-1, IARG_END);
}
}
}
if(INS_OperandIsReg(ins, i) != 0) {
REG reg_index = REG_FullRegName(INS_OperandReg(ins, i));
if(INS_OperandReadAndWritten(ins, i) != 0) {
if(g_reg_index[reg_index] != 0) {
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR) &dump_reg_before,
IARG_UINT32, g_reg_index[reg_index]-1,
IARG_REG_VALUE, reg_index, IARG_END);
INS_InsertCall(ins, after, (AFUNPTR) &dump_reg_rw_after,
IARG_UINT32, g_reg_index[reg_index]-1,
IARG_REG_VALUE, reg_index, IARG_END);
}
}
else if(INS_OperandRead(ins, i) != 0) {
if(g_reg_index[reg_index] != 0) {
INS_InsertCall(ins, IPOINT_BEFORE,
(AFUNPTR) &dump_reg_before,
IARG_UINT32, g_reg_index[reg_index]-1,
IARG_REG_VALUE, reg_index, IARG_END);
INS_InsertCall(ins, after, (AFUNPTR) &dump_reg_r_after,
IARG_UINT32, g_reg_index[reg_index]-1, IARG_END);
}
}
else if(INS_OperandWritten(ins, i) != 0) {
if(g_reg_index[reg_index] != 0) {
INS_InsertCall(ins, after, (AFUNPTR) &dump_reg_w_after,
IARG_UINT32, g_reg_index[reg_index]-1,
IARG_REG_VALUE, reg_index, IARG_END);
}
}
}
}
INS_InsertCall(ins, after, (AFUNPTR) &print_newline, IARG_END);
}
/* ===================================================================== */
VOID Image(IMG img, VOID *v){
for (UINT16 i = 0; i < n_excluded_lib_names; i++)
{
if (IMG_Name(img).find(excluded_lib_names[i]) != string::npos){
cout << "Excluded module: " << IMG_Name(img) << endl;
return;
}
}
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec)){
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn)) {
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins)) {
// Avoid instrumenting the instrumentation
if (!INS_IsOriginal(ins))
continue;
if(!SeqProgram) {
if ((INS_IsMemoryWrite(ins) || INS_IsMemoryRead(ins)) && INS_HasFallThrough(ins)) {
if (INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_MEMORYREAD_EA,
IARG_MEMORYREAD2_EA,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
!INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_MEMORYREAD_EA,
IARG_ADDRINT, 0,
IARG_INST_PTR,
IARG_END);
}
else if (INS_IsMemoryWrite(ins) && !INS_IsMemoryRead(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_MEMORYWRITE_EA,
IARG_ADDRINT, 0,
IARG_ADDRINT, 0,
IARG_INST_PTR,
IARG_END);
}
else if (!INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_ADDRINT, 0,
IARG_MEMORYREAD_EA,
IARG_MEMORYREAD2_EA,
IARG_INST_PTR,
IARG_END);
}
else if (!INS_IsMemoryWrite(ins) && INS_IsMemoryRead(ins) &&
!INS_HasMemoryRead2(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessInst, IARG_THREAD_ID,
IARG_ADDRINT, 0,
IARG_MEMORYREAD_EA,
IARG_ADDRINT,0,
IARG_INST_PTR,
IARG_END);
}
else { //not a memory opeartion
ASSERTX(0);
}
}
}
else {
if(INS_IsBranch(ins)){
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)ProcessBranch,
IARG_BRANCH_TAKEN, IARG_INST_PTR, IARG_END);
}
}
}
RTN_Close(rtn);
}
}
}
instruction::instruction(const INS& ins)
{
this->address = INS_Address(ins);
this->next_address = INS_NextAddress(ins);
// this->opcode = INS_Mnemonic(ins);
this->opcode_size = static_cast<uint8_t>(INS_Size(ins));
this->opcode_buffer = std::shared_ptr<uint8_t>(new uint8_t[this->opcode_size], std::default_delete<uint8_t[]>());
PIN_SafeCopy(opcode_buffer.get(), reinterpret_cast<const VOID*>(this->address), this->opcode_size);
this->disassemble = INS_Disassemble(ins);
// including image, routine
auto img = IMG_FindByAddress(this->address);
this->including_image = IMG_Valid(img) ? IMG_Name(img) : "";
// this->including_routine = RTN_FindNameByAddress(this->address);
PIN_LockClient();
auto routine = RTN_FindByAddress(this->address);
PIN_UnlockClient();
if (RTN_Valid(routine)) {
auto routine_mangled_name = RTN_Name(routine);
this->including_routine_name = PIN_UndecorateSymbolName(routine_mangled_name, UNDECORATION_NAME_ONLY);
}
else this->including_routine_name = "";
// has fall through
this->has_fall_through = INS_HasFallThrough(ins);
// is call, ret or syscall
this->is_call = INS_IsCall(ins);
this->is_branch = INS_IsBranch(ins);
this->is_ret = INS_IsRet(ins);
this->is_syscall = INS_IsSyscall(ins);
this->category = static_cast<xed_category_enum_t>(INS_Category(ins));
this->iclass = static_cast<xed_iclass_enum_t>(INS_Opcode(ins));
// read registers
auto read_reg_number = INS_MaxNumRRegs(ins);
for (decltype(read_reg_number) reg_id = 0; reg_id < read_reg_number; ++reg_id) {
this->src_registers.push_back(INS_RegR(ins, reg_id));
}
// written registers
auto written_reg_number = INS_MaxNumWRegs(ins);
for (decltype(written_reg_number) reg_id = 0; reg_id < written_reg_number; ++reg_id) {
this->dst_registers.push_back(INS_RegW(ins, reg_id));
}
auto is_special_reg = [](const REG& reg) -> bool {
return (reg >= REG_MM_BASE);
};
this->is_special =
std::any_of(std::begin(this->src_registers), std::end(this->src_registers), is_special_reg) ||
std::any_of(std::begin(this->dst_registers), std::end(this->dst_registers), is_special_reg) ||
(this->category == XED_CATEGORY_X87_ALU) || (this->iclass == XED_ICLASS_XEND) || (this->category == XED_CATEGORY_LOGICAL_FP) ||
(this->iclass == XED_ICLASS_PUSHA) || (this->iclass == XED_ICLASS_PUSHAD) || (this->iclass == XED_ICLASS_PUSHF) ||
(this->iclass == XED_ICLASS_PUSHFD) || (this->iclass == XED_ICLASS_PUSHFQ);
// is memory read, write
this->is_memory_read = INS_IsMemoryRead(ins);
this->is_memory_write = INS_IsMemoryWrite(ins);
this->is_memory_read2 = INS_HasMemoryRead2(ins);
}
