// Is called for every instruction and instruments reads and writes VOID Instruction(INS ins, VOID *v) { // Instruments memory accesses using a predicated call, i.e. // the instrumentation is called iff the instruction will actually be executed. // // On the IA-32 and Intel(R) 64 architectures conditional moves and REP // prefixed instructions appear as predicated instructions in Pin. UINT32 memOperands = INS_MemoryOperandCount(ins); // Iterate over each memory operand of the instruction. for (UINT32 memOp = 0; memOp < memOperands; memOp++) { /*if (INS_MemoryOperandIsRead(ins, memOp)) { INS_InsertPredicatedCall( ins, IPOINT_BEFORE, (AFUNPTR)RecordMemRead, IARG_INST_PTR, IARG_MEMORYOP_EA, memOp, IARG_END); }*/ // Note that in some architectures a single memory operand can be // both read and written (for instance incl (%eax) on IA-32) // In that case we instrument it once for read and once for write. if (INS_MemoryOperandIsWritten(ins, memOp)) { xed_decoded_inst_t* xedd = INS_XedDec(ins); xed_syntax_enum_t syntax = XED_SYNTAX_INTEL; // XED_SYNTAX_ATT, XED_SYNTAX_XED const UINT32 BUFLEN = 100; //char buffer[BUFLEN]; ADDRINT addr = INS_Address(ins); BOOL ok = xed_format(syntax, xedd, writeInstruction, BUFLEN, static_cast<UINT64>(addr)); if (ok){ } INS_InsertPredicatedCall( ins, IPOINT_BEFORE, (AFUNPTR)RecordMemWrite, IARG_INST_PTR, IARG_MEMORYOP_EA, memOp, IARG_END); } } }
VOID Instruction(INS ins, VOID *v) { xed_decoded_inst_t* xedd = INS_XedDec(ins); // To print out the gory details uncomment this: // char buf[2048]; // xed_decoded_inst_dump(xedd, buf, 2048); // *out << buf << endl; xed_syntax_enum_t syntax = XED_SYNTAX_INTEL; // XED_SYNTAX_ATT, XED_SYNTAX_XED const UINT32 BUFLEN = 100; char buffer[BUFLEN]; ADDRINT addr = INS_Address(ins); BOOL ok = xed_format(syntax, xedd, buffer, BUFLEN, static_cast<UINT64>(addr)); if (ok) { *out << setw(sizeof(ADDRINT)*2) << hex << addr << dec << " " << buffer << endl; } else { *out << "disas-error @" << hex << addr << dec << endl; } }
int main(int argc, char** argv) { xed_error_enum_t xed_error; xed_bool_t long_mode = 0; unsigned int bytes = 0; unsigned char itext[XED_MAX_INSTRUCTION_BYTES]; int i; unsigned int u; xed_decoded_inst_t xedd; #define BUFLEN 1000 char buffer[BUFLEN]; xed_bool_t ok; unsigned int isyntax; xed_syntax_enum_t syntax; xed_machine_mode_enum_t mmode; xed_address_width_enum_t stack_addr_width; xed_format_options_t format_options; // one time initialization xed_tables_init(); xed_set_verbosity( 99 ); memset(&format_options,0, sizeof(format_options)); format_options.hex_address_before_symbolic_name=0; format_options.xml_a=0; format_options.omit_unit_scale=0; for(i=1;i<argc;i++) { if (strcmp(argv[i], "-xml") == 0) format_options.xml_a=1; else if (strcmp(argv[i], "-no-unit-scale") == 0) format_options.omit_unit_scale=1; else if (strcmp(argv[i], "-64") == 0) long_mode = 1; else break; } xed_format_set_options( format_options ); /// begin processing of instructions... if (long_mode) { mmode=XED_MACHINE_MODE_LONG_64; stack_addr_width =XED_ADDRESS_WIDTH_64b; } else { mmode=XED_MACHINE_MODE_LEGACY_32; stack_addr_width =XED_ADDRESS_WIDTH_32b; } xed_decoded_inst_zero(&xedd); xed_decoded_inst_set_mode(&xedd, mmode, stack_addr_width); for( ;i < argc; i++) { xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i])); assert(bytes < XED_MAX_INSTRUCTION_BYTES); itext[bytes++] = x; } if (bytes == 0) { fprintf(stderr, "Must supply some hex bytes\n"); exit(1); } printf("PARSING BYTES: "); for( u=0;u<bytes; u++) printf("%02x ", STATIC_CAST(unsigned int,itext[u])); printf("\n"); xed_error = xed_decode(&xedd, REINTERPRET_CAST(const xed_uint8_t*,itext), bytes); switch(xed_error) { case XED_ERROR_NONE: break; case XED_ERROR_BUFFER_TOO_SHORT: fprintf(stderr,"Not enough bytes provided\n"); exit(1); case XED_ERROR_GENERAL_ERROR: fprintf(stderr,"Could not decode given input.\n"); exit(1); default: fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error)); exit(1); } xed_decoded_inst_dump(&xedd,buffer, BUFLEN); printf("%s\n",buffer); for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) { syntax = STATIC_CAST(xed_syntax_enum_t, isyntax); ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0); if (ok) printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer); else printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax)); } return 0; }
int main(int argc, char** argv) { xed_error_enum_t xed_error; xed_bool_t long_mode = 0; xed_bool_t real_mode = 0; xed_bool_t protected_16 = 0; xed_state_t dstate; unsigned int first_argv; unsigned int bytes = 0; unsigned char itext[XED_MAX_INSTRUCTION_BYTES]; int i; unsigned int u; xed_decoded_inst_t xedd; #define BUFLEN 1000 char buffer[BUFLEN]; xed_bool_t ok; unsigned int isyntax; xed_syntax_enum_t syntax; unsigned int memop_index = 0; unsigned int memops = 0; xed_uint64_t out_addr = 0; xed_tables_init(); xed_agen_register_callback( register_callback, segment_callback); xed_state_zero(&dstate); xed_set_verbosity( 99 ); if (argc > 2 && strcmp(argv[1], "-64") == 0) long_mode = 1; if (argc > 2 && strcmp(argv[1], "-r") == 0) real_mode = 1; if (argc > 2 && strcmp(argv[1], "-16") == 0) protected_16 = 1; if (long_mode) { first_argv = 2; dstate.mmode=XED_MACHINE_MODE_LONG_64; } else if (protected_16) { first_argv = 2; xed_state_init(&dstate, XED_MACHINE_MODE_LEGACY_16, XED_ADDRESS_WIDTH_16b, XED_ADDRESS_WIDTH_16b); } else if (real_mode) { first_argv = 2; /* we say that real mode uses 16b addressing even though the addresses returned are 20b long. */ xed_state_init(&dstate, XED_MACHINE_MODE_REAL_16, XED_ADDRESS_WIDTH_16b, XED_ADDRESS_WIDTH_16b); } else { first_argv=1; xed_state_init(&dstate, XED_MACHINE_MODE_LEGACY_32, XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b); } xed_decoded_inst_zero_set_mode(&xedd, &dstate); for( i=first_argv ; i < argc; i++) { xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i])); assert(bytes < XED_MAX_INSTRUCTION_BYTES); itext[bytes++] = x; } if (bytes == 0) { fprintf(stderr, "Must supply some hex bytes\n"); exit(1); } printf("PARSING BYTES: "); for( u=0; u<bytes; u++) printf("%02x ", STATIC_CAST(unsigned int,itext[u])); printf("\n"); xed_error = xed_decode(&xedd, REINTERPRET_CAST(const xed_uint8_t*,itext), bytes); switch(xed_error) { case XED_ERROR_NONE: break; case XED_ERROR_BUFFER_TOO_SHORT: fprintf(stderr,"Not enough bytes provided\n"); exit(1); case XED_ERROR_GENERAL_ERROR: fprintf(stderr,"Could not decode given input.\n"); exit(1); default: fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error)); exit(1); } xed_decoded_inst_dump(&xedd,buffer, BUFLEN); printf("%s\n",buffer); for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) { syntax = STATIC_CAST(xed_syntax_enum_t, isyntax); ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0); if (ok) printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer); else printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax)); } memops = xed_decoded_inst_number_of_memory_operands(&xedd); printf("\nNumber of memory operands: %d\n", (int)memops); for(memop_index=0; memop_index<memops; memop_index++) { xed_error = xed_agen(&xedd, memop_index, 0, &out_addr); if (xed_error != XED_ERROR_NONE) { fprintf(stderr,"Agen error code %s\n", xed_error_enum_t2str(xed_error)); exit(1); } printf("\tMemory agen%d: " XED_FMT_LX "\n", (int)memop_index, out_addr); } return 0; }
static string disassemble(UINT64 start, UINT64 stop) { UINT64 pc = start; xed_state_t dstate; xed_syntax_enum_t syntax = XED_SYNTAX_INTEL; xed_error_enum_t xed_error; xed_decoded_inst_t xedd; ostringstream os; if (sizeof(ADDRINT) == 4) xed_state_init(&dstate, XED_MACHINE_MODE_LEGACY_32, XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b); else xed_state_init(&dstate, XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b, XED_ADDRESS_WIDTH_64b); /*while( pc < stop )*/ { xed_decoded_inst_zero_set_mode(&xedd, &dstate); UINT32 len = 15; if (stop - pc < 15) len = stop-pc; xed_error = xed_decode(&xedd, reinterpret_cast<const UINT8*>(pc), len); bool okay = (xed_error == XED_ERROR_NONE); iostream::fmtflags fmt = os.flags(); os << std::setfill('0') << "XDIS " << std::hex << std::setw(sizeof(ADDRINT)*2) << pc << std::dec << ": " << std::setfill(' ') << std::setw(4); if (okay) { char buffer[200]; unsigned int dec_len, sp; os << xed_extension_enum_t2str(xed_decoded_inst_get_extension(&xedd)); dec_len = xed_decoded_inst_get_length(&xedd); print_hex_line(buffer, reinterpret_cast<UINT8*>(pc), dec_len); os << " " << buffer; for ( sp=dec_len; sp < 12; sp++) // pad out the instruction bytes os << " "; os << " "; memset(buffer,0,200); int dis_okay = xed_format(syntax, &xedd, buffer, 200, pc); if (dis_okay) os << buffer << endl; else os << "Error disasassembling pc 0x" << std::hex << pc << std::dec << endl; pc += dec_len; } else { // print the byte and keep going. UINT8 memval = *reinterpret_cast<UINT8*>(pc); os << "???? " // no extension << std::hex << std::setw(2) << std::setfill('0') << static_cast<UINT32>(memval) << std::endl; pc += 1; } os.flags(fmt); } return os.str(); }
int main(int argc, char** argv) { xed_error_enum_t xed_error; xed_bool_t long_mode = 0; xed_state_t dstate; unsigned int first_argv; unsigned int bytes = 0; unsigned char itext[XED_MAX_INSTRUCTION_BYTES]; int i; unsigned int u; xed_decoded_inst_t xedd; #define BUFLEN 1000 char buffer[BUFLEN]; xed_bool_t ok; unsigned int isyntax; xed_syntax_enum_t syntax; xed_tables_init(); xed_state_zero(&dstate); xed_set_verbosity( 99 ); if (argc > 2 && strcmp(argv[1], "-64") == 0) long_mode = 1; if (long_mode) { first_argv = 2; dstate.mmode=XED_MACHINE_MODE_LONG_64; } else { first_argv=1; xed_state_init(&dstate, XED_MACHINE_MODE_LEGACY_32, XED_ADDRESS_WIDTH_32b, XED_ADDRESS_WIDTH_32b); } xed_decoded_inst_zero_set_mode(&xedd, &dstate); for( i=first_argv ;i < argc; i++) { xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i])); assert(bytes < XED_MAX_INSTRUCTION_BYTES); itext[bytes++] = x; } if (bytes == 0) { fprintf(stderr, "Must supply some hex bytes\n"); exit(1); } printf("PARSING BYTES: "); for( u=0;u<bytes; u++) printf("%02x ", STATIC_CAST(unsigned int,itext[u])); printf("\n"); xed_error = xed_decode(&xedd, REINTERPRET_CAST(const xed_uint8_t*,itext), bytes); switch(xed_error) { case XED_ERROR_NONE: break; case XED_ERROR_BUFFER_TOO_SHORT: fprintf(stderr,"Not enough bytes provided\n"); exit(1); case XED_ERROR_GENERAL_ERROR: fprintf(stderr,"Could not decode given input.\n"); exit(1); default: fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error)); exit(1); } //memset(buffer,0,BUFLEN); xed_decoded_inst_dump(&xedd,buffer, BUFLEN); printf("%s\n",buffer); for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) { syntax = STATIC_CAST(xed_syntax_enum_t, isyntax); ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0); if (ok) printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer); else printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax)); } return 0; }
int main(int argc, char** argv) { xed_error_enum_t xed_error; xed_bool_t long_mode = 0; xed_bool_t prot16 = 0; unsigned int first_argv; unsigned int bytes = 0; unsigned char itext[XED_MAX_INSTRUCTION_BYTES]; int i; unsigned int u; xed_decoded_inst_t xedd; #define BUFLEN 1000 char buffer[BUFLEN]; xed_bool_t ok; unsigned int isyntax; xed_syntax_enum_t syntax; xed_machine_mode_enum_t mmode; xed_address_width_enum_t stack_addr_width; xed_encoder_request_t* enc_req; xed_uint8_t array[XED_MAX_INSTRUCTION_BYTES]; unsigned int enc_olen, ilen = XED_MAX_INSTRUCTION_BYTES; xed_error_enum_t encode_okay; xed_bool_t change_to_long_mode = 0; xed_tables_init(); xed_set_verbosity( 99 ); if (argc > 2 && strcmp(argv[1], "-64") == 0) long_mode = 1; else if (argc > 2 && strcmp(argv[1], "-16") == 0) prot16 = 1; if (long_mode) { first_argv = 2; mmode=XED_MACHINE_MODE_LONG_64; stack_addr_width =XED_ADDRESS_WIDTH_64b; } else if (prot16) { first_argv = 2; mmode=XED_MACHINE_MODE_LEGACY_16; stack_addr_width =XED_ADDRESS_WIDTH_16b; } else { first_argv=1; mmode=XED_MACHINE_MODE_LEGACY_32; stack_addr_width =XED_ADDRESS_WIDTH_32b; } xed_decoded_inst_zero(&xedd); xed_decoded_inst_set_mode(&xedd, mmode, stack_addr_width); for( i=first_argv ;i < argc; i++) { xed_uint8_t x = (xed_uint8_t)(xed_atoi_hex(argv[i])); assert(bytes < XED_MAX_INSTRUCTION_BYTES); itext[bytes++] = x; } if (bytes == 0) { fprintf(stderr, "Must supply some hex bytes\n"); exit(1); } printf("PARSING BYTES: "); for( u=0;u<bytes; u++) printf("%02x ", XED_STATIC_CAST(unsigned int,itext[u])); printf("\n"); xed_error = xed_decode(&xedd, XED_REINTERPRET_CAST(const xed_uint8_t*,itext), bytes); switch(xed_error) { case XED_ERROR_NONE: break; case XED_ERROR_BUFFER_TOO_SHORT: fprintf(stderr,"Not enough bytes provided\n"); exit(1); case XED_ERROR_GENERAL_ERROR: fprintf(stderr,"Could not decode given input.\n"); exit(1); default: fprintf(stderr,"Unhandled error code %s\n", xed_error_enum_t2str(xed_error)); exit(1); } //memset(buffer,0,BUFLEN); xed_decoded_inst_dump(&xedd,buffer, BUFLEN); printf("%s\n",buffer); for(isyntax= XED_SYNTAX_XED; isyntax < XED_SYNTAX_LAST; isyntax++) { syntax = XED_STATIC_CAST(xed_syntax_enum_t, isyntax); ok = xed_format(syntax, &xedd, buffer, BUFLEN, 0); if (ok) printf("%s syntax: %s\n", xed_syntax_enum_t2str(syntax), buffer); else printf("Error disassembling %s syntax\n", xed_syntax_enum_t2str(syntax)); } printf("\nPreparing to encode ...\n"); enc_req = &xedd; // they are basically the same now // convert decode structure to proper encode structure xed_encoder_request_init_from_decode(&xedd); change_to_long_mode = 0; if (change_to_long_mode) { // change to 64b mode xed_state_t state; xed_operand_values_t* ov; xed_state_init2(&state,XED_MACHINE_MODE_LONG_64,XED_ADDRESS_WIDTH_64b); ov = xed_decoded_inst_operands(&xedd); xed_operand_values_set_mode(ov, &state); xed_encoder_request_set_effective_address_size(enc_req, 64); // need to fix base regs... //xed_operand_values_set_operand_reg(ov, XED_OPERAND_BASE0, XED_REG_RSI); xed_encoder_request_set_effective_operand_width(enc_req, 32); } printf("Encoding...\n"); encode_okay = xed_encode(enc_req, array, ilen, &enc_olen); if (encode_okay != XED_ERROR_NONE) { printf("Error code = %s\n", xed_error_enum_t2str(encode_okay)); } else { unsigned int j; printf("Encodable: "); for(j=0;j<enc_olen;j++) { printf("%02x", array[j]); } printf("\n"); } return 0; }