VOID Image(IMG img, VOID * v) { if ( (IMG_Name(img).find("ntdll.dll") != string::npos) || (IMG_Name(img).find("NTDLL.DLL") != string::npos) || (IMG_Name(img).find("NTDLL.dll") != string::npos) ) { return; } if ( (IMG_Name(img).find("MSVCR") != string::npos) || (IMG_Name(img).find("msvcr") != string::npos) ) { // _NLG_Return2 causes problems return; } for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec)) { for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn)) { if (RTN_Name(rtn).find(".text") != string::npos) { continue; } BOOL canBeProbed = RTN_IsSafeForProbedInsertion(rtn); if (canBeProbed && RTN_Name(rtn)[0] != '_' && RTN_Name(rtn)[0] != '.') { RTN_InsertCallProbed( rtn, IPOINT_BEFORE, AFUNPTR(AtRtn), IARG_PTR, RTN_Name(rtn).c_str(), IARG_TSC, IARG_END); } } } }
static VOID on_module_loading(IMG img, VOID *data) { if (IMG_IsMainExecutable(img)) { RTN routine = RTN_FindByName(img, "foo1"); if (RTN_Valid(routine) && RTN_IsSafeForProbedReplacement(routine)) { PROTO foo1_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT, "foo1", PIN_PARG_END() ); AFUNPTR foo1_ptr = RTN_ReplaceSignatureProbed(routine, (AFUNPTR)foo1_rep, IARG_PROTOTYPE, foo1_proto, IARG_ORIG_FUNCPTR, IARG_END); ASSERTX(foo1_ptr != 0); } routine = RTN_FindByName(img, "foo2"); if (RTN_Valid(routine) && RTN_IsSafeForProbedInsertion(routine)) { PROTO foo2_proto = PROTO_Allocate( PIN_PARG(void), CALLINGSTD_DEFAULT, "foo2", PIN_PARG_END() ); RTN_InsertCallProbed(routine, IPOINT_BEFORE, AFUNPTR( foo2_before ), IARG_PROTOTYPE, foo2_proto, IARG_END); RTN_InsertCallProbed(routine, IPOINT_AFTER, AFUNPTR( foo2_after ), IARG_PROTOTYPE, foo2_proto, IARG_END); }
PyObject* Python_RTN_IsSafeForProbedInsertion(PyObject* self, PyObject* args) { PyObject* rtn; PyArg_ParseTuple(args, "L", &rtn); RTN rtn_object = *(RTN*) rtn; if (RTN_IsSafeForProbedInsertion(rtn_object)) { return Py_BuildValue("O", Py_True); } else { return Py_BuildValue("O", Py_False); } }
static VOID on_module_loading(IMG img, VOID *data) { RTN routine = RTN_FindByName(img, "baserel_in_probe"); if (!RTN_Valid(routine)) { routine = RTN_FindByName(img, "_baserel_in_probe"); } if (RTN_Valid(routine)) { if (!RTN_IsSafeForProbedInsertion(routine) && !RTN_IsSafeForProbedReplacement(routine)) { printf("failed to set probe\n"); } } }
int rtn_is_safe_for_probed_insertion (lua_State *L) { RTN* v1 = check_rtn(L,1); BOOL r = RTN_IsSafeForProbedInsertion(*v1); lua_pushboolean(L, r); return 1; }