int PrintBap(TraceReaderBinX86 &tr) { const TRInstructionX86& insn = tr.getCurInstruction(); if (m_BapVerifier.isInterested(insn)) { m_BapVerifier.processInstruction(insn); m_cntBap++; //only process 1000 instructions //remember this includes extra istructions such as XOR if (m_cntBap > 10000) { return -1; // break; } } else { if (m_bVerbose) { cout << "Solve result: SKIPPED @ " << tr.getFilePos() << endl; cout << "---------------------------------------------------------" << endl; } } //filepos = tr.getFilePos(); return 0; }
int main(int argc, char **argv) { if (0 != process_arg(argc, argv)) { return -1; } if (g_bToBpt) { cout << "Convert input to bpt" << endl; TraceConverterBPT t(g_sInFile, g_sBptName); } else { TraceReaderBinX86 tr; // TraceProcessorX86Verify bapVerifier(false, true); // TraceProcessorX86TaintSummary taintSummary(true); SummaryPrinter sum_printer; BapPrinter bap_printer(g_bVerbose); size_t counter = 0; // size_t bapcount = 0; // uint64_t filepos = 0; FILE* hostFile = NULL; //open the file tr.init(g_sInFile, ""); //defaults to cout //infact, we have to use COUT because of the use of system for the BAP test //tr.disableStringConversion(); //don't convert into strings yet //this is an approximate starting location of some tainted instructions // it should be 816330 instructions into the trace //tr.seekTo(startInterest); tr.setVerbose(g_bVerbose); // bapVerifier.setVerbose(g_bVerbose); //now iterate through the traces while (tr.readNextInstruction() == 0) { counter++; //grab a reference to the current instruction const TRInstructionX86& insn = tr.getCurInstruction(); if (g_bBAP) { cout << "************************************************" << endl; cout << "******** " << counter << " (" << tr.getFilePos() << ")***************" << endl; } if ((g_bVerbose) /*|| (!g_bSummary && !g_bBAP)*/) { cout << "(" << counter << ") " << tr.getInsnString(); } if (g_bSummary) { BREAK_IF(0 != sum_printer.PrintSummary(insn)); } if (g_bBAP) { BREAK_IF(0 != bap_printer.PrintBap(tr)); } } printf("[%lu] Instructions Decoded\n", counter); } //ofstream of("cfg.dot"); //write_graphviz(of, cfa.m_CFG); return (0); }
int main(int argc, char **argv) { if (0 != process_arg(argc, argv)) { return -1; } TraceReaderBinX86 tr; // TraceProcessorX86Verify bapVerifier(false, true); // TraceProcessorX86TaintSummary taintSummary(true); SummaryPrinter sum_printer; BapPrinter bap_printer(g_bVerbose); size_t counter = 0; uint32_t first_cr3; uint32_t cur_cr3; // size_t bapcount = 0; // uint64_t filepos = 0; FILE* hostFile = NULL; //open the file tr.init(g_sInFile, ""); //defaults to cout //infact, we have to use COUT because of the use of system for the BAP test //tr.disableStringConversion(); //don't convert into strings yet //this is an approximate starting location of some tainted instructions // it should be 816330 instructions into the trace //tr.seekTo(startInterest); tr.setVerbose(g_bVerbose); // bapVerifier.setVerbose(g_bVerbose); //now iterate through the traces first_cr3 = tr.getProcessRecord().pid; cur_cr3 = first_cr3; cout << "CR3:" << hex << first_cr3 << endl; while (tr.readNextInstruction() == 0) { counter++; //grab a reference to the current instruction const TRInstructionX86& insn = tr.getCurInstruction(); if (g_bBAP) { cout << "************************************************" << endl; cout << "******** " << counter << " (" << tr.getFilePos() << ")***************" << endl; } if ((g_bVerbose) /*|| (!bSummary && !bBAP) */) { cout << "(" << counter << ") " << tr.getInsnString(); } if (g_bSummary) { BREAK_IF(0 != sum_printer.PrintSummary(insn)); } if(g_bObjdump) { if(cur_cr3 == first_cr3) { tr.printInsnObjdump(); } if((uint8_t) insn.eh.rawbytes[0] == 0xf && (uint8_t) insn.eh.rawbytes[1] == 0x22 && (uint8_t) insn.eh.rawbytes[2] == 0xd8) { cur_cr3 = insn.eh.operand[0].value; } } if (g_bBAP) { BREAK_IF(0 != bap_printer.PrintBap(tr)); } } //ofstream of("cfg.dot"); //write_graphviz(of, cfa.m_CFG); printf("[%lu] Instructions Decoded\n", counter); return (0); }