search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Still cannot know why it does not work
[PathExplorer.git] / previous_version / instrumentation_functions.cc
blob797afa6c3d3f85c37d6bd08467d2ed3a48a0df5e
1 #include <pin.H>
2
3 #include <fstream>
4 #include <vector>
5 #include <map>
6 #include <set>
7
8 #include <boost/format.hpp>
9 #include <boost/date_time/posix_time/posix_time.hpp>
10 #include <boost/filesystem.hpp>
11 #include <boost/log/trivial.hpp>
12
13 #include "stuffs.h"
14 #include "branch.h"
15 #include "instruction.h"
16 #include "analysis_functions.h"
17 #include "tainting_functions.h"
18 #include "resolving_functions.h"
19 #include "logging_functions.h"
20
21 /*====================================================================================================================*/
22
23 extern std::map< ADDRINT,
24 instruction > addr_ins_static_map;
25
26 extern std::vector<ADDRINT> explored_trace;
27
28 extern bool in_tainting;
29
30 extern map_ins_io dta_inss_io;
31
32 extern UINT8 received_msg_num;
33
34 extern boost::shared_ptr<boost::posix_time::ptime> start_ptr_time;
35 extern boost::shared_ptr<boost::posix_time::ptime> stop_ptr_time;
36
37 /**
38 * @brief instrumentation function.
39 *
40 * @param ins current examined instruction.
41 * @param data not used.
42 * @return VOID
43 */
44 VOID ins_instrumenter(INS ins, VOID *data)
45 {
46 // logging the parsed instructions statically
47 ADDRINT ins_addr = INS_Address(ins);
48
49 addr_ins_static_map[ins_addr] = instruction(ins);
50 // addr_ins_static_map[ins_addr].contained_image = contained_image_name(ins_addr);
51
52 if (
53 false
54 // || INS_IsCall(ins)
55 // || INS_IsSyscall(ins)
56 // || INS_IsSysret(ins)
57 // || INS_IsNop(ins)
58 )
59 {
60 // omit these instructions
61 }
62 else
63 {
64 if (received_msg_num == 1)
65 {
66 if (!start_ptr_time)
67 {
68 start_ptr_time.reset(new boost::posix_time::ptime(boost::posix_time::microsec_clock::local_time()));
69 }
70
71 if (in_tainting)
72 {
73 /* START LOGGING */
74 if (INS_IsSyscall(ins))
75 {
76 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
77 (AFUNPTR)logging_syscall_instruction_analyzer,
78 IARG_INST_PTR,
79 IARG_END);
80 }
81 else
82 {
83 // general logging
84 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
85 (AFUNPTR)logging_general_instruction_analyzer,
86 IARG_INST_PTR,
87 IARG_END);
88
89 if (addr_ins_static_map[ins_addr].category == XED_CATEGORY_COND_BR)
90 {
91 // conditional branch logging
92 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
93 (AFUNPTR)logging_cond_br_analyzer,
94 IARG_INST_PTR,
95 IARG_BRANCH_TAKEN,
96 IARG_END);
97 }
98 else
99 {
100 if (INS_IsMemoryRead(ins))
101 {
102 // memory read logging
103 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
104 (AFUNPTR)logging_mem_read_instruction_analyzer,
105 IARG_INST_PTR,
106 IARG_MEMORYREAD_EA, IARG_MEMORYREAD_SIZE,
107 IARG_CONTEXT,
108 IARG_END);
109 }
110
111 if (INS_IsMemoryWrite(ins))
112 {
113 // memory written logging
114 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
115 (AFUNPTR)logging_mem_write_instruction_analyzer,
116 IARG_INST_PTR,
117 IARG_MEMORYWRITE_EA, IARG_MEMORYWRITE_SIZE,
118 IARG_END );
119 }
120 }
121 }
122
123 /* START TAINTING */
124 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
125 (AFUNPTR)tainting_general_instruction_analyzer,
126 IARG_INST_PTR,
127 IARG_END );
128 }
129 else // in rollbacking
130 {
131 /* START RESOLVING */
132 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
133 (AFUNPTR)resolving_ins_count_analyzer,
134 IARG_INST_PTR,
135 IARG_END );
136
137 if (INS_IsMemoryRead(ins))
138 {
139 // INS_InsertPredicatedCall(ins, IPOINT_BEFORE, (AFUNPTR)resolving_mem_to_st_analyzer,
140 // IARG_INST_PTR,
141 // IARG_MEMORYREAD_EA, IARG_MEMORYREAD_SIZE,
142 // IARG_END);
143 }
144 else
145 {
146 if (INS_IsMemoryWrite(ins))
147 {
148 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
149 (AFUNPTR)resolving_st_to_mem_analyzer,
150 IARG_INST_PTR,
151 IARG_MEMORYWRITE_EA, IARG_MEMORYWRITE_SIZE,
152 IARG_END);
153 }
154 }
155
156 // note that conditional branches are always direct
157 if (addr_ins_static_map[ins_addr].category == XED_CATEGORY_COND_BR)
158 {
159 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
160 (AFUNPTR)resolving_cond_branch_analyzer,
161 IARG_INST_PTR,
162 IARG_BRANCH_TAKEN,
163 IARG_END);
164 }
165 else
166 {
167 if (INS_IsIndirectBranchOrCall(ins))
168 {
169 INS_InsertPredicatedCall(ins, IPOINT_BEFORE,
170 (AFUNPTR)resolving_indirect_branch_call_analyzer,
171 IARG_INST_PTR,
172 IARG_BRANCH_TARGET_ADDR,
173 IARG_END);
174 }
175 }
176 }
177 }
178 }
179
180 return;
181 }
182
183 /*====================================================================================================================*/
184
185 VOID image_load_instrumenter(IMG loaded_img, VOID *data)
186 {
187 std::cout << "image_load_instrumenter activated\n";
188
189 const static std::string winsock_dll_name("WS2_32.dll");
190
191 if (received_msg_num < 1)
192 {
193 // verify whether the winsock2 module is loaded
194 boost::filesystem::path loaded_image_path(IMG_Name(loaded_img));
195 std::cout << "Loaded module: " << loaded_image_path.filename() << "\n";
196 if (loaded_image_path.filename() == winsock_dll_name)
197 {
198 std::cout << "winsock found\n";
199 RTN recv_function = RTN_FindByName(loaded_img, "recv");
200 if (RTN_Valid(recv_function))
201 {
202 std::cout << "recv instrumented\n";
203 RTN_Open(recv_function);
204
205 RTN_InsertCall(recv_function, IPOINT_BEFORE, (AFUNPTR)logging_before_recv_functions_analyzer,
206 IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
207 IARG_END);
208 RTN_InsertCall(recv_function, IPOINT_AFTER, (AFUNPTR)logging_after_recv_functions_analyzer,
209 IARG_FUNCRET_EXITPOINT_VALUE,
210 IARG_END);
211
212 RTN_Close(recv_function);
213 }
214
215 RTN recvfrom_function = RTN_FindByName(loaded_img, "recvfrom");
216 if (RTN_Valid(recvfrom_function))
217 {
218 std::cout << "recvfrom instrumented\n";
219 RTN_Open(recvfrom_function);
220
221 RTN_InsertCall(recvfrom_function, IPOINT_BEFORE,
222 (AFUNPTR)logging_before_recv_functions_analyzer,
223 IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
224 IARG_END);
225 RTN_InsertCall(recvfrom_function, IPOINT_AFTER,
226 (AFUNPTR)logging_after_recv_functions_analyzer,
227 IARG_FUNCRET_EXITPOINT_VALUE,
228 IARG_END);
229
230 RTN_Close(recvfrom_function);
231 }
232
233 RTN wsarecv_function = RTN_FindByName(loaded_img, "WSARecv");
234 if (RTN_Valid(wsarecv_function))
235 {
236 std::cout << "WSARecv instrumented\n";
237 RTN_Open(wsarecv_function);
238
239 RTN_InsertCall(wsarecv_function, IPOINT_BEFORE,
240 (AFUNPTR)logging_before_wsarecv_functions_analyzer,
241 IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
242 IARG_END);
243 RTN_InsertCall(wsarecv_function, IPOINT_AFTER,
244 (AFUNPTR)logging_after_wsarecv_funtions_analyzer,
245 IARG_END);
246
247 RTN_Close(wsarecv_function);
248 }
249
250 RTN wsarecvfrom_function = RTN_FindByName(loaded_img, "WSARecvFrom");
251 if (RTN_Valid(wsarecvfrom_function))
252 {
253 std::cout << "WSARecvFrom instrumented\n";
254 RTN_Open(wsarecvfrom_function);
255
256 RTN_InsertCall(wsarecvfrom_function, IPOINT_BEFORE,
257 (AFUNPTR)logging_before_wsarecv_functions_analyzer,
258 IARG_FUNCARG_ENTRYPOINT_VALUE, 1,
259 IARG_END);
260 RTN_InsertCall(wsarecvfrom_function, IPOINT_AFTER,
261 (AFUNPTR)logging_after_wsarecv_funtions_analyzer,
262 IARG_END);
263
264 RTN_Close(wsarecvfrom_function);
265 }
266 }
267 }
268
269 return;
270 }
271
272 /*====================================================================================================================*/
273
274 BOOL process_create_instrumenter(CHILD_PROCESS created_process, VOID* data)
275 {
276 BOOST_LOG_TRIVIAL(warning)
277 << boost::format("new process created with id %d") % CHILD_PROCESS_GetId(created_process);
278 return TRUE;
279 }