Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86-64 trace fix #2

Merged
merged 1 commit into from
Mar 18, 2016
Merged

x86-64 trace fix #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ Change folder to qemu and build tracer with command
```bash
$ ./configure --prefix=$HOME --with-tracewrap=`realpath ../bap-traces` \
--extra-ldflags=-Lprotobuf --target-list="arm-linux-user i386-linux-user \
mips-linux-user"
x86_64-linux-user mips-linux-user"
$ make -C protobuf
$ make
$ make install
Expand All @@ -68,6 +68,7 @@ To run executable `exec` and to save the trace data to `exec.trace`, use
```bash
$ qemu-arm -tracefile exec.trace exec # trace ARM target executable
$ qemu-i386 -tracefile exec.trace exec # trace X86 target executable
$ qemu-x86_64 -tracefile exec.trace exec # trace X86-64 target executable
$ qemu-mips -tracefile exec.trace exec # trace MIPS target executable
```

Expand All @@ -76,4 +77,4 @@ Hints: use option -L to set the elf interpreter prefix to 'path'. Use
to download arm and x86 libraries.

# Notes
Only ARM, X86, MIPS targets are supported in this branch.
Only ARM, X86, X86-64, MIPS targets are supported in this branch.
8 changes: 4 additions & 4 deletions include/tracewrap.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ struct toc_entry {

extern FILE *qemu_tracefile;
void qemu_trace(Frame frame);
void qemu_trace_newframe(uint64_t addr, int tread_id);
void qemu_trace_newframe(target_ulong addr, int tread_id);
void qemu_trace_add_operand(OperandInfo *oi, int inout);
void qemu_trace_endframe(CPUArchState *env, target_ulong pc, size_t size);
void qemu_trace_endframe(CPUArchState *env, target_ulong pc, target_ulong size);
void qemu_trace_finish(uint32_t exit_code);

OperandInfo * load_store_reg(uint32_t reg, uint32_t val, int ls);
OperandInfo * load_store_mem(uint32_t addr, uint32_t val, int ls, int len);
OperandInfo * load_store_reg(target_ulong reg, target_ulong val, int ls);
OperandInfo * load_store_mem(target_ulong addr, target_ulong val, int ls, int len);

#define REG_CPSR 64
#define REG_APSR 65
Expand Down
6 changes: 6 additions & 0 deletions linux-user/x86_64/trace_info.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#pragma once

#include "arch.h"

const uint64_t bfd_arch = bfd_arch_i386;
const uint64_t bfd_machine = mach_x86_64;
10 changes: 5 additions & 5 deletions target-i386/helper.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ DEF_HELPER_2(idivq_EAX, void, env, tl)

#ifdef HAS_TRACEWRAP
DEF_HELPER_1(trace_newframe, void, tl)
DEF_HELPER_3(trace_endframe, void, env, tl, i32)
DEF_HELPER_2(trace_load_reg, void, i32, i32)
DEF_HELPER_2(trace_store_reg, void, i32, i32)
DEF_HELPER_3(trace_ld, void, env, i32, i32)
DEF_HELPER_3(trace_st, void, env, i32, i32)
DEF_HELPER_3(trace_endframe, void, env, tl, tl)
DEF_HELPER_2(trace_load_reg, void, tl, tl)
DEF_HELPER_2(trace_store_reg, void, tl, tl)
DEF_HELPER_3(trace_ld, void, env, tl, tl)
DEF_HELPER_3(trace_st, void, env, tl, tl)
DEF_HELPER_1(trace_load_eflags, void, env)
DEF_HELPER_1(trace_store_eflags, void, env)
#endif //HAS_TRACEWRAP
Expand Down
84 changes: 63 additions & 21 deletions target-i386/trace_helper.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,38 +5,80 @@
#include "tracewrap.h"
#include "qemu/log.h"

const char *regs[8] = {"EAX_32", "ECX_32", "EDX_32", "EBX_32", "ESP_32", "EBP_32", "ESI_32", "EDI_32"};
const char *segs[6] = {"ES_BASE_32", "CS_BASE_32", "SS_BASE_32", "DS_BASE_32", "FS_BASE_32", "GS_BASE_32"};

static const char* const regs[CPU_NB_REGS] = {
#ifdef TARGET_X86_64
[R_EAX] = "RAX",
[R_EBX] = "RBX",
[R_ECX] = "RCX",
[R_EDX] = "RDX",
[R_ESI] = "RSI",
[R_EDI] = "RDI",
[R_EBP] = "RBP",
[R_ESP] = "RSP",
[8] = "R8",
[9] = "R9",
[10] = "R10",
[11] = "R11",
[12] = "R12",
[13] = "R13",
[14] = "R14",
[15] = "R15",
#else
[R_EAX] = "EAX",
[R_EBX] = "EBX",
[R_ECX] = "ECX",
[R_EDX] = "EDX",
[R_ESI] = "ESI",
[R_EDI] = "EDI",
[R_EBP] = "EBP",
[R_ESP] = "ESP",
#endif
};

#define CPU_NB_SEGS 6
static const char* const segs[CPU_NB_SEGS] = {
[R_ES] = "ES_BASE",
[R_CS] = "CS_BASE",
[R_SS] = "SS_BASE",
[R_DS] = "DS_BASE",
[R_FS] = "FS_BASE",
[R_GS] = "GS_BASE"
};

void HELPER(trace_newframe)(target_ulong pc)
{
qemu_trace_newframe(pc, 0);
}

void HELPER(trace_endframe)(CPUArchState *env, target_ulong old_pc, uint32_t size)
void HELPER(trace_endframe)(CPUArchState *env, target_ulong old_pc, target_ulong size)
{
//qemu_trace_endframe(env, env->eip - size, size);
qemu_trace_endframe(env, old_pc, size);
}

OperandInfo * load_store_reg(uint32_t reg, uint32_t val, int ls)
OperandInfo * load_store_reg(target_ulong reg, target_ulong val, int ls)
{
//fprintf(stderr, "load_store_reg: reg: (%s) 0x%d, val: 0x%08x, ls: %d\n", (reg < CPU_NB_REGS) ? regs[reg] : "EFLAGS", reg, val, ls);
RegOperand * ro = (RegOperand *)malloc(sizeof(RegOperand));
reg_operand__init(ro);
int isSeg = reg & (1 << SEG_BIT);
reg &= ~(1 << SEG_BIT);

char * reg_name = (char *)malloc(16);
const char* reg_name = NULL;
if (isSeg)
{
sprintf(reg_name, "R_%s", (reg < CPU_NB_SEGS) ? segs[reg] : "<UNDEF>");
reg_name = reg < CPU_NB_SEGS ? segs[reg] : "<UNDEF>";
} else {
sprintf(reg_name, "R_%s", (reg < CPU_NB_REGS) ? regs[reg] : "EFLAGS");
reg_name = reg < CPU_NB_REGS ? regs[reg] :
#ifdef TARGET_X86_64
"RFLAGS";
#else
"EFLAGS";
#endif
}
ro->name = reg_name;
ro->name = malloc(strlen(reg_name) + 1);
strcpy(ro->name, reg_name);

OperandInfoSpecific *ois = (OperandInfoSpecific *)malloc(sizeof(OperandInfoSpecific));
operand_info_specific__init(ois);
Expand All @@ -55,25 +97,25 @@ OperandInfo * load_store_reg(uint32_t reg, uint32_t val, int ls)
oi->bit_length = 0;
oi->operand_info_specific = ois;
oi->operand_usage = ou;
oi->value.len = 4;
oi->value.len = sizeof(val);
oi->value.data = malloc(oi->value.len);
memcpy(oi->value.data, &val, 4);
memcpy(oi->value.data, &val, sizeof(val));

return oi;
}

void HELPER(trace_load_reg)(uint32_t reg, uint32_t val)
void HELPER(trace_load_reg)(target_ulong reg, target_ulong val)
{
qemu_log("This register (r%d) was read. Value 0x%x\n", reg, val);
qemu_log("This register (r" TARGET_FMT_ld ") was read. Value 0x" TARGET_FMT_lx "\n", reg, val);

OperandInfo *oi = load_store_reg(reg, val, 0);

qemu_trace_add_operand(oi, 0x1);
}

void HELPER(trace_store_reg)(uint32_t reg, uint32_t val)
void HELPER(trace_store_reg)(target_ulong reg, target_ulong val)
{
qemu_log("This register (r%d) was written. Value: 0x%x\n", reg, val);
qemu_log("This register (r" TARGET_FMT_ld ") was written. Value: 0x" TARGET_FMT_lx "\n", reg, val);

OperandInfo *oi = load_store_reg(reg, val, 1);

Expand Down Expand Up @@ -102,7 +144,7 @@ void HELPER(trace_store_eflags)(CPUArchState *env)
qemu_trace_add_operand(oi, 0x2);
}

OperandInfo * load_store_mem(uint32_t addr, uint32_t val, int ls, int len)
OperandInfo * load_store_mem(target_ulong addr, target_ulong val, int ls, int len)
{
//fprintf(stderr, "load_store_mem: addr: 0x%08x, val: 0x%08x, ls: %d\n", addr, val, ls);
MemOperand * mo = (MemOperand *)malloc(sizeof(MemOperand));
Expand Down Expand Up @@ -134,20 +176,20 @@ OperandInfo * load_store_mem(uint32_t addr, uint32_t val, int ls, int len)
return oi;
}

void HELPER(trace_ld)(CPUArchState *env, uint32_t val, uint32_t addr)
void HELPER(trace_ld)(CPUArchState *env, target_ulong val, target_ulong addr)
{
qemu_log("This was a read 0x" TARGET_FMT_lx " addr:0x%x value:0x%x\n", env->eip, addr, val);
qemu_log("This was a read 0x" TARGET_FMT_lx " addr:0x" TARGET_FMT_lx " value:0x" TARGET_FMT_lx "\n", env->eip, addr, val);

OperandInfo *oi = load_store_mem(addr, val, 0, 4);
OperandInfo *oi = load_store_mem(addr, val, 0, sizeof(val));

qemu_trace_add_operand(oi, 0x1);
}

void HELPER(trace_st)(CPUArchState *env, uint32_t val, uint32_t addr)
void HELPER(trace_st)(CPUArchState *env, target_ulong val, target_ulong addr)
{
qemu_log("This was a store 0x" TARGET_FMT_lx " addr:0x%x value:0x%x\n", env->eip, addr, val);
qemu_log("This was a store 0x" TARGET_FMT_lx " addr:0x" TARGET_FMT_lx " value:0x" TARGET_FMT_lx "\n", env->eip, addr, val);

OperandInfo *oi = load_store_mem(addr, val, 1, 4);
OperandInfo *oi = load_store_mem(addr, val, 1, sizeof(val));

qemu_trace_add_operand(oi, 0x2);
}
Loading