本文整理汇总了C++中BPatch类的典型用法代码示例。如果您正苦于以下问题:C++ BPatch类的具体用法?C++ BPatch怎么用?C++ BPatch使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了BPatch类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: main
int main (int argc, const char* argv[]) {
BPatch bpatch;
// argv[2] is muttee's file name, will be muttee's argv[0]
BPatch_process *proc = bpatch.processCreate(argv[2], argv + 2);
// Options to tune performance
char *s;
if ((s = getenv("SET_TRAMP_RECURSIVE")) && (strcmp(s, "true") == 0))
bpatch.setTrampRecursive(true);
if ((s = getenv("SET_SAVE_FPR")) && (strcmp(s, "false") == 0))
bpatch.setSaveFPR(false);
BPatch_object *ipa = proc->loadLibrary(argv[1]);
BPatch_image *image = proc->getImage();
std::vector<BPatch_function *> tracepoints, probes;
image->findFunction("do_stuff", tracepoints);
BPatch_function *tracepoint = tracepoints[0];
image->findFunction("tpbench_no_arg", probes);
BPatch_function *probe = probes[0];
std::vector<BPatch_snippet*> args;
BPatch_funcCallExpr call_probe(*probe, args);
proc->insertSnippet(call_probe, (tracepoint->findPoint(BPatch_exit))[0]);
proc->detach(true);
return 0;
}示例2: main
int main()
{
BPatch bpatch;
BPatch_process* appProc = bpatch.processCreate("/bin/ls", NULL);
BPatch_image* img = NULL;
img = appProc->getImage();
vector<BPatch_module*> *mdl = img->getModules();
vector<BPatch_module*>::iterator moduleIter = mdl->begin();
void* addr = (*moduleIter)->getBaseAddr();
printf("0x%x\n",addr);
return 0;
}示例3: defined
// static int mutatorTest(BPatch_thread *appThread, BPatch_image *appImage)
test_results_t test_stack_1_Mutator::executeTest() {
appProc->continueExecution();
static const frameInfo_t correct_frame_info[] = {
#if defined( os_linux_test ) && (defined( arch_x86_test ) || defined( arch_x86_64_test ))
{ true, true, BPatch_frameNormal, "_dl_sysinfo_int80" },
#endif
#if !defined(rs6000_ibm_aix4_1_test)
{ false, false, BPatch_frameNormal, NULL },
#endif
#if !defined(i386_unknown_nt4_0_test)
{ true, false, BPatch_frameNormal, "stop_process_" },
#endif
{ true, false, BPatch_frameNormal, "test_stack_1_func3" },
{ true, false, BPatch_frameNormal, "test_stack_1_func2" },
{ true, false, BPatch_frameNormal, "test_stack_1_func1" },
{ true, false, BPatch_frameNormal, "test_stack_1_mutateeTest" },
{ true, false, BPatch_frameNormal, "main" },
};
if (waitUntilStopped(bpatch, appProc, 1, "getCallStack") < 0) {
appProc->terminateExecution();
return FAILED;
}
if (checkStack(appThread,
correct_frame_info,
sizeof(correct_frame_info)/sizeof(frameInfo_t),
1, "getCallStack")) {
logerror("Passed test #1 (getCallStack)\n");
} else {
appProc->terminateExecution();
return FAILED;
}
appProc->continueExecution();
while (!appProc->isTerminated()) {
bpatch->waitForStatusChange();
}
return PASSED;
}示例4: main
int main (int argc, char **argv)
{
if(!parseOptions(argc,argv)) {
return EXIT_FAILURE;
}
BPatch bpatch;
BPatch_binaryEdit *appBin = bpatch.openBinary (originalBinary, !instrumentLibraries.empty());
if (appBin == NULL) {
cerr << "Failed to open binary" << endl;
return EXIT_FAILURE;
}
if (!appBin->loadLibrary (instLibrary)) {
cerr << "Failed to open instrumentation library." << endl;
cerr << "It needs to be located in the current working directory." << endl;
return EXIT_FAILURE;
}
BPatch_image *appImage = appBin->getImage ();
/* Find code coverage functions in the instrumentation library */
BPatch_function *initAflForkServer =
findFuncByName (appImage, (char *) "initAflForkServer");
BPatch_function *bbCallback =
findFuncByName (appImage, (char *) "bbCallback");
if (!initAflForkServer || !bbCallback ) {
cerr << "Instrumentation library lacks callbacks!" << endl;
return EXIT_FAILURE;
}
//get and iterate over all modules, instrumenting only the default and manualy specified ones
vector < BPatch_module * >*modules = appImage->getModules ();
vector < BPatch_module * >::iterator moduleIter;
BPatch_module *defaultModule = NULL;
string defaultModuleName;
for (moduleIter = modules->begin (); moduleIter != modules->end (); ++moduleIter) {
//find default module name
char moduleName[1024];
(*moduleIter)->getName (moduleName, 1024);
if (string (moduleName).find ("DEFAULT_MODULE") != string::npos) {
defaultModuleName = "DEFAULT_MODULE";
}
}
if(defaultModuleName.empty())
defaultModuleName = string(originalBinary).substr(string(originalBinary).find_last_of("\\/")+1);
int bbIndex = 0;
for (moduleIter = modules->begin (); moduleIter != modules->end (); ++moduleIter) {
char moduleName[1024];
(*moduleIter)->getName (moduleName, 1024);
if ((*moduleIter)->isSharedLib ()) {
if (instrumentLibraries.find (moduleName) == instrumentLibraries.end ()) {
cout << "Skipping library: " << moduleName << endl;
continue;
}
}
if (string (moduleName).find (defaultModuleName) != string::npos) {
defaultModule = (*moduleIter);
if(skipMainModule) continue;
}
cout << "Instrumenting module: " << moduleName << endl;
vector < BPatch_function * >*allFunctions =
(*moduleIter)->getProcedures ();
vector < BPatch_function * >::iterator funcIter;
// iterate over all functions in the module
for (funcIter = allFunctions->begin (); funcIter != allFunctions->end ();
++funcIter) {
BPatch_function *curFunc = *funcIter;
char funcName[1024];
curFunc->getName (funcName, 1024);
if(string (funcName) == string("_start")) continue; // here's a bug on hlt
insertBBCallback (appBin, curFunc, funcName, bbCallback, &bbIndex);
}
}
//if entrypoint set ,find function , else find _init
BPatch_function *funcToPatch = NULL;
if(!entryPoint) {
BPatch_Vector<BPatch_function*> funcs;
defaultModule->findFunction("_init", funcs);
if(!funcs.size()) {
cerr << "Couldn't locate _init, specify entry point manualy. "<< endl;
return EXIT_FAILURE;
}
// there should really be only one
funcToPatch = funcs[0];
} else {
funcToPatch = defaultModule->findFunctionByEntry(entryPoint);
}
if(!funcToPatch) {
cerr << "Couldn't locate function at given entry point. "<< endl;
return EXIT_FAILURE;
}
if(!insertCallToInit (appBin, initAflForkServer,defaultModule,funcToPatch)){
//.........这里部分代码省略.........
示例5: defined
// static int mutatorTest( BPatch_thread * appThread, BPatch_image * appImage ) {
test_results_t test_stack_3_Mutator::executeTest() {
bool passedTest;
BPatch::bpatch->setInstrStackFrames(true);
appProc->continueExecution();
static const frameInfo_t correct_frame_info[] = {
#if defined( os_linux_test ) && (defined( arch_x86_test ) || defined( arch_x86_64_test ))
{ true, true, BPatch_frameNormal, "_dl_sysinfo_int80" },
#endif
#if defined( os_aix_test ) && defined( arch_power_test )
/* AIX uses kill(), but the PC of a process in a syscall can
not be correctly determined, and appears to be the address
to which the syscall function will return. */
#elif defined( os_windows_test ) && (defined( arch_x86 ) || defined( arch_x86_64_test ))
/* Windows/x86 does not use kill(), so its lowermost frame will be
something unidentifiable in a system DLL. */
{ false, false, BPatch_frameNormal, NULL },
#else
{ true, false, BPatch_frameNormal, "kill" },
#endif
#if ! defined( os_windows_test )
/* Windows/x86's stop_process_() calls DebugBreak(); it's
apparently normal to lose this frame. */
{ true, false, BPatch_frameNormal, "stop_process_" },
#endif
{ true, false, BPatch_frameNormal, "test_stack_3_func3" },
{ true, false, BPatch_frameTrampoline, NULL },
/* On AIX and x86 (and others), if our instrumentation fires
before frame construction or after frame destruction, it's
acceptable to not report the function (since, after all, it
doesn't have a frame on the stack. */
{ true, true, BPatch_frameNormal, "test_stack_3_func2" },
{ true, false, BPatch_frameNormal, "test_stack_3_func1" },
{ true, false, BPatch_frameNormal, "test_stack_3_mutateeTest" },
{ true, false, BPatch_frameNormal, "main" }
};
/* Wait for the mutatee to stop in test_stack_3_func1(). */
if (waitUntilStopped( bpatch, appProc, 1, "getCallStack through instrumentation") < 0) {
appProc->terminateExecution();
return FAILED;
}
/* Instrument test_stack_3_func2() to call test_stack_3_func3(), which will trip another breakpoint. */
BPatch_Vector<BPatch_function *> instrumentedFunctions;
const char *fName = "test_stack_3_func2";
appImage->findFunction(fName, instrumentedFunctions );
if (instrumentedFunctions.size() != 1) {
// FIXME Print out a useful error message
logerror("**Failed** test_stack_3\n");
logerror(" Unable to find function '%s'\n", fName);
appProc->terminateExecution();
return FAILED;
}
BPatch_Vector<BPatch_point *> * functionEntryPoints = instrumentedFunctions[0]->findPoint( BPatch_entry );
if (functionEntryPoints->size() != 1) {
// FIXME Print out a useful error message
logerror("**Failed** test_stack_3\n");
logerror(" Unable to find entry point to function '%s'\n", fName);
appProc->terminateExecution();
return FAILED;
}
BPatch_Vector<BPatch_function *> calledFunctions;
const char *fName2 = "test_stack_3_func3";
appImage->findFunction(fName2, calledFunctions );
if (calledFunctions.size() != 1) {
//FIXME Print out a useful error message
logerror("**Failed** test_stack_3\n");
logerror(" Unable to find function '%s'\n", fName2);
appProc->terminateExecution();
return FAILED;
}
BPatch_Vector<BPatch_snippet *> functionArguments;
BPatch_funcCallExpr functionCall( * calledFunctions[0], functionArguments );
appProc->insertSnippet( functionCall, functionEntryPoints[0] );
/* Repeat for all three types of instpoints. */
BPatch_Vector<BPatch_point *> * functionCallPoints = instrumentedFunctions[0]->findPoint( BPatch_subroutine );
if (functionCallPoints->size() != 1) {
logerror("**Failed** test_stack_3\n");
logerror(" Unable to find subroutine call points in '%s'\n", fName);
appProc->terminateExecution();
return FAILED;
}
appProc->insertSnippet( functionCall, functionCallPoints[0] );
BPatch_Vector<BPatch_point *> * functionExitPoints = instrumentedFunctions[0]->findPoint( BPatch_exit );
if (functionExitPoints->size() != 1) {
logerror("**Failed** test_stack_3\n");
logerror(" Unable to find exit points in '%s'\n", fName);
appProc->terminateExecution();
return FAILED;
}
appProc->insertSnippet( functionCall, functionExitPoints[0] );
//.........这里部分代码省略.........
示例6: main
int main(int argc, char**argv)
{
if(argc != 3) {
printf("usage: %s orig_prog new_prog\n", argv[0]);
return 1;
}
char* file = argv[1];
char* newFile = argv[2];
bool ret;
eztrace_dyninst_register ("compute_", 1, 2);
eztrace_dyninst_register ("dist_", 3, 4);
eztrace_dyninst_register ("initialize_", 5, 6);
eztrace_dyninst_register ("timestamp_", 7, 8);
eztrace_dyninst_register ("update_", 9, 10);
if(!eztrace_dyninst_nb_function_to_register()) {
printf("0 functions instrumented\n");
return 1;
}
#ifdef CREATE_BINARY
//Create the BPatch_addressSpace and BPatch_binaryEdit
appBin = bpatch.openBinary(file, true);
if(!appBin) {
fprintf(stderr, "Cannot open %s\n", file);
return -1;
}
app = static_cast<BPatch_addressSpace *>(appBin);
if(! app->loadLibrary(LIB_EZTRACE_SO)) {
printf("Cannot load %s\n", LIB_EZTRACE_SO);
return 1;
}
#else
// run the program
BPatch_process *appProc = bpatch.processCreate(file, NULL);
if(!appProc) {
printf("Cannot load program %s\n", file);
}
if(! appProc->loadLibrary(LIB_EZTRACE_SO, true)) {
printf("Cannot load %s\n", LIB_EZTRACE_SO);
return 1;
}
app = static_cast<BPatch_addressSpace *>(appProc);
#endif
// Instrument all the specified functions
int nb_inst = eztrace_dyninst_instrument(app);
printf("%d functions instrumented\n", nb_inst);
if(! nb_inst)
return 1;
#ifdef CREATE_BINARY
if (appBin != NULL) {
//Write a new instrumented executable
appBin->writeFile(newFile);
} else {
fprintf(stderr, "cannot write %s\n", newFile);
return -1;
}
#else
appProc->continueExecution();
while(!appProc->isTerminated()) {
bpatch.waitForStatusChange();
}
#endif
return 0;
}示例7: FAIL_MES
// static bool mutatorTest3and4(int testno, const char *testname)
test_results_t test_thread_3_Mutator::executeTest() {
test3_threadCreateCounter = 0;
callback_tids.clear();
unsigned int timeout = 0; // in ms
int err = 0;
BPatchAsyncThreadEventCallback createcb = threadCreateCB;
if (!bpatch->registerThreadEventCallback(BPatch_threadCreateEvent, createcb))
{
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: failed to register thread callback\n",
__FILE__, __LINE__);
appThread->getProcess()->terminateExecution();
return FAILED;
}
#if 0
// unset mutateeIde to trigger thread (10) spawn.
int zero = 0;
// FIXME Check the return value of setVar()
setVar("mutateeIdle", (void *) &zero, TESTNO, TESTDESC);
dprintf("%s[%d]: continue execution for test %d\n", __FILE__, __LINE__, TESTNO);
appThread->continueExecution();
#endif
// wait until we have received the desired number of events
// (or timeout happens)
BPatch_Vector<BPatch_thread *> threads;
BPatch_process *appProc = appThread->getProcess();
assert(appProc);
appProc->getThreads(threads);
int active_threads = 11; // FIXME Magic number
threads.clear();
while (((test3_threadCreateCounter < TEST3_THREADS)
|| (active_threads > 1))
&& (timeout < TIMEOUT)) {
dprintf("%s[%d]: waiting for completion for test %d, num active threads = %d\n",
__FILE__, __LINE__, TESTNO, active_threads);
sleep_ms(SLEEP_INTERVAL/*ms*/);
timeout += SLEEP_INTERVAL;
if (appProc->isTerminated()) {
dprintf("%s[%d]: BAD NEWS: somehow the process died\n", __FILE__, __LINE__);
err = 1;
break;
}
bpatch->pollForStatusChange();
if (appProc->isStopped()) {
appProc->continueExecution();
}
appProc->getThreads(threads);
active_threads = threads.size();
threads.clear();
}
if (timeout >= TIMEOUT) {
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: test timed out. got %d/10 events\n", __FILE__, __LINE__, test3_threadCreateCounter);
logerror("test3_createCounter is %d, expected %d; active threads %d, expected %d\n",
test3_threadCreateCounter, TEST3_THREADS, active_threads, 1);
err = 1;
}
dprintf("%s[%d]: ending test %d, num active threads = %d\n",
__FILE__, __LINE__, TESTNO, active_threads);
dprintf("%s[%d]: stop execution for test %d\n", __FILE__, __LINE__, TESTNO);
appProc->stopExecution();
// read all tids from the mutatee and verify that we got them all
unsigned long mutatee_tids[TEST3_THREADS];
const char *threads_varname = "test4_threads";
getVar(threads_varname, (void *) mutatee_tids,
(sizeof(unsigned long) * TEST3_THREADS),
TESTNO, TESTDESC);
if (debugPrint()) {
dprintf("%s[%d]: read following tids for test%d from mutatee\n", __FILE__, __LINE__, TESTNO);
for (unsigned int i = 0; i < TEST3_THREADS; ++i) {
dprintf("\t%lu\n", mutatee_tids[i]);
}
}
for (unsigned int i = 0; i < TEST3_THREADS; ++i) {
bool found = false;
for (unsigned int j = 0; j < callback_tids.size(); ++j) {
if (callback_tids[j] == mutatee_tids[i]) {
found = true;
break;
}
}
if (!found) {
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: could not find record for tid %lu: have these:\n",
__FILE__, __LINE__, mutatee_tids[i]);
for (unsigned int j = 0; j < callback_tids.size(); ++j) {
logerror("%lu\n", callback_tids[j]);
//.........这里部分代码省略.........
示例8: dprintf
// static int mutatorTest(char *pathname, BPatch *bpatch)
test_results_t test1_41_Mutator::executeTest() {
unsigned int n=0;
const char *child_argv[5];
child_argv[n++] = pathname;
if (debugPrint) child_argv[n++] = const_cast<char*>("-verbose");
child_argv[n++] = const_cast<char*>("-run");
child_argv[n++] = const_cast<char*>("test1_41"); // run test41 in mutatee
child_argv[n++] = NULL;
int counts[iterations];
// Run the mutatee twice, querying line info each time & store the info
for (n = 0; n < iterations; n++) {
dprintf("Starting \"%s\"\n", pathname);
BPatch_process *proc = bpatch->processCreate(pathname, child_argv,
NULL);
if (!proc) {
logerror("*ERROR*: unable to create handle for executable\n", n);
logerror("**Failed** test #41 (repeated line information)\n");
return FAILED;
}
dprintf("Mutatee started, pid=%d\n", n, proc->getPid());
BPatch_image *image = proc->getImage();
if (!image) {
logerror("*ERROR*: unable to get image from thread\n");
logerror("**Failed** test #41 (repeated line information)\n");
return FAILED;
}
if (isMutateeFortran(image)) {
// This shouldn't happen..
proc->terminateExecution();
logerror("Skipped test #41 (repeated line information)\n");
return SKIPPED;
}
BPatch_module *module = image->findModule("test1_41_mutatee.c", true);
if (!module) {
module = image->findModule("solo_mutatee_boilerplate.c", true);
if (true) {
logerror("*ERROR*: unable to get module from image\n");
logerror("Looking for \"test1_41_solo_me.c\" or \"solo_mutatee_boilerplate.c\". Available modules:\n");
BPatch_Vector<BPatch_module *> *mods = image->getModules();
char buffer[512];
for (unsigned i = 0; i < mods->size(); i++) {
BPatch_module *mod = (*mods)[i];
char name[512];
mod->getName(name, 512);
sprintf(buffer, "\t%s\n",
name);
logerror(buffer);
}
}
}
if (!module) {
fprintf(stderr, "%s[%d]: could not find module solo_mutatee_boilerplate.c\n", FILE__, __LINE__);
// First try again for 'test1_41_solo_me.c'
module = image->findModule("test1_41_solo_me.c", true);
if (!module) {
logerror("*ERROR*: unable to get module from image\n");
logerror("Looking for \"test1_41_solo_me.c\" or \"solo_mutatee_boilerplate.c\". Available modules:\n");
BPatch_Vector<BPatch_module *> *mods = image->getModules();
char buffer[512];
for (unsigned i = 0; i < mods->size(); i++) {
BPatch_module *mod = (*mods)[i];
char name[512];
mod->getName(name, 512);
sprintf(buffer, "\t%s\n",
name);
logerror(buffer);
}
logerror("**Failed** test #41 (repeated line information)\n");
return FAILED;
}
}
char buffer[16384]; // FIXME ugly magic number; No module name should be that long..
module->getName(buffer, sizeof(buffer));
BPatch_Vector<BPatch_statement> statements;
bool res = module->getStatements(statements);
if (!res) {
fprintf(stderr, "%s[%d]: getStatements()\n", __FILE__, __LINE__);
return FAILED;
}
counts[n] = statements.size();
dprintf("Trial %d: found %d statements\n", n, statements.size());
proc->terminateExecution();
}
// Make sure we got the same info each time we ran the mutatee
int last_count = -1;
for (int i = 0; i < iterations; i++) {
if ((last_count >= 0) && (last_count != counts[i])) {
//.........这里部分代码省略.........
示例9: main
int main(int argc, const char *argv[]) {
// Use BPatch_* classes to initialize
BPatch bpatch;
BPatch_binaryEdit* app = bpatch.openBinary("mutatee/c");
BPatch_image* image = app->getImage();
BPatch_Vector<BPatch_function *> found_funcs;
app->loadLibrary("mutatee/liblib.so");
found_funcs.clear();
image->findFunction("foo3", found_funcs);
Function* foo3_func = found_funcs[0]->getParseAPIFunc();
// Here we go, create PatchAPI objects!
vector<AddressSpace*> addrSpaces;
app->getAS(addrSpaces);
mapped_object* obj = addrSpaces[0]->getAOut();
DynAddrSpacePtr as = DynAddrSpace::create(obj);
PatchMgrPtr mgr = PatchMgr::create(as);
mapped_object* lib_obj = addrSpaces[1]->getAOut();
as->loadLibrary(lib_obj);
// Find Points
PatchFunction* foo3 = lib_obj->getFunc(foo3_func);
const vector<PatchBlock*>& blks = foo3->getCallBlocks();
for (int i = 0; i < blks.size(); i++) {
vector<Point*> func_points;
mgr->findPoints(blks[i], Point::PreInsn|Point::PostInsn, inserter(func_points, func_points.begin()));
cerr << std::hex << blks[i]->start() << "--" << func_points.size() << " points found\n";
}
/*
vector<Point*> pts;
mgr->findPoints(foo3, Point::FuncExit, inserter(pts, pts.begin()));
cerr << pts.size() << " exit points found\n";
const vector<PatchBlock*>& blks2 = foo3->getExitBlocks();
cerr << blks2.size() << " exit blocks\n";
// Insert snippets
BPatch_variableExpr *intCounter = app->malloc(*image->findType("int"));
BPatch_arithExpr addOne(BPatch_assign, *intCounter,
BPatch_arithExpr(BPatch_plus, *intCounter, BPatch_constExpr(1)));
BPatch_arithExpr addTwo(BPatch_assign, *intCounter,
BPatch_arithExpr(BPatch_plus, *intCounter, BPatch_constExpr(2)));
BPatch_arithExpr addThree(BPatch_assign, *intCounter,
BPatch_arithExpr(BPatch_plus, *intCounter, BPatch_constExpr(3)));
BPatch_arithExpr addFour(BPatch_assign, *intCounter,
BPatch_arithExpr(BPatch_plus, *intCounter, BPatch_constExpr(4)));
SnippetRep<AstNodePtr> one(addOne.ast_wrapper);
SnippetRep<AstNodePtr> two(addTwo.ast_wrapper);
SnippetRep<AstNodePtr> three(addThree.ast_wrapper);
SnippetRep<AstNodePtr> four(addFour.ast_wrapper);
SnippetPtr snippet = Snippet::create(&one);
SnippetPtr snippet1 = Snippet::create(&two);
SnippetPtr snippet2 = Snippet::create(&three);
SnippetPtr snippet3 = Snippet::create(&four);
vector<InstancePtr> errorInstances;
mgr->batchStart();
func_points[0]->push_back(snippet);
mgr->batchFinish(errorInstances);
*/
}示例10: main
int main(int argc, char *argv[], char* envp[])
{
if (argc < 2) {
fprintf(stderr, "Usage: %s prog_filename prog_aruments\n", argv[0]);
return 3;
}
#if 0
if (strcmp(argv[1], "prog") != 0 && strcmp(argv[1], "all"))
{
fprintf(stderr, "Options for patch selection are 'progonly' or 'all'\n");
return 3;
}
#endif
int patchall = 0; //strcmp(argv[1], "all") != 0;
// Create process
BPatch_process *appProc = bpatch.processCreate(argv[1], (const char**) &(argv[1]));
// Load pthread into the process...
appProc->loadLibrary("libpthread.so.0");
// Get the process image
BPatch_image *appImage = appProc->getImage();
// Find all the instrumentable procedures
BPatch_Vector<BPatch_function*> *functions = appImage->getProcedures();
/*************************************************************************
* General function search *
*************************************************************************/
// Find the printf function
BPatch_Vector<BPatch_function*> printfFuncs;
appImage->findFunction("printf", printfFuncs);
if (printfFuncs.size() == 0)
appImage->findFunction("_printf", printfFuncs);
if (printfFuncs.size() == 0)
appImage->findFunction("__printf", printfFuncs);
if(printfFuncs.size() == 0)
{
fprintf(stderr, "Could not find printf() function");
return 2;
}
// Find the exit function
BPatch_Vector<BPatch_function*> exitFuncs;
appImage->findFunction("exit", exitFuncs);
if (exitFuncs.size() == 0)
appImage->findFunction("_exit", exitFuncs);
if (exitFuncs.size() == 0)
appImage->findFunction("__exit", exitFuncs);
if(exitFuncs.size() == 0)
{
fprintf(stderr, "Could not find exit() function");
return 2;
}
// Find the perror function
BPatch_Vector<BPatch_function*> perrorFuncs;
appImage->findFunction("perror", perrorFuncs);
if (perrorFuncs.size() == 0)
appImage->findFunction("_perror", perrorFuncs);
if (perrorFuncs.size() == 0)
appImage->findFunction("__perror", perrorFuncs);
if(perrorFuncs.size() == 0)
{
fprintf(stderr, "Could not find perror() function");
return 2;
}
BPatch_Vector<BPatch_snippet*> mainEntryBlock;
/************************************************************************
* Error exit call *
************************************************************************/
BPatch_Vector<BPatch_snippet*> exitArgs;
BPatch_constExpr exitCode(-2);
exitArgs.push_back(&exitCode);
// Open call
BPatch_funcCallExpr exitOnErrorCall(*exitFuncs[0], exitArgs);
/************************************************************************
* Open imitate device patch *
* **********************************************************************/
// Find main()
BPatch_Vector<BPatch_function*> mainFunctions;
appImage->findFunction("main", mainFunctions);
if (mainFunctions.size() == 0)
appImage->findFunction("_main", mainFunctions);
if (mainFunctions.size() == 0)
appImage->findFunction("__main", mainFunctions);
//.........这里部分代码省略.........
示例11: defined
// static int mutatorTest(BPatch_thread *appThread, BPatch_image *appImage)
test_results_t test_callback_2_Mutator::executeTest()
{
// a simple single threaded user messagin scenario where we want to send
// async messages at function entry/exit and call points.
// load libtest12.so -- currently only used by subtest 5, but make it generally
// available
const char *libname = "./libTest12.so";
test7err = false;
test7done = false;
callback_counter = 0;
elog.resize(0);
#if defined(arch_x86_64_test)
if (appProc->getAddressWidth() == 4)
libname = "./libTest12_m32.so";
#endif
dprintf("%s[%d]: loading test library: %s\n", __FILE__, __LINE__, libname);
if (!appProc->loadLibrary(libname))
{
logerror("%s[%d]: failed to load library %s, cannot proceed\n",
__FILE__, __LINE__, libname);
appProc->terminateExecution();
return FAILED;
}
dprintf("%s[%d]: loaded test library: %s\n", __FILE__, __LINE__, libname);
BPatchUserEventCallback cb = test7cb;
if (!bpatch->registerUserEventCallback(cb))
{
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: could not register callback\n", __FILE__, __LINE__);
appProc->terminateExecution();
return FAILED;
}
// instrument entry and exit of call7_1, as well as call points inside call7_1
const char *call1name = "test_callback_2_call1";
BPatch_function *call7_1 = findFunction(call1name, appImage,TESTNO, TESTNAME);
BPatch_point *entry = findPoint(call7_1, BPatch_entry,TESTNO, TESTNAME);
if (NULL == entry)
{
logerror("%s[%d]: Unable to find entry point to function %s\n",
__FILE__, __LINE__, call1name);
bpatch->removeUserEventCallback(test7cb);
appProc->terminateExecution();
return FAILED;
}
BPatch_point *exit = findPoint(call7_1, BPatch_exit,TESTNO, TESTNAME);
if (NULL == entry)
{
logerror("%s[%d]: Unable to find exit point to function %s\n",
__FILE__, __LINE__, call1name);
bpatch->removeUserEventCallback(test7cb);
appProc->terminateExecution();
return FAILED;
}
BPatch_point *callsite = findPoint(call7_1, BPatch_subroutine,TESTNO, TESTNAME);
if (NULL == callsite)
{
logerror("%s[%d]: Unable to find subroutine call point in function %s\n",
__FILE__, __LINE__, call1name);
bpatch->removeUserEventCallback(test7cb);
appProc->terminateExecution();
return FAILED;
}
// These are our asynchronous message functions (in libTest12) that we
// attach to the "interesting" points
BPatch_function *reportEntry = findFunction("reportEntry", appImage,TESTNO, TESTNAME);
BPatch_function *reportExit = findFunction("reportExit", appImage,TESTNO, TESTNAME);
BPatch_function *reportCallsite = findFunction("reportCallsite", appImage,TESTNO, TESTNAME);
if (!reportEntry)
{
logerror("%s[%d]: reportEntry = NULL\n", FILE__, __LINE__);
bpatch->removeUserEventCallback(test7cb);
appProc->terminateExecution();
return FAILED;
}
if (!reportExit)
{
logerror("%s[%d]: reportExit = NULL\n", FILE__, __LINE__);
bpatch->removeUserEventCallback(test7cb);
appProc->terminateExecution();
return FAILED;
}
//.........这里部分代码省略.........
示例12: main
int main(int argc, char* argv[])
{
//open a file, output the mapping from id to addresses to it
FILE * pFile;
pFile=fopen(argv[3],"w");
if(pFile==NULL)perror("Error opening file.\n");
fprintf(pFile,"shortID\tfullID\tentryAddr\texitAddr\n");
//open argv[1]
BPatch bpatch;
BPatch_binaryEdit *binedit=bpatch.openBinary(argv[1]);
BPatch_image *appImage=binedit->getImage();
std::vector<BPatch_function *> *funcs_ptr;
funcs_ptr=appImage->getProcedures();
std::vector<BPatch_function *> funcs=*funcs_ptr;
//open libc and find printf
std::vector<BPatch_function *> printfFuncs;
BPatch_binaryEdit *binedit_libc=bpatch.openBinary("/lib/libc.so.6");
BPatch_image *appImage_libc=binedit_libc->getImage();
appImage_libc->findFunction("printf",printfFuncs);
//all points
std::vector<BPatch_point *> * points=new std::vector<BPatch_point *>;
//create a buf and a index
BPatch_type *typeShort=appImage_libc->findType("unsigned short");
BPatch_type *typeUL=appImage_libc->findType("unsigned long");
//std::string bufname=std::string("buf");
//BPatch_variableExpr *bufExpr=binedit->malloc(65536,bufname);
//BPatch_snippet *basePtr=new BPatch_constExpr(bufExpr->getBaseAddr());
BPatch_variableExpr *index=binedit->malloc(*typeShort);
index=binedit->createVariable(std::string("index"),(Dyninst::Address)index->getBaseAddr(),typeShort);
unsigned short indexIni=0;
index->writeValue(&indexIni);
BPatch_variableExpr *basePtr=binedit->malloc(*typeUL);
index=binedit->createVariable(std::string("basePtr"),(Dyninst::Address)basePtr->getBaseAddr(),typeUL);
BPatch_snippet* basePtrAddr=new BPatch_constExpr(basePtr->getBaseAddr());
//open PtrDeref
BPatch_binaryEdit *binedit_PtrDeref=bpatch.openBinary("/usr/lib/libPtrDeref.so");
BPatch_image *appImage_PtrDeref=binedit_PtrDeref->getImage();
std::vector<BPatch_function *> RegSig;
appImage_PtrDeref->findFunction("shm_sig",RegSig);
std::vector<BPatch_snippet *> RegSigArgs;
RegSigArgs.push_back(basePtrAddr);
BPatch_funcCallExpr RegSigCall(*(RegSig[0]),RegSigArgs);
std::vector<BPatch_function *> stoplogger;
appImage_PtrDeref->findFunction("stoplogger",stoplogger);
std::vector<BPatch_snippet *> stoploggerArgs;
BPatch_funcCallExpr stoploggerCall(*(stoplogger[0]),stoploggerArgs);
printf("begin inserting to start...\n");
//find _start function and insert
std::vector<BPatch_function *> startFuncs;
appImage->findFunction("_start",startFuncs);
std::vector<BPatch_point *> *startPoints=new std::vector<BPatch_point *>;
startPoints=startFuncs[0]->findPoint(BPatch_entry);
binedit->insertSnippet(BPatch_arithExpr(BPatch_assign,*basePtr,RegSigCall),startPoints[0]);
//find fini function and insert
std::vector<BPatch_function *> finiFuncs;
appImage->findFunction("_fini",finiFuncs);
std::vector<BPatch_point *> *finiPoints=new std::vector<BPatch_point *>;
finiPoints=finiFuncs[0]->findPoint(BPatch_exit);
binedit->insertSnippet(stoploggerCall,finiPoints[0]);
unsigned int mod=65535;
unsigned int id=0;
for(std::vector<BPatch_function *>::iterator fi=funcs.begin();
fi!=funcs.end();fi++)
{
BPatch_flowGraph *fg=(*fi)->getCFG();
std::set<BPatch_basicBlock *> blocks;
fg->getAllBasicBlocks(blocks);
std::set<BPatch_basicBlock *>::iterator block_iter;
for(block_iter=blocks.begin();block_iter!=blocks.end();++block_iter)
{
BPatch_basicBlock *block=*block_iter;
BPatch_point *entry_point=NULL;
unsigned long blockstart=0;
unsigned long blockend=0;
unsigned short partial_id=65534;
if(block!=NULL)
{
entry_point=block->findEntryPoint();
blockstart=block->getStartAddress();
blockend=block->getEndAddress();
partial_id=id%mod+1;
fprintf(pFile,"%u\t%u\t%p\t%p\n",partial_id,id,blockstart,blockend);
id++;
}
void *entryAddr=NULL;
if(entry_point!=NULL)
{
entryAddr=entry_point->getAddress();
points->push_back(entry_point);
//.........这里部分代码省略.........
示例13: FAIL_MES
// static bool mutatorTest3and4(int testno, const char *testname)
test_results_t test_thread_2_Mutator::executeTest() {
test3_threadCreateCounter = 0;
callback_tids.clear();
BPatchAsyncThreadEventCallback createcb = threadCreateCB;
if (!bpatch->registerThreadEventCallback(BPatch_threadCreateEvent, createcb))
{
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: failed to register thread callback\n",
__FILE__, __LINE__);
appThread->getProcess()->terminateExecution();
return FAILED;
}
#if 0
// unset mutateeIde to trigger thread (10) spawn.
int zero = 0;
// FIXME Check the return code for setVar
setVar("mutateeIdle", (void *) &zero, TESTNO, TESTDESC);
dprintf("%s[%d]: continue execution for test %d\n", __FILE__, __LINE__, TESTNO);
appThread->continueExecution();
#endif
if( !appProc->continueExecution() ) {
logerror("%s[%d]: failed to continue process\n", FILE__, __LINE__);
appProc->terminateExecution();
return FAILED;
}
// wait until we have received the desired number of events
int err = 0;
BPatch_Vector<BPatch_thread *> threads;
BPatch_process *appProc = appThread->getProcess();
assert(appProc);
appProc->getThreads(threads);
int active_threads = 11; // FIXME Magic number
threads.clear();
while (((test3_threadCreateCounter < TEST3_THREADS)
|| (active_threads > 1)) && !appProc->isTerminated() ) {
dprintf("%s[%d]: waiting for completion for test; ((%d < %d) || (%d > 1)) && !(%d)\n",
__FILE__, __LINE__, test3_threadCreateCounter, TEST3_THREADS,
active_threads, 1, appProc->isTerminated());
if( !bpatch->waitForStatusChange() ) {
logerror("%s[%d]: failed to wait for events\n", __FILE__, __LINE__);
err = 1;
break;
}
appProc->getThreads(threads);
active_threads = threads.size();
threads.clear();
}
if( appProc->isTerminated() ) {
logerror("%s[%d]: BAD NEWS: somehow the process died\n", __FILE__, __LINE__);
return FAILED;
}
dprintf("%s[%d]: ending test %d, num active threads = %d\n",
__FILE__, __LINE__, TESTNO, active_threads);
dprintf("%s[%d]: stop execution for test %d\n", __FILE__, __LINE__, TESTNO);
appProc->stopExecution();
// read all tids from the mutatee and verify that we got them all
unsigned long mutatee_tids[TEST3_THREADS];
const char *threads_varname = "test3_threads";
if (getVar(threads_varname, (void *) mutatee_tids,
(sizeof(unsigned long) * TEST3_THREADS),
TESTNO, TESTDESC)) {
appProc->terminateExecution();
return FAILED;
}
if (debugPrint()) {
dprintf("%s[%d]: read following tids for test%d from mutatee\n", __FILE__, __LINE__, TESTNO);
for (unsigned int i = 0; i < TEST3_THREADS; ++i) {
dprintf("\t%lu\n", mutatee_tids[i]);
}
}
for (unsigned int i = 0; i < TEST3_THREADS; ++i) {
bool found = false;
for (unsigned int j = 0; j < callback_tids.size(); ++j) {
if (callback_tids[j] == mutatee_tids[i]) {
found = true;
break;
}
}
if (!found) {
FAIL_MES(TESTNAME, TESTDESC);
logerror("%s[%d]: could not find record for tid %lu: have these:\n",
__FILE__, __LINE__, mutatee_tids[i]);
for (unsigned int j = 0; j < callback_tids.size(); ++j) {
logerror("%lu\n", callback_tids[j]);
}
err = 1;
//.........这里部分代码省略.........
示例14: main
int main(int argc, char **argv) {
if (argc < 3 || strncmp(argv[1], "-h", 2) == 0 || strncmp(argv[1], "--h", 3) == 0) {
cout << "Usage: " << argv[0] << USAGE;
return false;
}
if (!parseOptions(argc, argv)) {
return EXIT_FAILURE;
}
if (do_bb == true) {
if (DYNINST_MAJOR_VERSION < 9 || (DYNINST_MAJOR_VERSION == 9 && DYNINST_MINOR_VERSION < 3) || (DYNINST_MAJOR_VERSION == 9 && DYNINST_MINOR_VERSION == 3 && DYNINST_PATCH_VERSION <= 2)) {
if (dynfix == false)
fprintf(stderr, "Warning: your dyninst version does not include a critical fix, you should use the -f option!\n");
} else {
if (dynfix == true)
fprintf(stderr, "Notice: your dyninst version is fixed, the -f option should not be necessary.\n");
}
}
BPatch bpatch;
BPatch_binaryEdit *appBin = bpatch.openBinary(originalBinary, instrumentLibraries.size() != 1);
if (appBin == NULL) {
cerr << "Failed to open binary" << endl;
return EXIT_FAILURE;
}
BPatch_image *appImage = appBin->getImage();
//get and iterate over all modules, instrumenting only the default and manually specified ones
vector < BPatch_module * >*modules = appImage->getModules();
vector < BPatch_module * >::iterator moduleIter;
vector < BPatch_function * >*funcsInModule;
BPatch_module *defaultModule = NULL;
string defaultModuleName;
// look for _init
if (defaultModuleName.empty()) {
for (moduleIter = modules->begin(); moduleIter != modules->end(); ++moduleIter) {
funcsInModule = (*moduleIter)->getProcedures();
vector < BPatch_function * >::iterator funcsIterator;
for (funcsIterator = funcsInModule->begin(); funcsIterator != funcsInModule->end(); ++funcsIterator) {
char funcName[1024];
(*funcsIterator)->getName(funcName, 1024);
if (string(funcName) == string("_init")) {
char moduleName[1024];
(*moduleIter)->getName(moduleName, 1024);
defaultModuleName = string(moduleName);
if (verbose) {
cout << "Found _init in " << moduleName << endl;
}
break;
}
}
if (!defaultModuleName.empty())
break;
}
}
// last resort, by name of the binary
if (defaultModuleName.empty())
defaultModuleName = string(originalBinary).substr(string(originalBinary).find_last_of("\\/") + 1);
if (!appBin->loadLibrary(instLibrary)) {
cerr << "Failed to open instrumentation library " << instLibrary << endl;
cerr << "It needs to be located in the current working directory." << endl;
return EXIT_FAILURE;
}
appImage = appBin->getImage();
/* Find code coverage functions in the instrumentation library */
BPatch_function *initAflForkServer;
save_rdi = findFuncByName(appImage, (char *) "save_rdi");
restore_rdi = findFuncByName(appImage, (char *) "restore_rdi");
BPatch_function *bbCallback = findFuncByName(appImage, (char *) "bbCallback");
BPatch_function *forceCleanExit = findFuncByName(appImage, (char *) "forceCleanExit");
if (do_bb == true)
initAflForkServer = findFuncByName(appImage, (char *) "initAflForkServer");
else
initAflForkServer = findFuncByName(appImage, (char *) "initOnlyAflForkServer");
if (!initAflForkServer || !bbCallback || !save_rdi || !restore_rdi || !forceCleanExit) {
cerr << "Instrumentation library lacks callbacks!" << endl;
return EXIT_FAILURE;
}
int bbIndex = 0;
// instrument all shared libraries:
for (moduleIter = modules->begin(); moduleIter != modules->end(); ++moduleIter) {
char moduleName[1024];
(*moduleIter)->getName(moduleName, 1024);
if ((*moduleIter)->isSharedLib()) {
if (instrumentLibraries.find(moduleName) == instrumentLibraries.end()) {
//.........这里部分代码省略.........
示例15: mutatorTest
test_results_t test_fork_8_Mutator::executeTest() {
// Initialize global variables
parentDone = false;
childDone = false;
passedTest = true;
parentThread = NULL;
childThread = NULL;
msgid = -1;
// Register callbacks
bpatch->registerPostForkCallback(postForkFunc);
bpatch->registerExitCallback(exitFunc);
bool passed = mutatorTest(bpatch, appThread);
// Remove callbacks upon test completion
bpatch->registerPostForkCallback(NULL);
bpatch->registerExitCallback(NULL);
showFinalResults(passed, 4);
if ( passed )
return PASSED;
else
return FAILED;
}