Search Posts

Empty bochs instrument crash in linux, but not in mac

Empty bochs instrument crash in linux, but not in mac. My instrument code is nearly empty.

core dump:

(gdb) bt
#0  0x0000000002dd3af0 in log ()
#1  0x00007f3977535257 in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#2  0x00007f3977a204fb in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#3  0x00007f3977a2e24d in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#4  0x00007f3977543e2c in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#5  0x00007f39778164a9 in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#6  0x00007f39777f4618 in ?? () from /usr/lib/nvidia-331-updates/libnvidia-glcore.so.331.38
#7  0x00007f3978d939e9 in ?? () from /usr/lib/nvidia-331-updates/libGL.so.1
#8  0x00007f3978dc09d7 in ?? () from /usr/lib/nvidia-331-updates/libGL.so.1
#9  0x00007f3978dc4aac in ?? () from /usr/lib/nvidia-331-updates/libGL.so.1
#10 0x00007f3978dbbad1 in glXCreateContext () from /usr/lib/nvidia-331-updates/libGL.so.1
#11 0x00007f397f92d092 in X11_GL_InitExtensions (_this=0x40ea130) at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/x11/SDL_x11opengl.c:335
#12 X11_GL_LoadLibrary (_this=0x40ea130, path=<optimized out>) at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/x11/SDL_x11opengl.c:218
#13 0x00007f397f921be6 in SDL_GL_LoadLibrary_REAL (path=path@entry=0x0) at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/SDL_video.c:2398
#14 0x00007f397f92377c in SDL_CreateWindow_REAL (title=title@entry=0x7f397f945e3a "OpenGL test", x=x@entry=-32, y=y@entry=-32, w=w@entry=32, 
    h=h@entry=32, flags=flags@entry=10) at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/SDL_video.c:1237
#15 0x00007f397f923490 in ShouldUseTextureFramebuffer () at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/SDL_video.c:189
#16 SDL_VideoInit_REAL (driver_name=<optimized out>, driver_name@entry=0x0) at /build/buildd/libsdl2-2.0.2+dfsg1/src/video/SDL_video.c:503
#17 0x00007f397f88e4ff in SDL_InitSubSystem_REAL (flags=16416) at /build/buildd/libsdl2-2.0.2+dfsg1/src/SDL.c:173
#18 0x000000000052e2c1 in libsdl2_LTX_plugin_init ()
#19 0x0000000000450000 in load_and_init_display_lib() ()
#20 0x000000000045130d in bx_begin_simulation(int, char**) ()
#21 0x000000000052b3a1 in bx_config_interface(int) [clone .constprop.20] ()
#22 0x000000000052b465 in ci_callback(void*, ci_command_t) ()
#23 0x0000000000521491 in bx_real_sim_c::configuration_interface(char const*, ci_command_t) ()
#24 0x000000000044fdf8 in bxmain() ()
#25 0x00007f397ea93ec5 in __libc_start_main (main=0x44c7b0 <main>, argc=4, argv=0x7fffe418cfb8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffe418cfa8) at libc-start.c:287
#26 0x000000000044d083 in _start ()

configure:

CXXFLAGS=-O3 ./configure --prefix=/toolchain/ --enable-debugger --enable-disasm --disable-debugger-gui --with-rfb --disable-readline --with-sdl2 --enable-all-optimizations --enable-fpu --enable-show-ips --enable-instrumentation="instrument/gkd"

run by:

/toolchain/bin/bochs -q -f bochsrcSDL.bxrc

bochsrcSDL.bxrc:

###############################################################
# bochsrc.txt file for DLX Linux disk image.
###############################################################

# how much memory the emulated machine will have
megs: 32

# filename of ROM images
romimage: file=$BXSHARE/BIOS-bochs-latest
vgaromimage: file=$BXSHARE/VGABIOS-lgpl-latest

# what disk images will be used 
#floppya: 1_44=../bootimage, status=inserted
#floppyb: 1_44=floppyb.img, status=inserted

# hard disk
#ata0: enabled=1, ioaddr1=0x1f0, ioaddr2=0x3f0, irq=14
#ata0-master: type=disk, path="hd10meg.img", cylinders=306, heads=4, spt=17
ata0: enabled=1, ioaddr1=0x1f0, ioaddr2=0x3f0, irq=14
#ata0-master: type=disk, path="10mb.img", mode=flat, cylinders=20, heads=16, spt=63
ata0-master: type=disk, path="../hd.img", mode=flat, cylinders=40, heads=16, spt=63
#ata0-master: type=disk, path="../hd.img", mode=flat, cylinders=203, heads=16, spt=63	# 100MB
#ata0-master: type=disk, path="../harddisk", mode=flat, cylinders=2080, heads=16, spt=63   # 1GB

# choose the boot disk.
boot: c

#display_library: term
# other choices: win32 sdl wx carbon amigaos beos macintosh nogui rfb term svga
display_library: sdl2

# where do we send log messages?
log: bochsout.txt

# disable the mouse, since DLX is text only
mouse: enabled=0

# enable key mapping, using US layout as default.
#
# NOTE: In Bochs 1.4, keyboard mapping is only 100% implemented on X windows.
# However, the key mapping tables are used in the paste function, so 
# in the DLX Linux example I'm enabling keyboard_mapping so that paste 
# will work.  Cut&Paste is currently implemented on win32 and X windows only.

#keyboard_mapping: enabled=1, map=$BXSHARE/keymaps/x11-pc-us.map
#keyboard_mapping: enabled=1, map=$BXSHARE/keymaps/x11-pc-fr.map
#keyboard_mapping: enabled=1, map=$BXSHARE/keymaps/x11-pc-de.map
#keyboard_mapping: enabled=1, map=$BXSHARE/keymaps/x11-pc-es.map

magic_break: enabled=1

instrument.h:

/////////////////////////////////////////////////////////////////////////
// $Id: instrument.h 11908 2013-10-23 21:18:19Z sshwarts $
/////////////////////////////////////////////////////////////////////////
//
//   Copyright (c) 2006-2012 Stanislav Shwartsman
//          Written by Stanislav Shwartsman [sshwarts at sourceforge net]
//
//  This library is free software; you can redistribute it and/or
//  modify it under the terms of the GNU Lesser General Public
//  License as published by the Free Software Foundation; either
//  version 2 of the License, or (at your option) any later version.
//
//  This library is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//  Lesser General Public License for more details.
//
//  You should have received a copy of the GNU Lesser General Public
//  License along with this library; if not, write to the Free Software
//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA

#if BX_INSTRUMENTATION

class bxInstruction_c;

// define if you want to store instruction opcode bytes in bxInstruction_c
#define BX_INSTR_STORE_OPCODE_BYTES

void bx_instr_init_env(void);
void bx_instr_exit_env(void);
void bx_instr_initialize(unsigned cpu);

// maximum size of an instruction
#define MAX_OPCODE_LENGTH 16

// maximum physical addresses an instruction can generate
#define MAX_DATA_ACCESSES 1024

class bxInstrumentation {
public:

  bx_bool ready;          // is current instruction ready to be printed
  bx_bool active;

  unsigned cpu_id;

  /* decoding */
  unsigned opcode_length;
  Bit8u    opcode[MAX_OPCODE_LENGTH];
  bx_bool  is32, is64;

  /* memory accesses */
  unsigned num_data_accesses;
  struct {
    bx_address laddr;     // linear address
    bx_phy_address paddr; // physical address
    unsigned rw;          // BX_READ, BX_WRITE or BX_RW
    unsigned size;        // 1 .. 32
  } data_access[MAX_DATA_ACCESSES];

  /* branch resolution and target */
  bx_bool is_branch;
  bx_bool is_taken;
  bx_address target_linear;

public:
  bxInstrumentation(): ready(0), active(0) {}

  void set_cpu_id(unsigned cpu) { cpu_id = cpu; }

  void activate() { active = 1; }
  void deactivate() { active = 0; }
  void toggle_active() { active = !active; }
  bx_bool is_active() const { return active; }

  void bx_instr_reset(unsigned type);

  void bx_instr_cnear_branch_taken(bx_address branch_eip, bx_address new_eip);
  void bx_instr_cnear_branch_not_taken(bx_address branch_eip);
  void bx_instr_ucnear_branch(unsigned what, bx_address branch_eip, bx_address new_eip);
  void bx_instr_far_branch(unsigned what, Bit16u new_cs, bx_address new_eip);

  void bx_instr_before_execution(bxInstruction_c *i);
  void bx_instr_after_execution(bxInstruction_c *i);

  void bx_instr_interrupt(unsigned vector);
  void bx_instr_exception(unsigned vector, unsigned error_code);
  void bx_instr_hwinterrupt(unsigned vector, Bit16u cs, bx_address eip);

  void bx_instr_lin_access(bx_address lin, bx_phy_address phy, unsigned len, unsigned rw);

  void memorySampling(bx_phy_address);
  void jmpSampling(bx_address);
private:
  void branch_taken(bx_address new_eip);

  void bx_print_instruction(void);
};

void bx_instr_init(unsigned cpu);

extern bxInstrumentation *icpu;

/* initialization/deinitialization of instrumentalization*/
#define BX_INSTR_INIT_ENV() bx_instr_init_env()
#define BX_INSTR_EXIT_ENV() bx_instr_exit_env()

/* simulation init, shutdown, reset */
#define BX_INSTR_INITIALIZE(cpu_id)	 bx_instr_initialize(cpu_id)
#define BX_INSTR_EXIT(cpu_id)
#define BX_INSTR_RESET(cpu_id, type)     icpu[cpu_id].bx_instr_reset(type)
#define BX_INSTR_HLT(cpu_id)
#define BX_INSTR_MWAIT(cpu_id, addr, len, flags)

/* called from command line debugger */
#define BX_INSTR_DEBUG_PROMPT()
#define BX_INSTR_DEBUG_CMD(cmd)

/* branch resolution */
#define BX_INSTR_CNEAR_BRANCH_TAKEN(cpu_id, branch_eip, new_eip) icpu[cpu_id].bx_instr_cnear_branch_taken(branch_eip, new_eip)
#define BX_INSTR_CNEAR_BRANCH_NOT_TAKEN(cpu_id, branch_eip) icpu[cpu_id].bx_instr_cnear_branch_not_taken(branch_eip)
#define BX_INSTR_UCNEAR_BRANCH(cpu_id, what, branch_eip, new_eip) icpu[cpu_id].bx_instr_ucnear_branch(what, branch_eip, new_eip)
#define BX_INSTR_FAR_BRANCH(cpu_id, what, new_cs, new_eip) icpu[cpu_id].bx_instr_far_branch(what, new_cs, new_eip)

/* decoding completed */
#define BX_INSTR_OPCODE(cpu_id, i, opcode, len, is32, is64)

/* exceptional case and interrupt */
#define BX_INSTR_EXCEPTION(cpu_id, vector, error_code) \
                       icpu[cpu_id].bx_instr_exception(vector, error_code)

#define BX_INSTR_INTERRUPT(cpu_id, vector) icpu[cpu_id].bx_instr_interrupt(vector)
#define BX_INSTR_HWINTERRUPT(cpu_id, vector, cs, eip) icpu[cpu_id].bx_instr_hwinterrupt(vector, cs, eip)

/* TLB/CACHE control instruction executed */
#define BX_INSTR_CLFLUSH(cpu_id, laddr, paddr)
#define BX_INSTR_CACHE_CNTRL(cpu_id, what)
#define BX_INSTR_TLB_CNTRL(cpu_id, what, new_cr3)
#define BX_INSTR_PREFETCH_HINT(cpu_id, what, seg, offset)

/* execution */
#define BX_INSTR_BEFORE_EXECUTION(cpu_id, i) icpu[cpu_id].bx_instr_before_execution(i)
#define BX_INSTR_AFTER_EXECUTION(cpu_id, i) icpu[cpu_id].bx_instr_after_execution(i)
#define BX_INSTR_REPEAT_ITERATION(cpu_id, i)

/* memory access */
#define BX_INSTR_LIN_ACCESS(cpu_id, lin, phy, len, rw) \
                    icpu[cpu_id].bx_instr_lin_access(lin, phy, len, rw)

#define BX_INSTR_PHY_ACCESS(cpu_id, phy, len, rw)

/* feedback from device units */
#define BX_INSTR_INP(addr, len)
#define BX_INSTR_INP2(addr, len, val)
#define BX_INSTR_OUTP(addr, len, val)

/* wrmsr callback */
#define BX_INSTR_WRMSR(cpu_id, addr, value)

/* vmexit callback */
#define BX_INSTR_VMEXIT(cpu_id, reason, qualification)

#else // BX_INSTRUMENTATION

/* initialization/deinitialization of instrumentalization */
#define BX_INSTR_INIT_ENV()
#define BX_INSTR_EXIT_ENV()

/* simulation init, shutdown, reset */
#define BX_INSTR_INITIALIZE(cpu_id)
#define BX_INSTR_EXIT(cpu_id)
#define BX_INSTR_RESET(cpu_id, type)
#define BX_INSTR_HLT(cpu_id)
#define BX_INSTR_MWAIT(cpu_id, addr, len, flags)

/* called from command line debugger */
#define BX_INSTR_DEBUG_PROMPT()
#define BX_INSTR_DEBUG_CMD(cmd)

/* branch resolution */
#define BX_INSTR_CNEAR_BRANCH_TAKEN(cpu_id, branch_eip, new_eip)
#define BX_INSTR_CNEAR_BRANCH_NOT_TAKEN(cpu_id, branch_eip)
#define BX_INSTR_UCNEAR_BRANCH(cpu_id, what, branch_eip, new_eip)
#define BX_INSTR_FAR_BRANCH(cpu_id, what, new_cs, new_eip)

/* decoding completed */
#define BX_INSTR_OPCODE(cpu_id, i, opcode, len, is32, is64)

/* exceptional case and interrupt */
#define BX_INSTR_EXCEPTION(cpu_id, vector, error_code)
#define BX_INSTR_INTERRUPT(cpu_id, vector)
#define BX_INSTR_HWINTERRUPT(cpu_id, vector, cs, eip)

/* TLB/CACHE control instruction executed */
#define BX_INSTR_CLFLUSH(cpu_id, laddr, paddr)
#define BX_INSTR_CACHE_CNTRL(cpu_id, what)
#define BX_INSTR_TLB_CNTRL(cpu_id, what, new_cr3)
#define BX_INSTR_PREFETCH_HINT(cpu_id, what, seg, offset)

/* execution */
#define BX_INSTR_BEFORE_EXECUTION(cpu_id, i)
#define BX_INSTR_AFTER_EXECUTION(cpu_id, i)
#define BX_INSTR_REPEAT_ITERATION(cpu_id, i)

/* linear memory access */
#define BX_INSTR_LIN_ACCESS(cpu_id, lin, phy, len, rw)

/* physical memory access */
#define BX_INSTR_PHY_ACCESS(cpu_id, phy, len, rw)

/* feedback from device units */
#define BX_INSTR_INP(addr, len)
#define BX_INSTR_INP2(addr, len, val)
#define BX_INSTR_OUTP(addr, len, val)

/* wrmsr callback */
#define BX_INSTR_WRMSR(cpu_id, addr, value)

/* vmexit callback */
#define BX_INSTR_VMEXIT(cpu_id, reason, qualification)

#endif // BX_INSTRUMENTATION

instrument.cc:

/////////////////////////////////////////////////////////////////////////
// $Id: instrument.cc 11908 2013-10-23 21:18:19Z sshwarts $
/////////////////////////////////////////////////////////////////////////
//
//   Copyright (c) 2006-2012 Stanislav Shwartsman
//          Written by Stanislav Shwartsman [sshwarts at sourceforge net]
//
//  This library is free software; you can redistribute it and/or
//  modify it under the terms of the GNU Lesser General Public
//  License as published by the Free Software Foundation; either
//  version 2 of the License, or (at your option) any later version.
//
//  This library is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//  Lesser General Public License for more details.
//
//  You should have received a copy of the GNU Lesser General Public
//  License along with this library; if not, write to the Free Software
//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA

#include <assert.h>

#include "bochs.h"
#include "cpu/cpu.h"
#include "disasm/disasm.h"

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <netinet/tcp.h>
#include <fstream>
using namespace std;
#include <set>
using std::set;

#define GKD_INSTRUMENT_VERSION "20141215"

int memorySockfd;
int jmpSockfd;
int interruptSockfd;

int memoryPortNo = 1980;
int jmpPortNo = 1981;
int interruptPortNo = 1982;

int oslogPort = 0xffff;
char oslogFile[] = "os.log";
ofstream oslogStream(oslogFile, ios::app);

#define printHeader

bxInstrumentation *icpu = NULL;

static disassembler bx_disassembler;

#define MAX_SEND_BYTE 500
FILE *log;
unsigned int zonesFrom[MAX_SEND_BYTE];
unsigned int zonesTo[MAX_SEND_BYTE];
unsigned int zonesHit[MAX_SEND_BYTE];
unsigned int zonesTail = 0;
set<unsigned int> zonesHitAddress[MAX_SEND_BYTE];

bx_bool connectedToMemoryServer;
bx_bool connectedToJmpServer;
bx_bool connectedToInterruptServer;
bx_bool triedToContectToServer;

bx_address startRecordJumpAddress = 0x7c00;
bx_bool startRecordJump;

bx_address segmentBegin = startRecordJumpAddress;
bx_address segmentEnd;

void logPeterBochs(char *str) {
	fprintf(log, str);
	fflush(log);
}

void logPeterBochs(char *str1, char *str2, char *str3) {
	fprintf(log, str1);
	fprintf(log, str2);
	fprintf(log, str3);
	fflush(log);
}

void logPeterBochs(unsigned int x) {
	char temp[100];
	sprintf(temp, "%x\n", x);
	fprintf(log, temp);
	fflush(log);
}

void logPeterBochs(char *a, unsigned int x, char *b) {
	fprintf(log, a);
	char temp[100];
	sprintf(temp, "%u", x);
	fprintf(log, temp);
	fprintf(log, b);
	fflush(log);
}

unsigned int convert(unsigned char *inBuffer) {
	return inBuffer[3] + (inBuffer[2] << 8) + (inBuffer[1] << 16) + (inBuffer[0] << 24);
}

void safeRead(int socketFD, unsigned char *inBuffer, unsigned int size) {
	int noOfBytes = 0;
	while (noOfBytes != size) {
		noOfBytes += read(socketFD, inBuffer + noOfBytes, size - noOfBytes);
	}
}

void initMemorySocket() {
	/*
	oslogStream << "initMemorySocket" << endl;
	oslogStream.flush();
	memorySockfd = socket(AF_INET, SOCK_STREAM, 0);
	if (memorySockfd < 0) {
		//fprintf(stderr, "ERROR opening socket\n");
		fprintf(log, "Memory socket server : ERROR opening socket\n");
		return;
	}
	struct sockaddr_in serv_addr;
	struct hostent *server;
	server = gethostbyname("localhost");
	if (server == NULL) {
		//fprintf(stderr, "ERROR, no such host\n");
		fprintf(log, "Memory socket server : ERROR no such host\n");
	}
	bzero((char *) &serv_addr, sizeof(serv_addr));
	serv_addr.sin_family = AF_INET;
	bcopy((char *) server->h_addr, (char *) &serv_addr.sin_addr.s_addr, server->h_length);
	serv_addr.sin_port = htons(memoryPortNo);
	if (connect(memorySockfd, (const sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
		fprintf(log, "Memory socket server : ERROR connecting\n");
		connectedToMemoryServer = false;
	} else {
		fprintf(log, "Memory socket server : connected to server\n");
		connectedToMemoryServer = true;
	}

	int flag = 1;
	int ret = setsockopt(memorySockfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(flag));
	if (ret == -1) {
		fprintf(log, "memorySockfd couldn't setsockopt(TCP_NODELAY)\n");
	}
	fflush(log);
	oslogStream << "initMemorySocket2" << endl;
	oslogStream.flush();
	*/
}

void initJmpSocket() {
	/*
	jmpSockfd = socket(AF_INET, SOCK_STREAM, 0);
	if (jmpSockfd < 0) {
		fprintf(log, "Jmp socket server : ERROR opening socket\n");
		return;
	}
	struct sockaddr_in serv_addr;
	struct hostent *server;
	server = gethostbyname("localhost");
	if (server == NULL) {
		fprintf(log, "Jmp socket server : ERROR no such host\n");
	}
	bzero((char *) &serv_addr, sizeof(serv_addr));
	serv_addr.sin_family = AF_INET;
	bcopy((char *) server->h_addr, (char *) &serv_addr.sin_addr.s_addr, server->h_length);
	serv_addr.sin_port = htons(jmpPortNo);
	if (connect(jmpSockfd, (const sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
		fprintf(log, "Jmp socket server : ERROR connecting\n");
		connectedToJmpServer = false;
	} else {
		fprintf(log, "Jmp socket server : connected to server\n");
		connectedToJmpServer = true;
	}

	int flag = 1;
	int ret = setsockopt(jmpSockfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(flag));
	if (ret == -1) {
		fprintf(log, "jmpSockfd couldn't setsockopt(TCP_NODELAY)\n");
	}

	if (connectedToJmpServer) {

	}

	fflush(log);
	*/
}

void initInterruptSocket() {
	/*
	interruptSockfd = socket(AF_INET, SOCK_STREAM, 0);
	if (interruptSockfd < 0) {
		fprintf(log, "Interrupt socket server : ERROR opening socket\n");
		return;
	}
	struct sockaddr_in serv_addr;
	struct hostent *server;
	server = gethostbyname("localhost");
	if (server == NULL) {
		fprintf(log, "Interrupt socket server : ERROR no such host\n");
	}
	bzero((char *) &serv_addr, sizeof(serv_addr));
	serv_addr.sin_family = AF_INET;
	bcopy((char *) server->h_addr, (char *) &serv_addr.sin_addr.s_addr, server->h_length);
	serv_addr.sin_port = htons(interruptPortNo);
	if (connect(interruptSockfd, (const sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
		fprintf(log, "Interrupt socket server : ERROR connecting\n");
		connectedToInterruptServer = false;
	} else {
		fprintf(log, "Interrupt socket server : connected to server\n");
		connectedToInterruptServer = true;
	}

	int flag = 1;
	int ret = setsockopt(interruptSockfd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(flag));
	if (ret == -1) {
		fprintf(log, "interruptSockfd couldn't setsockopt(TCP_NODELAY)\n");
	}

	if (connectedToInterruptServer) {

	}

	fflush(log);
	*/
}

void bx_instr_init_env(void) {
}
void bx_instr_exit_env(void) {
}

void bx_instr_initialize(unsigned cpu) {
	/*
	assert(cpu < BX_SMP_PROCESSORS);

	if (icpu == NULL)
		icpu = new bxInstrumentation[BX_SMP_PROCESSORS];

	icpu[cpu].set_cpu_id(cpu);

	fprintf(stderr, "Initialize cpu %d\n", cpu);

	// GKD
	log = fopen("gkd.log", "a+");

	fprintf(stderr, "GKD instrument %s - Initialize cpu %d\n",
	GKD_INSTRUMENT_VERSION, cpu);

	if (connectedToMemoryServer) {
		for (int x = 0; x < MAX_SEND_BYTE; x++) {
			zonesFrom[x] = -1;
			zonesTo[x] = -1;
			zonesHit[x] = 0;
		}
	}
	*/
}

void bxInstrumentation::bx_instr_reset(unsigned type) {
	/*
	ready = is_branch = 0;
	num_data_accesses = 0;
	active = 1;
	*/
}

void bxInstrumentation::bx_print_instruction(void) {
	/*
	char disasm_tbuf[512];	// buffer for instruction disassembly
	bx_disassembler.disasm(is32, is64, 0, 0, opcode, disasm_tbuf);

	if (opcode_length != 0) {
		unsigned n;

		//fprintf(stderr, "----------------------------------------------------------\n");
		printf("CPU: %d: %s\n", cpu_id, disasm_tbuf);
		//fprintf(stderr, "LEN: %d\tBYTES: ", opcode_length);
		for (n = 0; n < opcode_length; n++) //fprintf(stderr, "%02x", opcode[n]);
			if (is_branch) {
				//fprintf(stderr, "\tBRANCH ");

				if (is_taken) {
					//fprintf(stderr, "TARGET " FMT_ADDRX " (TAKEN)", target_linear);
				} else {
					//fprintf(stderr, "(NOT TAKEN)");
				}
			}
		//fprintf(stderr, "\n");
		if (connectedToMemoryServer) {
			for (n = 0; n < num_data_accesses; n++) {
				fprintf(stderr, "MEM ACCESS[%u]: 0x" FMT_ADDRX " (linear) 0x" FMT_PHY_ADDRX " (physical) %s SIZE: %d\n", n,
				 data_access[n].laddr,
				 data_access[n].paddr,
				 data_access[n].op == BX_READ ? "RD":"WR",
				 data_access[n].size);

				//memorySampling(data_access[n].paddr, data_access[n].eip);
			}
		}

		//fprintf(stderr, "\n");
	}
	*/
}

void bxInstrumentation::bx_instr_before_execution(bxInstruction_c *i) {
	/*
	if (!active)
		return;

	if (ready)
		bx_print_instruction();

	if (!triedToContectToServer) {
		initMemorySocket();
		initJmpSocket();
		initInterruptSocket();
		triedToContectToServer = true;
	}

	// prepare instruction_t structure for new instruction
	ready = 1;
	num_data_accesses = 0;
	is_branch = 0;

	is32 = BX_CPU(cpu_id)->sregs[BX_SEG_REG_CS].cache.u.segment.d_b;
	is64 = BX_CPU(cpu_id)->long64_mode();
	opcode_length = i->ilen();
	memcpy(opcode, i->get_opcode_bytes(), opcode_length);

	bx_phy_address phyAddress = BX_CPU(cpu_id)->get_instruction_pointer();
	segmentEnd = phyAddress;
	if (phyAddress == startRecordJumpAddress) {
		startRecordJump = true;
	}
	*/
}

void bxInstrumentation::bx_instr_after_execution(bxInstruction_c *i) {
	/*
	if (!active)
		return;

	if (ready) {
		bx_print_instruction();
		ready = 0;
	}
	*/
}

void bxInstrumentation::branch_taken(bx_address new_eip) {
	/*
	if (!active || !ready)
		return;

	// find linear address
	bx_address laddr = BX_CPU(cpu_id)->get_laddr(BX_SEG_REG_CS, new_eip);

	is_branch = 1;
	is_taken = 1;
	target_linear = laddr;
	*/
	printf("branch_taken=%x\n",new_eip);
}

void bxInstrumentation::bx_instr_cnear_branch_taken(bx_address branch_eip, bx_address new_eip) {
	/*
	branch_taken(new_eip);
	if (connectedToJmpServer) {
		jmpSampling(new_eip);
	}
	*/
	printf("bx_instr_cnear_branch_taken=%x, %x\n",branch_eip, new_eip);
}

void bxInstrumentation::bx_instr_cnear_branch_not_taken(bx_address branch_eip) {
	/*
	if (!active || !ready)
		return;

	is_branch = 1;
	is_taken = 0;
	*/
	printf("bx_instr_cnear_branch_not_taken=%x\n",branch_eip);
}

void bxInstrumentation::bx_instr_ucnear_branch(unsigned what, bx_address branch_eip, bx_address new_eip) {
	/*
	branch_taken(new_eip);
	if (connectedToJmpServer) {
		jmpSampling(new_eip);
	}
	*/
	printf("bx_instr_ucnear_branch=%x, %x\n",branch_eip, new_eip);
}

void bxInstrumentation::bx_instr_far_branch(unsigned what, Bit16u new_cs, bx_address new_eip) {
	/*
	branch_taken(new_eip);
	if (connectedToJmpServer) {
		jmpSampling(new_eip);
	}
	*/
}

void bxInstrumentation::bx_instr_interrupt(unsigned vector) {
	/*
	if (active) {
		//fprintf(stderr, "CPU %u: interrupt %02xh\n", cpu_id, vector);
		if (connectedToInterruptServer) {
			write(interruptSockfd, &vector, sizeof(vector));
		}
	}
	*/
}

void bxInstrumentation::bx_instr_exception(unsigned vector, unsigned error_code) {
	if (active) {
		//fprintf(stderr, "CPU %u: exception %02xh error_code=%x\n", cpu_id, vector, error_code);
	}
}

void bxInstrumentation::bx_instr_hwinterrupt(unsigned vector, Bit16u cs, bx_address eip) {
	if (active) {
		//fprintf(stderr, "CPU %u: hardware interrupt %02xh\n", cpu_id, vector);
	}
}

void bxInstrumentation::bx_instr_lin_access(bx_address lin, bx_phy_address phy, unsigned len, unsigned rw) {
	/*
	if (!active || !ready)
		return;

	if (num_data_accesses >= MAX_DATA_ACCESSES) {
		return;
	}

	//bx_address lin = BX_CPU(cpu)->get_laddr(seg, offset);
	bx_bool page_valid = BX_CPU(cpu)->dbg_xlate_linear2phy(lin, &phy);
	phy = A20ADDR(phy);

	// If linear translation doesn't exist, a paging exception will occur.
	// Invalidate physical address data for now.
	if (!page_valid)
		phy = (bx_phy_address) (-1);

	data_access[num_data_accesses].laddr = lin;
	data_access[num_data_accesses].paddr = phy;
	data_access[num_data_accesses].rw = rw;
	data_access[num_data_accesses].size = len;

	num_data_accesses++;

	if (connectedToMemoryServer) {
		memorySampling(phy);
	}
	*/
}

unsigned int buffer[MAX_SEND_BYTE];
int pointer = 0;

void bxInstrumentation::memorySampling(bx_phy_address paddr) {
	/*
	if (!connectedToMemoryServer) {
		return;
	}
	buffer[pointer] = paddr;
	pointer++;

	// check zone
	for (int x = 0; x < zonesTail; x++) {
		if (zonesFrom[x] <= paddr && paddr <= zonesTo[x]) {
			zonesHit[x]++;
			zonesHitAddress[x].insert(paddr);
		}
	}
	// end check zone
	if (pointer == MAX_SEND_BYTE) {
		send(memorySockfd, (char *) buffer, MAX_SEND_BYTE * sizeof(unsigned int), 0);

		send(memorySockfd, &zonesTail, sizeof(unsigned int), 0);

		for (int x = 0; x < zonesTail; x++) {
			write(memorySockfd, &zonesFrom[x], sizeof(unsigned int));
			write(memorySockfd, &zonesTo[x], sizeof(unsigned int));
			write(memorySockfd, &zonesHit[x], sizeof(unsigned int));

			unsigned int size;
			if (zonesHitAddress[x].size() < 10) {
				size = zonesHitAddress[x].size();
			} else {
				size = 10;
			}

			//noOfZoneHitAddress
			write(memorySockfd, &size, sizeof(unsigned int));

			set<unsigned int>::iterator theIterator;
			int yy = 0;
			for (theIterator = zonesHitAddress[x].begin(); theIterator != zonesHitAddress[x].end() && yy < size; theIterator++) {
				write(memorySockfd, &*theIterator, sizeof(unsigned int));
				yy++;
			}
		}
		// end send zones back to GKD

		unsigned char inBuffer[10000];
		safeRead(memorySockfd, inBuffer, 1);

		if (inBuffer[0] == 2) {
			safeRead(memorySockfd, inBuffer, 4);

			unsigned int noOfData = convert(inBuffer);
			int readSize = noOfData * sizeof(unsigned int) * 2;

			safeRead(memorySockfd, inBuffer, readSize);

			int offset = 0;
			for (int x = 0; x < noOfData; x++) {
				unsigned int from = convert(&inBuffer[offset]);
				zonesFrom[x] = from;
				offset += 4;

				unsigned int to = convert(&inBuffer[offset]);
				zonesTo[x] = to;
				offset += 4;
			}
			zonesTail = noOfData;
		}
		pointer = 0;
	}
	*/
}

void bxInstrumentation::jmpSampling(bx_address new_eip) {
	/*
	if (connectedToJmpServer) {
		if (startRecordJump) {
			write(jmpSockfd, &new_eip, sizeof(bx_address));
			write(jmpSockfd, &new_eip, sizeof(bx_address));
			write(jmpSockfd, &segmentBegin, sizeof(segmentBegin));
			write(jmpSockfd, &segmentEnd, sizeof(segmentBegin));

			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_EAX].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_ECX].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_EDX].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_EBX].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_ESP].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_EBP].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_ESI].dword.erx, sizeof(Bit32u));
			write(jmpSockfd, &BX_CPU(0)->gen_reg[BX_32BIT_REG_EDI].dword.erx, sizeof(Bit32u));

			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_ES].selector.value, sizeof(Bit16u));
			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_CS].selector.value, sizeof(Bit16u));
			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_SS].selector.value, sizeof(Bit16u));
			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_DS].selector.value, sizeof(Bit16u));
			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_FS].selector.value, sizeof(Bit16u));
			write(jmpSockfd, &BX_CPU(0)->sregs[BX_SEG_REG_GS].selector.value, sizeof(Bit16u));

			segmentBegin = new_eip;
		}
	}
	*/
}

Leave a Reply

Your email address will not be published. Required fields are marked *