-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathbpt_events.hpp
160 lines (137 loc) · 4.31 KB
/
bpt_events.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#ifndef BPT_EVENTS_HPP
#define BTP_EVENTS_HPP
#include <vector>
#include <string>
#include <boost/shared_ptr.hpp>
#include <pin.H>
#include "bpt_fwd.hpp"
namespace bpt {
struct event {
void accept(visitor&);
virtual ~event();
virtual std::ostream& operator<<(std::ostream&) const = 0;
private:
virtual void do_accept(visitor&) const = 0;
};
std::ostream& operator<<(std::ostream&, const event&);
struct operation_event : event {
operation_event(const char*, OPCODE, ADDRINT, UINT32, THREADID);
OPCODE opcode() const;
ADDRINT addr() const;
THREADID tid() const;
std::string name() const;
const bytes_type& bytes() const;
const char* disasm() const;
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
struct impl;
boost::shared_ptr<impl> pimpl;
};
struct register_event : event {
register_event(OPCODE, REG, const CONTEXT*);
const bytes_type& bytes() const;
std::size_t width() const;
std::string name() const;
OPCODE opcode() const;
private:
struct impl;
boost::shared_ptr<impl> pimpl;
};
struct memory_event : event {
memory_event(ADDRINT addr, UINT32 size);
const bytes_type& bytes() const;
ADDRINT addr() const;
private:
struct impl;
boost::shared_ptr<impl> pimpl;
};
struct read_event : register_event {
read_event(OPCODE, REG, const CONTEXT*);
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
struct write_event : register_event {
write_event(OPCODE, REG, const CONTEXT*);
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
typedef int effect_type;
const effect_type NONE = 0;
const effect_type CLR = 1; //The flag is always cleared to 0.
const effect_type SET = 2; //The flag is always set to 1.
const effect_type AH = 4; //The flag is loaded with value from AH register
const effect_type MOD = 8; //The flag is modified, depending on the results of the instruction.
const effect_type POP = 16; //The flag is loaded with value popped off of the stack.
const effect_type TST = 32; //The flag is tested.
const effect_type UND = 64; //The effect on the flag is undefined.
const effect_type RD = TST;
const effect_type WR = CLR | SET | AH | MOD | POP | UND;
namespace RFLAGS {
struct field;
typedef boost::shared_ptr<field> field_ptr;
}
struct flag {
flag(const RFLAGS::field_ptr&, effect_type);
const std::string& name() const;
effect_type effect() const;
std::size_t width() const;
bytes_type::value_type value(const bytes_type&) const;
private:
const RFLAGS::field_ptr field;
effect_type mask;
};
typedef std::vector<flag> flags_type;
struct read_flags_event : read_event {
read_flags_event(OPCODE, REG, const CONTEXT*);
const flags_type& flags() const;
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
struct write_flags_event : write_event {
write_flags_event(OPCODE, REG, const CONTEXT*);
const flags_type& flags() const;
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
struct load_event : memory_event {
load_event(ADDRINT addr, UINT32 size);
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
struct store_event : memory_event {
store_event(ADDRINT addr, UINT32 size);
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
};
struct modload_event : event {
explicit modload_event(IMG img);
const std::string& name() const;
ADDRINT high() const;
ADDRINT low() const;
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
struct impl;
boost::shared_ptr<impl> pimpl;
};
struct syscall_event : event {
syscall_event(THREADID, const CONTEXT*, SYSCALL_STANDARD);
ADDRINT addr() const;
THREADID tid() const;
ADDRINT number() const;
const std::vector<ADDRINT>& args() const;
virtual std::ostream& operator<<(std::ostream&) const;
private:
virtual void do_accept(visitor&) const;
struct impl;
boost::shared_ptr<impl> pimpl;
};
} //namespace bpt
#endif //BPT_EVENTS_HPP