Avoid library code

[Peter]

Hi Derek, all,

is there a smooth way to detect library code in a construct like this: 

drmgr_register_bb_instrumentation_event(NULL, event_bb_instr_global, NULL);

...

dr_insert_clean_call(drcontext, bb, instr, process_instr_trace_instr, FALSE, 2, OPND_CREATE_INTPTR(instr_addr), OPND_CREATE_INTPTR(trace_para));

...

void __cdecl process_instr_trace_instr(app_pc instr_addr, S_TRACE_PARA* tr)

  <check here if "instr_addr" belongs to the library code or usercode>

With library I mean a DLL loaded by the instrumented file at runtime. The main goal is to only instrument non-library code of the sample. 

Thx,

Peter

[Enrico Deiana]

Hi Peter,

Please have a look at the module API interface: https://dynamorio.org/dr__modules_8h.html .
Specifically you should be able to achieve instrumenting only non-library code using: dr_get_main_module() and dr_module_set_should_instrument().
Note that dr_module_set_should_instrument() "must be called from the module load event for the module referred to by handle" (as documented).
The module load event can be registered with dr_register_module_load_event() (https://dynamorio.org/dr__events_8h.html#a004acbc467ec57cd62be8c49d57a6928) or drmgr_register_module_load_event() (https://dynamorio.org/group__drmgr.html#gaae5e551a1571aca43c136a83fe334096).

[Peter]

I did play with a few options in the module_load_event before asking, but wasn't successful (main issue was I wasn't able to find the end address of the loaded libs), but your hints sound interesting, I ll give it a try. Thx a lot !

-p

[Peter]

thx again, works like a charm.