rep_stosb or rep_stosq instruction is not continous,there is only one,why ?
65 views
Skip to first unread message
ganlanzhi
Feb 25, 2020, 4:55:22 AM2/25/20
to DynamoRIO Users
I printed the application instruction opcode executed into file
the rep_stosb or rep_stosq instructions appears only once,not continous
Derek Bruening
Feb 25, 2020, 10:43:05 AM2/25/20
to dynamor...@googlegroups.com
In general, please provide more information and be more precise: "I printed" does not say *where* this printing code is located. I'm guessing you printed only in the basic block event itself, where printing just once is exactly what you should expect!
If you are not familiar with transformation time versus execution time, please see http://dynamorio.org/dynamorio_docs/API_BT.html#sec_control_points and/or our tutorial slides https://github.com/DynamoRIO/dynamorio/releases/download/release_7_0_0_rc1/DynamoRIO-tutorial-feb2017.pdf
On Tue, Feb 25, 2020 at 4:55 AM ganlanzhi <ganlan...@gmail.com> wrote:
I printed the application instruction opcode executed into filethe rep_stosb or rep_stosq instructions appears only once,not continous
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/ff907574-d166-4cf3-9b93-b2355dd9fe66%40googlegroups.com.
Message has been deleted
Message has been deleted
Message has been deleted
ganlanzhi
Feb 26, 2020, 7:48:23 AM2/26/20
to DynamoRIO Users
sorry for not saying clearlyI wrote a client , print the app instruction executed ,the executed app is very simple,wrote by c,#include <stdio.h>int main(){int i=0,j=2,k;k=i+j;return 0;}client as follows:drmgr_register_bb_instrumentation_event(NULL /*analysis_func*/,event_app_instruction, NULL);event_app_instruction{instrument_instr();if (drmgr_is_first_instr(drcontext, instr)){dr_insert_clean_call(drcontext, bb, instr, (void *)clean_call, false, 0);}}
clean_call()
{
instrace()
}
in function instrace(),I log instr opcode into filefprintf(data->logf,"%s\n",decode_opcode_name(ins_ref->opcode));I compare the output with pin's,I also upload the excel recording their diffrence.instructions like rep_stosb/rep_stosq is continous in pin's result,but dynamorio only once .how is this inplemented in dynamorio?there is another diffrences,sheet"diffrence discription" is the row number index for sheet"instr sequence"for example , row num:811, pin has more loop"add - cmp - jnz" than dynamorioI don't know how is these diffrence come from .thanks very much for your reply在 2020年2月25日星期二 UTC+8下午5:55:22,ganlanzhi写道:
John Galea
Feb 26, 2020, 7:53:07 AM2/26/20
to DynamoRIO Users
Hey ganlanzhi,
Thank you for the additional details.
What you are looking for is drutil_expand_rep_string which as the name implies explicitly expands loops poised by the rep prefix.
Docs:
https://dynamorio.org/dynamorio_docs/group__drutil.html#gae38961d42fc285d7f9034c4b02690cae
Also read the memtrace_x86.c sample found in dynamorio/api/samples in order to get an idea of how to use the function.
Also read the memtrace_x86.c sample found in dynamorio/api/samples in order to get an idea of how to use the function.
ganlanzhi
Feb 26, 2020, 7:58:32 AM2/26/20
to DynamoRIO Users
在 2020年2月26日星期三 UTC+8下午8:48:23,ganlanzhi写道:
sorry for not saying clearlyI wrote a client , print the app instruction executed ,the executed app is very simple,wrote by c,#include <stdio.h>int main(){int i=0,j=2,k;k=i+j;return 0;}client as follows:drmgr_register_bb_instrumentation_event(NULL /*analysis_func*/,event_app_instruction, NULL);event_app_instruction{instrument_instr();if (drmgr_is_first_instr(drcontext, instr)){dr_insert_clean_call(drcontext, bb, instr, (void *)clean_call, false, 0);}}clean_call(){instrace()}
in function instrace(),I log instr opcode into filefprintf(data->logf,"%s\n",decode_opcode_name(ins_ref->opcode));
I compare the output with pin's,sorry I cannot upload the excel recording their diffrence.
ganlanzhi
Feb 26, 2020, 8:02:39 AM2/26/20
to DynamoRIO Users
Thanks for your reply
so when these rep prefix instructions are hided ,and why?
在 2020年2月26日星期三 UTC+8下午8:53:07,John Galea写道:
在 2020年2月26日星期三 UTC+8下午8:53:07,John Galea写道:
John Galea
Feb 26, 2020, 8:33:51 AM2/26/20
to DynamoRIO Users
REP string operations are not expanded by default. Like I said, you need to use drutil_expand_rep_string.
Apart from tracing/memory checking, there are many other applications which do not require inspecting memory, and therefore the expansion of such operations are unnecessary.
ganlanzhi
Feb 26, 2020, 8:51:52 AM2/26/20
to DynamoRIO Users
thanks for your reply
In which function these REP operations are truncate
在 2020年2月26日星期三 UTC+8下午9:33:51,John Galea写道:
在 2020年2月26日星期三 UTC+8下午9:33:51,John Galea写道:
John Galea
Feb 26, 2020, 9:08:52 AM2/26/20
to DynamoRIO Users
Docs state the following: This function must be called from the application-to-application ("app2app") stage (see drmgr_register_bb_app2app_event()).
ganlanzhi
Feb 26, 2020, 9:30:53 AM2/26/20
to DynamoRIO Users
I modified my client
在 2020年2月26日星期三 UTC+8下午10:08:52,John Galea写道:
drmgr_unregister_bb_app2app_event(event_bb_app2app);
static dr_emit_flags_tevent_bb_app2app(void *drcontext, void *tag, instrlist_t *bb, bool for_trace,
bool translating)
{
if (!drutil_expand_rep_string(drcontext, bb)) {
DR_ASSERT(false);
/* in release build, carry on: we'll just miss per-iter refs */
}
return DR_EMIT_DEFAULT;
}
but it does not work, rep_stos instructions logged in file are stil not continous
在 2020年2月26日星期三 UTC+8下午10:08:52,John Galea写道:
John Galea
Feb 26, 2020, 11:12:48 AM2/26/20
to DynamoRIO Users
hmm, by any chance, did you forget to register for the app2app event? I can only see drmgr_unregister_bb_app2app_event in your code.
ganlanzhi
Feb 26, 2020, 8:20:49 PM2/26/20
to DynamoRIO Users
surely I registered the app2app event
在 2020年2月27日星期四 UTC+8上午12:12:48,John Galea写道:
在 2020年2月27日星期四 UTC+8上午12:12:48,John Galea写道:
Derek Bruening
Feb 26, 2020, 11:11:13 PM2/26/20
to dynamor...@googlegroups.com
As John said, drutil_expand_rep_string() is the methodology to use, and it is used in many of our tools and certainly works well in all of those, correctly providing explicit-control-flow loops for string operations. There must be something missing in your client. You can look at all of the memtrace samples, drcachesim's instruction and memory tracer, Dr. Memory, etc., all of which use it, to compare to your code and see where the differences are. drutil_expand_rep_string() should really be there in the instrace samples too since typical trace use cases will want the dynamic expansion of those loops. I filed https://github.com/DynamoRIO/dynamorio/issues/4138 on adding it. If you would like to take that on we would be happy to take a pull request.
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/5aba860e-8489-44dd-9e72-4a09e380bdb6%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages