Get drsym_get_func_type in a drwrap_wrap callback function

39 views
Skip to first unread message

Don “donky” Ky

unread,
Oct 20, 2022, 11:29:41 PM10/20/22
to DynamoRIO Users
Hi!
I'm trying to build a Dynamorio client.
I want to get the number of arguments and their types into the  pre_func_cb of  drwrap_wrap  .
So I understood that I had to call:
   drsym_get_func_type (const char *modpath, size_t modoffs, char *buf, size_t buf_sz, drsym_func_type_t **func_type)

But I have no idea how to get the *modpath and the modoffs arguments from there.

Could anyone help me?

Thank you in advance!

Derek Bruening

unread,
Oct 21, 2022, 11:20:46 AM10/21/22
to Don “donky” Ky, DynamoRIO Users
I assume you located the address of the function to wrap using a module_data_t which has the path and base.  You would want to do the symbol lookup then, once, and not inside every dynamic execution.  If you really wanted to re-lookup on every call you could pass in the data or re-query dr_lookup_module_by_name() or whatnot.

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/324df3d6-3434-47f1-8a33-a26b2cbc5ca4n%40googlegroups.com.

Don “donky” Ky

unread,
Oct 21, 2022, 10:18:29 PM10/21/22
to DynamoRIO Users
Thank you a lot for your contribute.
You are right, that's not the best way to get the same struct on every call. So I changed my code. Now I'm trying to get the parameters in module_load_event

 So I have an app_pc towrap that I retrieved by using dr_get_proc_address and now I want to fill the drsym_func_type_t
               

                drsym_error_t error = drsym_get_func_type(mod->full_path, ??, buffer, 128, &func_type);
                drwrap_wrap(towrap, New_advapi32_GetUserNameA_pre, NULL);
But I have no idea on how to get the modoff argument to pass to drsym_get_func_type.
Thank you for your help!


Derek Bruening

unread,
Oct 24, 2022, 6:28:56 PM10/24/22
to Don “donky” Ky, DynamoRIO Users
On Fri, Oct 21, 2022 at 10:18 PM Don “donky” Ky <michele....@gmail.com> wrote:
Thank you a lot for your contribute.
You are right, that's not the best way to get the same struct on every call. So I changed my code. Now I'm trying to get the parameters in module_load_event

 So I have an app_pc towrap that I retrieved by using dr_get_proc_address and now I want to fill the drsym_func_type_t
               

                drsym_error_t error = drsym_get_func_type(mod->full_path, ??, buffer, 128, &func_type);
                drwrap_wrap(towrap, New_advapi32_GetUserNameA_pre, NULL);
But I have no idea on how to get the modoff argument to pass to drsym_get_func_type.

Did you check the docs?  https://dynamorio.org/group__drsyms.html#ga676bf63e860bca8a8eb3a7fe7e0dfa00 "The offset from the base of the module".  So subtract the module start from the function address.
 
Thank you for your help!



Il giorno venerdì 21 ottobre 2022 alle 08:20:46 UTC-7 Derek Bruening ha scritto:
I assume you located the address of the function to wrap using a module_data_t which has the path and base.  You would want to do the symbol lookup then, once, and not inside every dynamic execution.  If you really wanted to re-lookup on every call you could pass in the data or re-query dr_lookup_module_by_name() or whatnot.

On Thu, Oct 20, 2022 at 11:29 PM Don “donky” Ky <michele....@gmail.com> wrote:
Hi!
I'm trying to build a Dynamorio client.
I want to get the number of arguments and their types into the  pre_func_cb of  drwrap_wrap  .
So I understood that I had to call:
   drsym_get_func_type (const char *modpath, size_t modoffs, char *buf, size_t buf_sz, drsym_func_type_t **func_type)

But I have no idea how to get the *modpath and the modoffs arguments from there.

Could anyone help me?

Thank you in advance!

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/324df3d6-3434-47f1-8a33-a26b2cbc5ca4n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.

Don “donky” Ky

unread,
Oct 26, 2022, 8:07:54 PM10/26/22
to DynamoRIO Users
Yes, I did it, but probably I'm missing a concept, maybe I did something silly :-(.
I have a map that has as a key the module name and as value a list of processes I want to wrap, then in the module_load_event I'm trying to get the arguments by using  drsym_get_func_type(). I tried to subtract and pass the offset but I receive the  DRSYM_ERROR 
I'm sorry for my english, I'm adding a screenshot of the code to make it clearer:

Code.jpg
Everything is logged in a text file, and this is an extract of the result:

Code.jpg

Thank you again for your patience

Derek Bruening

unread,
Oct 26, 2022, 10:46:33 PM10/26/22
to Don “donky” Ky, DynamoRIO Users
Do you have private symbols for these libraries?  As the docs say, "The public Windows symbol files typically do not contain type information for function parameters."  That said, I would expect a more specific error message than DRSYM_ERROR for missing debug info.  If it were me I would call drsym_get_module_debug_kind to make sure it was finding some kind of .pdb, and then I would walk the drsyms code in the debugger to be sure to understand where it was failing: is it that the desired info is just not there, or is there something else in the way.

Don “donky” Ky

unread,
Oct 26, 2022, 11:49:05 PM10/26/22
to DynamoRIO Users
Thank you very much, I'll check it out!
Reply all
Reply to author
Forward
0 new messages