Getting register and memory value in an analysis function
772 views
Skip to first unread message
Igor R
May 13, 2014, 10:01:55 AM5/13/14
to dynamor...@googlegroups.com
In an analysis function (clean call) I have to get the value stored in some register and at some memory location.
Regarding the register value: IUUC, one can do the following at instrumentation time:
dr_insert_clean_call(drcontext, ilist, where, clean_call_callee, false, 1, opnd_create_reg(reg))
...and "opnd_create_reg" here is roughly equivalent to Pin's IARG_REG_VALUE, i.e. it requests DR to pass reg's value to the clean call. Am I right?
However, sometimes I'd like to get the value of a given register (reg_id_t) within the clean call. Is it possible? I know I can acquire the whole context, but how then to iterate over its fields and match with the desired reg_id_t?
Regarding the memory: can one just copy from any process address, or is there a special function, like Pin's PIN_SafeCopy()?
Thanks.
Qin Zhao
May 13, 2014, 11:57:05 AM5/13/14
to dynamor...@googlegroups.com
On Tue, May 13, 2014 at 10:01 AM, Igor R <boost...@gmail.com> wrote:
In an analysis function (clean call) I have to get the value stored in some register and at some memory location.Regarding the register value: IUUC, one can do the following at instrumentation time:dr_insert_clean_call(drcontext, ilist, where, clean_call_callee, false, 1, opnd_create_reg(reg))...and "opnd_create_reg" here is roughly equivalent to Pin's IARG_REG_VALUE, i.e. it requests DR to pass reg's value to the clean call. Am I right?
Yes
However, sometimes I'd like to get the value of a given register (reg_id_t) within the clean call. Is it possible? I know I can acquire the whole context, but how then to iterate over its fields and match with the desired reg_id_t?
I am not sure what do you mean within the clean call, if you want to get the app's register value, you can use dr_get_mcontext to get the machine context, so all the registers value.
Regarding the memory: can one just copy from any process address, or is there a special function, like Pin's PIN_SafeCopy()?
You can directly access the memory if you are sure the memory are accessiable, you can also use dr_safe_read dr_safe_write to access those memory.
--Thanks.
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To post to this group, send email to dynamor...@googlegroups.com.
Visit this group at http://groups.google.com/group/dynamorio-users.
For more options, visit https://groups.google.com/d/optout.
Interested in Yoga? Be careful of The Yoga Cult or The Scary Yoga Obsession.
Igor R
May 13, 2014, 1:01:33 PM5/13/14
to dynamor...@googlegroups.com
Thanks for your response.
However, sometimes I'd like to get the value of a given register (reg_id_t) within the clean call. Is it possible? I know I can acquire the whole context, but how then to iterate over its fields and match with the desired reg_id_t?I am not sure what do you mean within the clean call, if you want to get the app's register value, you can use dr_get_mcontext to get the machine context, so all the registers value.
Essentially, I have to inspect the contents of all the registers accessed by an instruction (read/written/both).
So, in the instrumentation phase I iterate over all the operands using instr_num_src()/instr_num_dst(), and if opnd_is_reg() -- I store opnd_get_reg() result in some buffer.
In the clean call that gets invoked after that instruction, I'd like to get the *values* of those regs. Using dr_get_mcontext() I get the whole context, but is it possible to extract from it a specific reg_id_t generically?
(In the meanwhile I' attempt to apply the following workaround: during the instrumentation I call dr_save_reg() for every register accessed by the instruction, and in the clean call I call dr_read_saved_req() -- would it be the right way to go?)
You can directly access the memory if you are sure the memory are accessiable, you can also use dr_safe_read dr_safe_write to access those memory.
Great, thanks.
Derek Bruening
May 13, 2014, 3:15:06 PM5/13/14
to dynamor...@googlegroups.com
On Tue, May 13, 2014 at 1:01 PM, Igor R <boost...@gmail.com> wrote:
Using dr_get_mcontext() I get the whole context, but is it possible to extract from it a specific reg_id_t generically?
reg_get_value
Igor R
May 13, 2014, 4:30:38 PM5/13/14
to dynamor...@googlegroups.com
On Tue, May 13, 2014 at 1:01 PM, Igor R <boost...@gmail.com> wrote:
Using dr_get_mcontext() I get the whole context, but is it possible to extract from it a specific reg_id_t generically?
reg_get_value
Thanks, missed that function in the API reference.
袁保国
Jun 16, 2016, 5:27:17 AM6/16/16
to DynamoRIO Users
I get register and memory value in an analysis function(drmgr_register_bb_instrumentation_event),does that correct?
在 2014年5月13日星期二 UTC+8下午10:01:55,Igor R写道:
在 2014年5月13日星期二 UTC+8下午10:01:55,Igor R写道:
Reply all
Reply to author
Forward
0 new messages