[panda-users] PANDA_CB_BEFORE_BLOCK_EXEC doesn't fire for some basic blocks
Igor Rubinov
igor.rubinov at gmail.com
Wed Apr 29 16:30:54 EDT 2015
Hello,
I encountered a strange behavior of PANDA_CB_BEFORE_BLOCK_EXEC
callback, and I'd appreciate any idea on the subject.
The long story short: I noticed that this callback doesn't get called
for some BBs, which are parts of a loop.
I.e., during the first loop iteration all the BBs get invoked, but
during the subsequent iterations some BBs are missing. (OTOH,
PANDA_CB_INSN_EXEC seems to get called correctly for every iteration.)
To get the minimal reproducing sample, I subscribe to this callback
only, and print tb->pc for every BB laying within the main module of
my process. I identify the process by some predefined "cookie".
The program being tested is the following:
#include <stdio.h>
// to identify the process in PANDA plugin
const int ID = 0x12345678;
int main()
{
int i = 0;
for ( ; i < 10; ++i)
printf("Hello!\n");
return 0;
}
///////////
The plugin is as follows:
#include "config.h"
#include "qemu-common.h"
#include "cpu.h"
#include "panda_plugin.h"
#include <stdio.h>
#include <stdlib.h>
FILE *plugin_log;
int before_block_callback(CPUState *env, TranslationBlock *tb)
{
unsigned char buf[4];
cpu_memory_rw_debug(env, tb->pc, buf, 4, 0);
// print only BBs belonging to the main module of our process
if (*(int *)buf == 0x12345678 && tb->pc >= 0x08048320 && tb->pc < 0x080484b0)
{
fprintf(plugin_log, "0x%x", tb->pc);
fflush(plugin_log);
}
return 0;
}
bool init_plugin(void *self)
{
panda_enable_precise_pc();
plugin_log = fopen("test_loop.txt", "w+");
panda_cb pcb;
pcb.before_block_exec = before_block_callback;
panda_register_callback(self, PANDA_CB_BEFORE_BLOCK_EXEC, pcb);
return true;
}
void uninit_plugin(void *self)
{
fclose(plugin_log);
}
More information about the panda-users
mailing list