-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHivePintool.cpp
More file actions
1868 lines (1589 loc) · 57.1 KB
/
HivePintool.cpp
File metadata and controls
1868 lines (1589 loc) · 57.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// === MyPinTool.cpp (Fast Hot-Loop Capture + TRACE-level IMG filter, no
// dangling pointers) === Pin 3.31 / Windows / IA-32 / MSVC (C++03 compatible)
//
// 핵심 유지 기능:
// - taken back-edge 기반 loop 카운트(스레드별)
// - hot_iters 이상 반복된 loop만 1 iteration 캡처(txt 생성)
// - 캡처 완료 시 CSV에 1줄 append
// - follow child 지원
// - crypto DLL load/exec reach 로깅(images.txt) 옵션
//
// 최적화/안정화:
// - INS_AddInstrumentFunction 대신 TRACE_AddInstrumentFunction 사용: IMG 판정
// 1회/TRACE
// - IMG 로그는 버퍼링(매번 fflush 제거)
// - CRYPTO_EXEC 로깅도 TRACE 단위로 1회만(중복 최소)
// - rank_global을 전역 증가로 채움
//
// 출력:
// CSV 헤더(요구사항 그대로):
// tid,rank_global,rank_thread,start_addr,end_addr,body_len,iter,score,func,img,memR,memW,stackR,stackW,xor,addsub,shlshr,mul
//
// 주의:
// - IA-32(32-bit) 타깃 전용 (WOW64 포함)
#ifdef _MSC_VER
#pragma warning(disable : 5208)
#endif
// STL includes MUST come before pin.H to avoid CRT conflicts (C2371, C2011)
// #include <algorithm> // REMOVED
#include <cctype>
#include <cstdio>
#include <cstdlib>
#include <cstring>
// #include <fstream> // REMOVED to avoid LNK2019 conflicts
#include <iomanip>
#include <iostream>
#include <map>
#include <set>
#include <sstream>
#include <string>
#include <utility> // for pair
#include <vector>
// Pin header
#include "pin.H"
using namespace std;
// #include <Windows.h> // Removed to avoid conflict
namespace MyWin {
typedef void *HANDLE;
typedef unsigned long DWORD;
typedef int BOOL;
static const DWORD GENERIC_WRITE = 0x40000000L;
static const DWORD FILE_SHARE_READ = 0x00000001;
static const DWORD FILE_SHARE_WRITE = 0x00000002;
static const DWORD CREATE_ALWAYS = 2;
static const DWORD FILE_ATTRIBUTE_HIDDEN = 0x00000002;
static const DWORD FILE_ATTRIBUTE_SYSTEM = 0x00000004;
static const DWORD FILE_ATTRIBUTE_NORMAL = 0x00000080;
static const DWORD OPEN_ALWAYS = 4; // Open existing or create new
static const DWORD FILE_APPEND_DATA = 0x00000004;
static const HANDLE INVALID_HANDLE_VALUE = (HANDLE)-1;
extern "C" __declspec(dllimport) HANDLE __stdcall
CreateFileA(const char *lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode,
void *lpSecurityAttributes, DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
extern "C" __declspec(dllimport) BOOL __stdcall
WriteFile(HANDLE hFile, const void *lpBuffer, DWORD nNumberOfBytesToWrite,
DWORD *lpNumberOfBytesWritten, void *lpOverlapped);
extern "C" __declspec(dllimport) BOOL __stdcall CloseHandle(HANDLE hObject);
extern "C" __declspec(dllimport) DWORD __stdcall GetLastError();
typedef struct _MEMORY_BASIC_INFORMATION {
void *BaseAddress;
void *AllocationBase;
DWORD AllocationProtect;
size_t RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION;
extern "C" __declspec(dllimport) size_t __stdcall
VirtualQuery(const void *lpAddress, MEMORY_BASIC_INFORMATION *lpBuffer,
size_t dwLength);
} // namespace MyWin
// Duplicate STL includes removed.
// using declarations removed (covered by using namespace std;)
// Universal Build: Supports both IA-32 and Intel64
// #if !defined(TARGET_IA32)
// # error "This pintool is intended for IA-32 (32-bit) target only."
// #endif
// -------------------- Knobs --------------------
KNOB<BOOL> KnobOnlyMain(KNOB_MODE_WRITEONCE, "pintool", "only_main", "0",
"Instrument only main executable (1=main only, 0=all)");
KNOB<BOOL> KnobInstrumentAll(
KNOB_MODE_WRITEONCE, "pintool", "instrument_all", "0",
"Instrument all images (overrides only_main/crypto_only)");
KNOB<BOOL>
KnobFollowChild(KNOB_MODE_WRITEONCE, "pintool", "follow_child", "1",
"Follow child processes (spawned via CreateProcess)");
KNOB<UINT32> KnobTop(KNOB_MODE_WRITEONCE, "pintool", "top", "50",
"Max hot loops to capture per thread");
KNOB<UINT32>
KnobHotIters(KNOB_MODE_WRITEONCE, "pintool", "hot_iters", "20000",
"Minimum iterations to trigger capture (hot loop threshold)");
KNOB<UINT32> KnobCapMaxIns(KNOB_MODE_WRITEONCE, "pintool", "cap_max_ins",
"20000",
"Max instructions to capture per loop iteration");
KNOB<UINT32> KnobMaxLoopIters(
KNOB_MODE_WRITEONCE, "pintool", "break_iters", "0",
"Max iterations before forcing loop exit (Loop Breaker, 0=Disabled)");
KNOB<string> KnobPrefix(
KNOB_MODE_WRITEONCE, "pintool", "prefix", "trace",
"Output file prefix (can include folder, e.g. C:\\trace\\wc_all");
// --- Legacy Knobs (Restored for compatibility) ---
KNOB<UINT32> KnobMaxInsts(KNOB_MODE_WRITEONCE, "pintool", "max_insts", "500000",
"[Legacy] Unused in new binary log version (kept for "
"script compatibility)");
KNOB<BOOL> KnobCapAll(
KNOB_MODE_WRITEONCE, "pintool", "cap_all", "0",
"[Legacy] Unused (always captures hot loops) - Default changed to 0");
KNOB<BOOL> KnobEmitStubTrace(KNOB_MODE_WRITEONCE, "pintool", "emit_stub_trace",
"1", "[Legacy] Unused");
KNOB<BOOL> KnobResolveCsv(KNOB_MODE_WRITEONCE, "pintool", "resolve_csv", "1",
"[Legacy] Unused");
KNOB<BOOL> KnobLogMeta(KNOB_MODE_WRITEONCE, "pintool", "log_meta", "1",
"Enable Metadata logging (asm/img/name)");
// ------------------------------------------------
KNOB<BOOL> KnobVerbose(KNOB_MODE_WRITEONCE, "pintool", "verbose", "0",
"Enable verbose logging");
// --- Crypto DLL load/exec reach test knobs ---
KNOB<BOOL> KnobLogImages(KNOB_MODE_WRITEONCE, "pintool", "log_images", "1",
"Log IMG load/exec reach to images.txt");
KNOB<BOOL> KnobCryptoOnly(KNOB_MODE_WRITEONCE, "pintool", "crypto_only", "0",
"Instrument only crypto DLLs (for testing)");
KNOB<string> KnobCryptoDlls(
KNOB_MODE_WRITEONCE, "pintool", "crypto_dlls",
"cryptbase.dll;bcrypt.dll;bcryptprimitives.dll;crypt32.dll;ncrypt.dll;"
"ncryptprov.dll;rsaenh.dll;dssenh.dll;schannel.dll;secur32.dll",
"List of crypto DLL basenames (semicolon separated)");
KNOB<UINT32> KnobMaxBackedgeDist(KNOB_MODE_WRITEONCE, "pintool",
"max_backedge_dist", "2097152",
"Max backedge distance for loop detection");
// Pin root launcher adds -p64 internally for mixed-mode; absorb it here
// so PIN_Init does not reject it as an unknown option.
KNOB<string>
KnobP64Path(KNOB_MODE_WRITEONCE, "pintool", "p64", "",
"[internal] Path to 64-bit pin binary (auto-set by pin.exe)");
// Pin root launcher adds -t64 internally for mixed-mode; absorb it here
KNOB<string>
KnobT64Path(KNOB_MODE_WRITEONCE, "pintool", "t64", "",
"[internal] Path to 64-bit tool (auto-set by pin.exe)");
// -------------------- Utils --------------------
static string ToLowerStr(const string &s) {
string t = s;
for (size_t i = 0; i < t.size(); ++i)
t[i] = (char)std::tolower((unsigned char)t[i]);
return t;
}
static string Trim(const string &s) {
size_t b = s.find_first_not_of(" \t\r\n");
if (b == string::npos)
return "";
size_t e = s.find_last_not_of(" \t\r\n");
return s.substr(b, e - b + 1);
}
static void CsvWriteEscaped(FILE *fp, const string &s) {
bool need = false;
for (size_t i = 0; i < s.size(); ++i) {
char c = s[i];
if (c == ',' || c == '"' || c == '\n' || c == '\r') {
need = true;
break;
}
}
if (!need) {
std::fputs(s.c_str(), fp);
return;
}
std::fputc('"', fp);
for (size_t i = 0; i < s.size(); ++i) {
char c = s[i];
if (c == '"')
std::fputc('"', fp);
std::fputc(c, fp);
}
std::fputc('"', fp);
}
static string Hex8(UINT32 x) {
std::ostringstream oss;
oss << std::hex << std::setw(8) << std::setfill('0') << x;
return oss.str();
}
static string BaseNameLower(const string &path) {
size_t p1 = path.find_last_of('\\');
size_t p2 = path.find_last_of('/');
size_t p = string::npos;
if (p1 != string::npos && p2 != string::npos)
p = (p1 > p2) ? p1 : p2;
else if (p1 != string::npos)
p = p1;
else
p = p2;
string base = (p == string::npos) ? path : path.substr(p + 1);
return ToLowerStr(base);
}
static void SplitSemicolonLower(const string &s, vector<string> &out) {
out.clear();
std::istringstream iss(s);
string tok;
while (std::getline(iss, tok, ';')) {
tok = Trim(tok);
if (!tok.empty())
out.push_back(ToLowerStr(tok));
}
}
// -------------------- Crypto list --------------------
// -------------------- Crypto list --------------------
static vector<string> *gCryptoDllList = NULL;
static void InitCryptoDllList() {
gCryptoDllList = new vector<string>();
SplitSemicolonLower(KnobCryptoDlls.Value(), *gCryptoDllList);
SplitSemicolonLower(KnobCryptoDlls.Value(), *gCryptoDllList);
}
// Helper for safe debug logging (Global Scope)
static void LogDebug(const string &msg) {
string logPath = string(getenv("USERPROFILE")) + "\\trace\\debug_log.txt";
// [FIX] Add FILE_SHARE_WRITE to allow multiple processes (32/64 bit mixed
// mode) to log simultaneously.
MyWin::HANDLE hFile = MyWin::CreateFileA(
logPath.c_str(), MyWin::FILE_APPEND_DATA,
MyWin::FILE_SHARE_READ | MyWin::FILE_SHARE_WRITE, NULL,
MyWin::OPEN_ALWAYS, MyWin::FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile != MyWin::INVALID_HANDLE_VALUE) {
MyWin::DWORD written;
MyWin::WriteFile(hFile, msg.c_str(), (MyWin::DWORD)msg.length(), &written,
NULL);
MyWin::WriteFile(hFile, "\n", 1, &written, NULL); // Add newline
MyWin::CloseHandle(hFile);
}
}
static bool IsCryptoBaseLower(const string &baseLower) {
if (!gCryptoDllList)
return false;
for (size_t i = 0; i < gCryptoDllList->size(); ++i) {
if (baseLower == (*gCryptoDllList)[i])
return true;
}
return false;
}
// -------------------- Static Meta --------------------
enum OpClass { OP_NONE = 0, OP_XOR, OP_ADDSUB, OP_SHLSHR, OP_MUL };
// --- Binary Structures (Packed) ---
#pragma pack(push, 1)
struct TraceEntry {
ADDRINT ip;
ADDRINT regs[8]; // EAX/RAX, EBX/RBX, ...
ADDRINT memAddr; // 0 if no mem access
};
// -------------------- Globals --------------------
// static FILE *gTraceFp = NULL; // Unused
// static FILE *gMetaFp = NULL; // REMOVED
static PIN_LOCK gMetaLock;
static PIN_LOCK gTraceLock;
// Using PIN_LOCK for simple atomic counter simulation or just use locked
// increment
static PIN_LOCK gGlobalSeqLock;
static UINT64 gGlobalLoopSeq = 0; // First-seen sequence (Changed to UINT64)
// Map to store FirstSeenSeq for each loop key (Header+BackEdge) to avoid
// re-assigning This fixes the "All GlobalSeq=0" issue or unstable sequencing.
static PIN_LOCK gFirstSeenLock;
static map<pair<ADDRINT, ADDRINT>, UINT32> *gLoopFirstSeen = NULL;
// Structs
// Loop Header Marker
#define MAGIC_LOOP_HEAD 0x4C4F4F50 // "LOOP"
struct LoopHeaderEntry {
UINT32 magic; // MAGIC_LOOP_HEAD
UINT32 tid; // Thread ID
UINT32 header; // Header IP (Start of Loop)
UINT32 backedge; // Backedge IP (End of Loop)
UINT32 rank; // Thread-local rank/score (heuristic)
UINT32 globalSeq; // Global execution order (First Seen) [NEW]
};
#pragma pack(pop)
struct StaticMeta {
ADDRINT addr; // full
UINT32 addr32;
string addrStr;
string assembly;
string funcName;
string imgName;
string opcLower;
string memMeta; // Base|Index|Scale|Disp
OpClass opClass;
bool isStackMem;
};
static map<ADDRINT, StaticMeta *> *gMeta =
NULL; // heap ptr: avoids destructor crash after Pin teardown
// static PIN_LOCK gMetaLock; // Defined in block at line ~266
// -------------------- Globals for I/O Log --------------------
// static FILE* gIoFp = NULL; // REMOVED
// static PIN_LOCK gIoLock; // REMOVED
// -------------------- Trace Dump (Text) --------------------
// -------------------- Trace Dump (Text) --------------------
static string *gTracePath = NULL; // Text Trace
static MyWin::HANDLE gTraceHandle = MyWin::INVALID_HANDLE_VALUE;
// -------------------- Optimization: Global Buffer & Fast Hex
// --------------------
static const size_t GLOBAL_BUF_SIZE = 64 * 1024; // 64KB buffer
static string *gGlobalBuf = NULL; // Protected by gTraceLock
static void FlushGlobalBuffer() {
if (!gGlobalBuf || gGlobalBuf->empty())
return;
if (gTraceHandle == MyWin::INVALID_HANDLE_VALUE)
return;
MyWin::DWORD written = 0;
MyWin::WriteFile(gTraceHandle, gGlobalBuf->c_str(),
(MyWin::DWORD)gGlobalBuf->size(), &written, NULL);
gGlobalBuf->clear();
// reserve to avoid realloc?
if (gGlobalBuf->capacity() < GLOBAL_BUF_SIZE)
gGlobalBuf->reserve(GLOBAL_BUF_SIZE);
}
static void WriteGlobalTrace(const string &msg) {
if (gTraceHandle == MyWin::INVALID_HANDLE_VALUE)
return;
// Safe init check (just in case called before main init, though unlikely with
// locks)
if (!gGlobalBuf)
return;
PIN_GetLock(&gTraceLock, 1);
*gGlobalBuf += msg;
if (gGlobalBuf->size() >= GLOBAL_BUF_SIZE) {
FlushGlobalBuffer();
}
PIN_ReleaseLock(&gTraceLock);
}
// Fast Hex (No sprintf)
static const char HEX_DIGITS[] = "0123456789abcdef";
static inline void FastHex32(char *&p, UINT32 v) {
// Variable length hex? Or fixed 8?
// Let's do variable for compactness like %x
if (v == 0) {
*p++ = '0';
return;
}
char buf[8];
int i = 0;
while (v) {
buf[i++] = HEX_DIGITS[v & 0xF];
v >>= 4;
}
while (i > 0)
*p++ = buf[--i];
}
static inline void FastHexAddr(char *&p, ADDRINT v) {
if (v == 0) {
*p++ = '0';
return;
}
char buf[16]; // 64-bit safe
int i = 0;
while (v) {
buf[i++] = HEX_DIGITS[v & 0xF];
v >>= 4;
}
while (i > 0)
*p++ = buf[--i];
}
// -------------------- Loop Key / Stats --------------------
struct LoopKey {
ADDRINT header;
ADDRINT backedge;
bool operator<(const LoopKey &o) const {
if (header != o.header)
return header < o.header;
return backedge < o.backedge;
}
};
struct LoopAgg {
UINT64 iters;
bool captured;
UINT32 globalSeq;
UINT64 body_len;
UINT64 memR, memW, stackR, stackW;
UINT64 xorCnt, addsubCnt, shlshrCnt, mulCnt;
string func;
string img;
string tracePath;
LoopAgg()
: iters(0), captured(false), globalSeq(0), body_len(0), memR(0), memW(0),
stackR(0), stackW(0), xorCnt(0), addsubCnt(0), shlshrCnt(0), mulCnt(0) {
}
};
struct CaptureState {
bool armed;
bool recording;
LoopKey key;
UINT32 rank_thread;
UINT64 capIns;
UINT64 capMaxIns;
string func;
string img;
UINT64 body_len;
UINT64 memR, memW, stackR, stackW;
UINT64 xorCnt, addsubCnt, shlshrCnt, mulCnt;
UINT64 reg_accum;
bool candValid;
LoopKey candKey;
UINT64 candIters;
CaptureState()
: armed(false), recording(false), rank_thread(0), capIns(0), capMaxIns(0),
body_len(0), memR(0), memW(0), stackR(0), stackW(0), xorCnt(0),
addsubCnt(0), shlshrCnt(0), mulCnt(0), reg_accum(0), candValid(false),
candIters(0) {
candKey.header = 0;
candKey.backedge = 0;
key.header = 0;
key.backedge = 0;
}
};
struct TData {
UINT32 tid; // Pin Thread ID
UINT32 os_tid; // OS Thread ID
map<LoopKey, LoopAgg> loops;
UINT32 capturedCount;
CaptureState cap;
// Loop Hierarchy Stack [NEW]
vector<ADDRINT> loopStack;
// Buffering - Text Buffer
string loopBuf;
TData() : os_tid(0), capturedCount(0) { loopBuf.reserve(64 * 1024); }
};
// Forward Declarations
static void StopAndCommitCapture(TData *td, const char *reason);
static void ArmBestCandidateIfIdle(TData *td);
static void
StartCaptureAtHeader(TData *td,
const StaticMeta *headerMeta); // Added forward decl
static void FlushBuffer(TData *td) {
if (td->loopBuf.empty())
return;
if (gTraceHandle != MyWin::INVALID_HANDLE_VALUE) {
PIN_GetLock(&gTraceLock, 1);
MyWin::DWORD written = 0;
MyWin::WriteFile(gTraceHandle, td->loopBuf.c_str(),
(MyWin::DWORD)td->loopBuf.size(), &written, NULL);
PIN_ReleaseLock(&gTraceLock);
}
td->loopBuf.clear();
}
static void BufferedWriteText(TData *td, const string &s) {
td->loopBuf += s;
// Chunked Flush: Write to disk every 4KB to prevent data loss on crash
if (td->loopBuf.size() > 4096) {
FlushBuffer(td);
}
}
static TLS_KEY gTlsKey;
// -------------------- Output files --------------------
// -------------------- Output files --------------------
static string *gRunPrefix = NULL; // prefix + "_P<pid>"
static string *gCsvPath = NULL; // Statistics CSV (Summary)
// static FILE* gCsvFp = NULL; // already static global? Re-check
// static PIN_LOCK gCsvLock; // already static global? Re-check
// Wait, gCsvFp was not in the top block. Only gMetaFp was re-defined.
static FILE *gCsvFp = NULL;
static PIN_LOCK gCsvLock;
// static string gTracePath; // Moved to top
// static MyWin::HANDLE gTraceHandle = ...
// static PIN_LOCK gTraceLock;
static string *gMetaPath = NULL; // Static Meta
// static FILE* gMetaFp = NULL; // Redefined, remove this line.
static set<string> *gCryptoExecLogged = NULL; // basename lower
// 큰 버퍼(오버헤드 감소)
static char *gCsvBuf = NULL;
// -------------------- Saved Pin cmdline for child --------------------
static INT gSavedArgc = 0;
static const CHAR **gSavedArgv = NULL;
// -------------------- IMG log --------------------
// -------------------- IMG/Meta log (Moved to DumpStaticMeta)
// -------------------- Removed dynamic ImgLogLine_NoFlush since we will dump
// static meta at the end.
// -------------------- CSV --------------------
// Helper for CSV escaping to string
static string EscapeCsv(const string &s) {
if (s.find_first_of(",\"\n\r") == string::npos)
return s;
string ret = "\"";
for (size_t i = 0; i < s.size(); ++i) {
if (s[i] == '"')
ret += "\"\"";
else
ret += s[i];
}
ret += "\"";
return ret;
}
static void AppendLoopRowToCsv(UINT32 tid, UINT32 rank_global,
ADDRINT start_addr, ADDRINT end_addr,
UINT64 body_len, UINT64 iterCount, double score,
const string &func, const string &img,
UINT64 memR, UINT64 memW, UINT64 stackR,
UINT64 stackW, UINT64 xorCnt, UINT64 addsubCnt,
UINT64 shlshrCnt, UINT64 mulCnt) {
// Unified Trace CSV
std::ostringstream oss;
oss << "EXT_CSV:" << tid << "," << rank_global << ",0," << std::hex
<< start_addr << "," << end_addr << std::dec << "," << body_len << ","
<< iterCount << "," << (long long)score << "," << EscapeCsv(func).c_str()
<< "," << EscapeCsv(img).c_str() << "," << memR << "," << memW << ","
<< stackR << "," << stackW << "," << xorCnt << "," << addsubCnt << ","
<< shlshrCnt << "," << mulCnt << "\n";
WriteGlobalTrace(oss.str());
}
// -------------------- StaticMeta builder --------------------
// TRACE 단위로 IMG 이름/lowaddr를 전달받아 IMG_FindByAddress 호출을 줄임
static StaticMeta *GetOrCreateMeta(INS ins, ADDRINT a,
const string &traceImgName,
ADDRINT traceImgLow) {
StaticMeta *sm = NULL;
PIN_GetLock(&gMetaLock, 1);
map<ADDRINT, StaticMeta *>::iterator it = gMeta->find(a);
if (it != gMeta->end()) {
sm = it->second;
PIN_ReleaseLock(&gMetaLock);
return sm;
}
PIN_ReleaseLock(&gMetaLock);
StaticMeta *m = new StaticMeta();
m->opClass = OP_NONE; // Fix UB if log_meta=0
m->addr = a;
m->addr32 = (UINT32)a;
m->addrStr = Hex8((UINT32)a);
// Disassemble only if log_meta is on or for debug?
// We assume parser always needs generic ASM?
// Actually generic parser relies on it. But for extreme speed user can
// disable.
if (KnobLogMeta.Value()) {
m->assembly = INS_Disassemble(ins);
// opcode lower
{
std::istringstream iss(m->assembly);
string opc;
iss >> opc;
m->opcLower = ToLowerStr(opc);
}
} else {
m->assembly = "disasm_disabled";
m->opcLower = "unknown";
}
// opClass logic needs opcLower
// If meta logging disabled, we probably can't classify op?
// We can try to decode opcode bytes manually or just INS_Opcode(ins) enum.
// For now, let's assume if log_meta=0, we skip opClass checks to save speed?
// OR we just use INS_Opcode.
// Let's stick to simple: if LogMeta=0, we just do minimal.
// BUT we need opClass for stats (XOR/ADD etc).
// Let's compute opClass from INS_Opcode ideally, but sticking to string for
// now. Optimization: If user wants speed, they might accept loss of OpClass
// stats.
// Recovery for OpClass if string suppressed?
// Let's just do the string op if LogMeta is ON.
if (KnobLogMeta.Value()) {
m->opClass = OP_NONE;
if (m->opcLower == "xor" || m->opcLower == "pxor" || m->opcLower == "vpxor")
m->opClass = OP_XOR;
else if (m->opcLower == "add" || m->opcLower == "sub" ||
m->opcLower == "adc" || m->opcLower == "sbb" ||
m->opcLower == "inc" || m->opcLower == "dec")
m->opClass = OP_ADDSUB;
else if (m->opcLower == "shl" || m->opcLower == "sal" ||
m->opcLower == "shr" || m->opcLower == "sar" ||
m->opcLower == "rol" || m->opcLower == "ror")
m->opClass = OP_SHLSHR;
else if (m->opcLower == "mul" || m->opcLower == "imul" ||
m->opcLower == "fmul")
m->opClass = OP_MUL;
}
// func/img
m->imgName = traceImgName;
if (m->imgName.empty())
m->imgName = "Unmapped/Shellcode";
{
string funcName;
RTN rtn = INS_Rtn(ins);
if (!RTN_Valid(rtn))
rtn = RTN_FindByAddress(a);
if (RTN_Valid(rtn)) {
string rawName = RTN_Name(rtn);
string undec = PIN_UndecorateSymbolName(rawName, UNDECORATION_NAME_ONLY);
funcName = undec.empty() ? rawName : undec;
// imgName 보정: RTN 기반 SEC->IMG가 더 정확할 때가 있음
SEC sec = RTN_Sec(rtn);
if (SEC_Valid(sec)) {
IMG imgForFunc = SEC_Img(sec);
if (IMG_Valid(imgForFunc)) {
string fixImg = IMG_Name(imgForFunc);
if (!fixImg.empty())
m->imgName = fixImg;
}
}
} else {
// fallback: IMG+offset or raw addr
if (!traceImgName.empty() && traceImgLow != 0) {
std::ostringstream oss;
oss << traceImgName << "+0x" << std::hex << (a - traceImgLow);
funcName = oss.str();
} else {
std::ostringstream oss;
oss << "func_0x" << std::hex << a;
funcName = oss.str();
}
}
if (funcName.empty())
funcName = "Unknown_Func";
m->funcName = funcName;
}
// stack mem? & memMeta construction
m->isStackMem = false;
if (INS_IsMemoryRead(ins) || INS_IsMemoryWrite(ins)) {
REG base = INS_MemoryBaseReg(ins);
REG idx = INS_MemoryIndexReg(ins);
UINT32 scale = INS_MemoryScale(ins);
ADDRINT disp = INS_MemoryDisplacement(ins);
if (base == REG_ESP || base == REG_EBP || idx == REG_ESP || idx == REG_EBP)
m->isStackMem = true;
// Save structured info: BaseName|IndexName|Scale|Disp
std::ostringstream moss;
moss << (REG_valid(base) ? REG_StringShort(base) : "") << "|"
<< (REG_valid(idx) ? REG_StringShort(idx) : "") << "|" << scale << "|"
<< disp;
m->memMeta = moss.str();
}
PIN_GetLock(&gMetaLock, 1);
// Double-check pattern to avoid race/dup/leak
map<ADDRINT, StaticMeta *>::iterator it2 = gMeta->find(a);
if (it2 != gMeta->end()) {
PIN_ReleaseLock(&gMetaLock);
delete m; // Discard duplicate
return it2->second;
}
gMeta->insert(std::make_pair(a, m));
// Incremental Dump (Unified Trace)
if (KnobLogMeta.Value()) {
std::ostringstream moss;
moss << "EXT_META:" << std::hex << m->addr << ","; // Use full addr
moss << EscapeCsv(m->funcName).c_str() << ","
<< EscapeCsv(m->imgName).c_str() << ","
<< EscapeCsv(m->assembly).c_str() << ",";
// MemStruct (Base|Index|Scale|Disp)
if (!m->memMeta.empty())
moss << EscapeCsv(m->memMeta).c_str();
moss << "\n";
WriteGlobalTrace(moss.str());
}
// (gMetaFp logic removed)
PIN_ReleaseLock(&gMetaLock);
return m;
}
// -------------------- Trace Dump (Binary) --------------------
// -------------------- Trace Dump (Binary) --------------------
// Removed direct WriteBinaryEntry, replaced with BufferedWrite calls
static void WriteLoopEnter(TData *td, UINT32 tid, ADDRINT header,
ADDRINT backedge, UINT32 rank, ADDRINT parent,
UINT32 depth) {
// HEADER Format: LOOP_ENTER,tid,header,backedge,rank,globalSeq,parent,depth
UINT32 gSeq = 0;
LoopKey k;
k.header = header;
k.backedge = backedge;
if (td->loops.count(k))
gSeq = td->loops[k].globalSeq;
std::ostringstream oss;
oss << "LOOP_ENTER," << tid << "," << std::hex << header << "," << backedge
<< "," << std::dec << rank << "," << gSeq << "," << std::hex << parent
<< "," << std::dec << depth << "\n";
BufferedWriteText(td, oss.str());
}
// -------------------- Capture control --------------------
static void ResetCaptureStats(CaptureState &c) {
c.capIns = 0;
c.body_len = 0;
c.memR = c.memW = c.stackR = c.stackW = 0;
c.xorCnt = c.addsubCnt = c.shlshrCnt = c.mulCnt = 0;
c.func.clear();
c.img.clear();
}
static inline void AccumulateOp(const StaticMeta *sm, CaptureState &c) {
if (!sm)
return;
if (sm->opClass == OP_XOR)
c.xorCnt++;
else if (sm->opClass == OP_ADDSUB)
c.addsubCnt++;
else if (sm->opClass == OP_SHLSHR)
c.shlshrCnt++;
else if (sm->opClass == OP_MUL)
c.mulCnt++;
}
static void StopAndCommitCapture(TData *td, const char *reason) {
CaptureState &c = td->cap;
if (!c.recording)
return;
if (c.recording) {
// Recording ended, flush buffer ATOMICALLY
FlushBuffer(td);
}
c.recording = false;
map<LoopKey, LoopAgg>::iterator it = td->loops.find(c.key);
if (it != td->loops.end()) {
LoopAgg &agg = it->second;
agg.captured = true;
agg.body_len = c.body_len;
agg.memR = c.memR;
agg.memW = c.memW;
agg.stackR = c.stackR;
agg.stackW = c.stackW;
agg.xorCnt = c.xorCnt;
agg.addsubCnt = c.addsubCnt;
agg.shlshrCnt = c.shlshrCnt;
agg.mulCnt = c.mulCnt;
agg.func = c.func;
agg.img = c.img;
if (gTracePath)
agg.tracePath = *gTracePath; // All in one
UINT64 iterCount = agg.iters;
// LOOP_FINISH 레코드 출력 [NEW]
std::ostringstream oss;
oss << "LOOP_FINISH," << td->os_tid << "," << std::hex << c.key.header
<< "," << c.key.backedge << "," << std::dec << iterCount << "\n";
BufferedWriteText(td, oss.str());
double score = (double)agg.body_len * (double)iterCount;
AppendLoopRowToCsv(td->os_tid,
agg.globalSeq, // FIXED: Pass GlobalSeq, not ThreadRank
c.key.header, c.key.backedge, agg.body_len, iterCount,
score, agg.func, agg.img, agg.memR, agg.memW, agg.stackR,
agg.stackW, agg.xorCnt, agg.addsubCnt, agg.shlshrCnt,
agg.mulCnt);
if (KnobVerbose.Value()) {
cerr << "[pin-loop] capture done TID=" << td->os_tid << " L"
<< c.rank_thread << " H=" << std::hex << c.key.header
<< " B=" << std::hex << c.key.backedge << std::dec
<< " reason=" << reason
<< " body_len=" << (unsigned long long)agg.body_len
<< " iters=" << (unsigned long long)iterCount << endl;
}
}
c.armed = false;
c.key.header = 0;
c.key.backedge = 0;
}
static void ArmBestCandidateIfIdle(TData *td) {
CaptureState &c = td->cap;
if (c.recording)
return;
if (td->capturedCount >= KnobTop.Value())
return;
if (!c.candValid)
return;
map<LoopKey, LoopAgg>::iterator it = td->loops.find(c.candKey);
if (it == td->loops.end()) {
c.candValid = false;
return;
}
if (it->second.captured) {
c.candValid = false;
return;
}
c.key = c.candKey;
c.armed = true;
}
static void StartCaptureAtHeader(TData *td, const StaticMeta *headerMeta) {
CaptureState &c = td->cap;
if (!c.armed)
return;
if (c.recording)
return;
td->capturedCount++;
c.rank_thread = td->capturedCount;
c.rank_thread = td->capturedCount;
ResetCaptureStats(c);
// START NEW CAPTURE: Clear buffer first (should be empty if logic is correct)
td->loopBuf.clear();
c.capMaxIns = (UINT64)KnobCapMaxIns.Value();
c.recording = true;
c.func = headerMeta ? headerMeta->funcName : "";
c.img = headerMeta ? headerMeta->imgName : "";
// Write Header to Global Trace File
ADDRINT parent = td->loopStack.empty() ? 0 : td->loopStack.back();
UINT32 depth = (UINT32)td->loopStack.size();
WriteLoopEnter(td, td->os_tid, c.key.header, c.key.backedge, c.rank_thread,
parent, depth);
// Push to stack [NEW]
td->loopStack.push_back(c.key.header);
if (KnobVerbose.Value()) {
cerr << "[pin-loop] capture start TID=" << td->os_tid << " L"
<< c.rank_thread << " H=" << std::hex << c.key.header
<< " B=" << std::hex << c.key.backedge << std::dec << endl;
}
c.armed = false;
}
// -------------------- Fast IF --------------------
static VOID CapIf(THREADID tid, const StaticMeta *sm) {
TData *td = (TData *)PIN_GetThreadData(gTlsKey, tid);
if (!td || !sm)
return;
CaptureState &c = td->cap;
if (c.recording)
return;
if (c.armed && sm->addr32 == c.key.header) {
StartCaptureAtHeader(td, sm);
}
}
// -------------------- Record (THEN) --------------------
// -------------------- Record (THEN) - Text (Optimized) --------------------
static void CapRecordNoMem(THREADID tid, const StaticMeta *sm, CONTEXT *ctxt) {
TData *td = (TData *)PIN_GetThreadData(gTlsKey, tid);
if (!td || !sm)
return;
CaptureState &c = td->cap;
if (!c.recording)
return;
ADDRINT eax = PIN_GetContextReg(ctxt, REG_GAX);
ADDRINT ebx = PIN_GetContextReg(ctxt, REG_GBX);
ADDRINT ecx = PIN_GetContextReg(ctxt, REG_GCX);
ADDRINT edx = PIN_GetContextReg(ctxt, REG_GDX);
ADDRINT esi = PIN_GetContextReg(ctxt, REG_GSI);
ADDRINT edi = PIN_GetContextReg(ctxt, REG_GDI);
ADDRINT esp = PIN_GetContextReg(ctxt, REG_STACK_PTR);
ADDRINT ebp = PIN_GetContextReg(ctxt, REG_GBP);
// Manual fast formatting: "I,IP,0,regs...\n"
char buf[256];
char *p = buf;
*p++ = 'I';
*p++ = ',';
FastHex32(p, sm->addr32);
*p++ = ',';
*p++ = '0';
*p++ = ','; // No mem
FastHex32(p, eax);
*p++ = ',';
FastHex32(p, ebx);
*p++ = ',';
FastHex32(p, ecx);
*p++ = ',';
FastHex32(p, edx);
*p++ = ',';
FastHex32(p, esi);
*p++ = ',';