Pavel Dovgalyuk <pavel.dovga...@ispras.ru> writes:
> This is an example of plugin which instruments only specific instructions:
> sysenter and sysexit. When executing them, it prints system call id
> and return code to the QEMU log.
Again I'm not sure this is a very useful example either. It doesn't
achieve anything we can't already do with the existing logging/strace
stuff and it is quite ugly in it's knowledge of a single architecture to
try and figure out what's going on.
>
> Signed-off-by: Pavel Dovgalyuk <pavel.dovga...@ispras.ru>
> ---
> plugins/syscall-log/Makefile | 19 ++++++++++++++++
> plugins/syscall-log/syscall-log.c | 44
> +++++++++++++++++++++++++++++++++++++
> 2 files changed, 63 insertions(+)
> create mode 100644 plugins/syscall-log/Makefile
> create mode 100644 plugins/syscall-log/syscall-log.c
>
> diff --git a/plugins/syscall-log/Makefile b/plugins/syscall-log/Makefile
> new file mode 100644
> index 0000000..1bbdf04
> --- /dev/null
> +++ b/plugins/syscall-log/Makefile
> @@ -0,0 +1,19 @@
> +CFLAGS += -I../include -fno-PIE -fPIC -O3
> +LDFLAGS += -shared
> +# TODO: Windows
> +DSOSUF := .so
> +
> +NAME:= syscall-log
> +BIN := $(NAME)$(DSOSUF)
> +
> +FILES := syscall-log.o
> +
> +%.o: %.c
> + $(CC) -c -o $@ $< $(CFLAGS)
> +
> +all: $(FILES)
> + $(CC) $(LDFLAGS) -o $(BIN) $(FILES)
> +
> +clean:
> + rm $(FILES)
> + rm $(BIN)
> diff --git a/plugins/syscall-log/syscall-log.c
> b/plugins/syscall-log/syscall-log.c
> new file mode 100644
> index 0000000..1f5d55f
> --- /dev/null
> +++ b/plugins/syscall-log/syscall-log.c
> @@ -0,0 +1,44 @@
> +#include <stdint.h>
> +#include <stdio.h>
> +#include "plugins.h"
> +
> +bool plugin_init(const char *args)
> +{
> + return true;
> +}
> +
> +bool plugin_needs_before_insn(uint64_t pc, void *cpu)
> +{
> + uint8_t code = 0;
> + if (!qemulib_read_memory(cpu, pc, &code, 1)
> + && code == 0x0f) {
> + if (qemulib_read_memory(cpu, pc + 1, &code, 1)) {
> + return false;
> + }
> + if (code == 0x34) {
> + /* sysenter */
> + return true;
> + }
> + if (code == 0x35) {
> + /* sysexit */
> + return true;
> + }
> + }
> + return false;
> +}
> +
> +void plugin_before_insn(uint64_t pc, void *cpu)
> +{
> + uint8_t code = 0;
> + uint32_t reg;
> + qemulib_read_memory(cpu, pc + 1, &code, 1);
> + /* Read EAX. There should be a header with register ids
> + or a function for reading the register by the name */
> + qemulib_read_register(cpu, (uint8_t*)®, 0);
> + /* log system calls */
> + if (code == 0x34) {
> + qemulib_log("sysenter %x\n", reg);
> + } else if (code == 0x35) {
> + qemulib_log("sysexit %x\n", reg);
> + }
> +}
--
Alex Bennée
