How to find RTN by name in pintool? - intel-pin

I use RTN_FindByName() to search for a specific RTN, but it didn't work with me, moreover i try to force the compiler to not inline the RTN, but still not working,
test code:
void __attribute__ ((noinline)) MyFunInApp()
{
printf(" function inside application environmental \n");
}
code in pintool:
VOID ImageLoad(IMG img, VOID *v)
{
RTN MyRtn = RTN_FindByName(img,"MyFunInApp");
if (RTN_Valid(MyRtn))
{
cout<< "Found RTN"<< endl;
}
else
{
cout<< "Not Found RTN"<< endl;
}
}
How can i fix that, or do that by another way ?
Compiler: gcc version 4.8 C++ Language
O.S : Ubuntu 14.04 LTS, 64-bit
Output (of test code) :
Not Found RTN
Not Found RTN
Not Found RTN

What you're seeing (the function name wrapped with characters) is called function name decoration/mangling. It's the way that C++ implements overloading natively. Unfortunately mangling isn't standardized and every compiler does it differently.
You can either look for the mangled name, or alternatively iterate over the rtns in an image (you can see samples in the kit on how to do this) and use Pin's PIN_UndecorateSymbolName API to get the clean function name. Just remember that due to mangling you may get more than one such symbol.

Related

Rf_error and Rf_warning definitions

Where can I find the definitions for these two functions. Grepping for their name brings only declarations but I can't find their implementation in the source code.
Presumably you are looking for the C code function definitions. What I typically do when looking for the definitions is search across all files for the function name without the Rf_ but with the return type. For example, for Rf_error, I would search for void error. In this case you pretty quickly get (from src/main/errors.c#758, for R version 3.2.2):
void error(const char *format, ...)
{
char buf[BUFSIZE];
RCNTXT *c = R_GlobalContext;
va_list(ap);
va_start(ap, format);
Rvsnprintf(buf, min(BUFSIZE, R_WarnLength), format, ap);
va_end(ap);
/* This can be called before R_GlobalContext is defined, so... */
/* If profiling is on, this can be a CTXT_BUILTIN */
if (c && (c->callflag & CTXT_BUILTIN)) c = c->nextcontext;
errorcall(c ? c->call : R_NilValue, "%s", buf);
}
Rf_warning is defined at line 262 of the same file.
Note the following lines in src/include/R_ext/Error.h
#ifndef R_NO_REMAP
#define error Rf_error
#define warning Rf_warning
#endif
R_NO_REMAP is usually not defined, so that means the macro error expands to Rf_error. So, in files that include Error.h, instances of error will be replaced with Rf_error by the preprocessor.
So you need to search for the function with the same return type and arguments. As BrodieG notes in his answer, the functions also usually (always?) have the same name, but without the Rf_ prefix.
Thanks to Duncan Murdoch for helpful pointers. Any errors are mine.

Type-punning (GCC) - incrementing a pointer parameter on stack

OK, I understand that the GCC 4.x warning "dereferencing type-punned pointer will break strict-aliasing rules" is no joke and I should clean up my code.
I have code which compiles und runs fine with GCC 3.x, and would be very happy if it would do so with GCC 4.x, too. Assume I want to have the assembled code as short as possible: the function gets passed a pointer and should write some data to there. My original code uses the pointer directly on the stack (without a copy) and increments it there (note that I don't want to pass the incremented value back to the caller). You may think also of passing parameters by register - then any copy would be overhead.
So this was my "ideal" code:
void foo(void *pdataout) {
for (int i=16; i--;)
*(*reinterpret_cast<BYTE**>(&pdataout))++ = 255;
}
I tried some variant (note that the address-operator must be applied to 'pdataout' before any type-cast):
void foo(void *pdataout) {
BYTE *pdo = reinterpret_cast<BYTE*>(*reinterpret_cast<BYTE**>(&pdataout));
for (int i=16; i--;)
*pdo++ = 255;
}
and also this:
void foo(void *pdataout) {
BYTE *pdo = *reinterpret_cast<BYTE**>(&pdataout);
for (int i=16; i--;)
*pdo++ = 255;
}
Nothing pleases GCC 4.x... This last one does - but, it uses a copy of the parameter which I don't like. Is there a way to do this without the copy? I have no idea how to tell it the compiler :-(
void foo(void *pdataout) {
BYTE *pdo = reinterpret_cast<BYTE*>(pdataout);
for (int i=16; i--;)
*pdo++ = 255;
}
As far as I understand now, despite there is no more warning by GCC, using the indirection via an additional variable is not safe!
For me (as union is not usable), the only real solution is to use the -fno-strict-aliasing compiler option. Only with that, GCC is aware that pointers of different type to the same memory address can refer to the same variable.
This article finally helped me to understand strict-aliasing.

Error passing pointer in QT

In QT have the following code that starts a thread to send out commands. The thread takes a char * and int as arguments. In the "run" I use the pointer that is given by the constuctor. The code is:
MyThread::MyThread(char * payld, int payld_size)
{
payload_size = payld_size;
payload_p = payld;
}
void MyThread::run()
{
while(...)
{
sendCommand(payload_p, payload_size);
}
}
Unfortunately this doesn´t work and my application crashes when I try to use thread.start(). But when I change it to:
MyThread::MyThread(char * payld, int payld_size)
{
payload_size = payld_size;
payload_p = payld;
for(int i=0; i<payload_size; i++)
{
payload[i] = payld[i];
}
}
void MyThread::run()
{
while(...)
{
sendCommand(payload, payload_size);
}
}
The code does run and only crashes sometimes (looks pretty random to me). Can anybody Explain me why version one doesnt work and version two does? And any ideas on why the second code sometimes crashes? Could it be because the size of payload is not predefined (in the header file I defined it as
char payload[];
When I define it as:
char payload[10];
it seems to work better, but it is annoying to test since the crashes are pretty random.
instead of fiddling with char*, I would switch to QString (since you're using Qt). It takes a bit of learning, but it's almost mandatory to get code working smoothly in this framework. Then declare
QString payload;
and depending on sendCommand implementation, use one of the member functions QString to get the char*, like payload.toLatin1()

QList for touch-points not being created, "A data abort exception has occurred"

I am trying to get touch inputs for my program targeting an N8 (and a C7), and I am not able to create a QList for keeping touchpoints using QTouchEvent::touchPoints(). The program crashes with the following line: Thread has crashed: A data abort exception has occurred accessing 0xee
The overloaded events function looks like:
bool GLWindow::event(QEvent *event)
{
switch ( event->type() ) {
case QEvent::TouchBegin: {
QList<QTouchEvent::TouchPoint> touchBeginPoints =
static_cast<QTouchEvent *>(event)->touchPoints();
foreach (const QTouchEvent::TouchPoint &touchBeginPoint, touchBeginPoints)
{
float touchBeginX = touchBeginPoint.pos().x();
float touchBeginY = touchBeginPoint.pos().y();
qDebug() << "touchBeginPoint := " << touchBeginX << ", " << touchBeginY;
}
break;
}
case QEvent::TouchUpdate: {
// same as touch begin: getting touch point
break;
}
case QEvent::TouchEnd: {
// same as touch begin: getting touch point
break;
}
default: {
qDebug() << "Goodbye";
return true;
}
}
return true;
}
Now,
I have never worked with containers before. But creating and using a QList in another part of the program works fine. Should I be including something in my .pro file? (Most problems seem to end up regarding this with me!)
I read (a bit) about exceptions in Qt and Symbian, but I am not able to get most of that. BUT I am not doing any networking or resource based i/o or manipulation except textures for 3D objects. Is it possible that memory allocation while running the program is creating some problem?
Basically I am just trying to print the touch point. But I am clueless as to why I can’t create a QList. The code compiles fine. I tried my best (unsuccessfully), but is there any other way to get the screen coordinates of a touchpoint (one that does not require a QList)? Any comments are welcome.
[Reposting from qt-project.org.]
Your syntax is 100% correct. Just look at this example: http://www.developer.nokia.com/Community/Wiki/Painting_in_Qt
What I'm guessing happens is that QTouchEvent::touchPoints() returns a list big enough that it overflows your stack. Try increasing the stack size for your application.
Is your syntax correct ? The compilation error seems to reinforce teukkam point...
What happens when you replace
static_cast<QTouchEvent *>(event)->touchPoints()
With
(dynamic_cast<QTouchEvent *>(event))->touchPoints()
Notice the parentheses...

What are the possible ways of intercepting system calls on unix environments?

What are the possible ways of intercepting system calls on unix environments?
I'm looking to do in AIX.
Thanks
Not familiar with AIX, but the following works on Linux and Solaris. You can use the LD_PRELOAD environment variable, which tells ld.so to load a shared library before libc and then write your own version of the system call, and optionally call the original. man ld.so for more information. Something along the lines of
#include <dlfcn.h>
typedef int (*ioctl_fn)(int, int, void*);
static
int
my_ioctl(int fildes,
int request,
void* argp,
ioctl_fn fn_ptr)
{
int result = 0;
/* call original or do my stuff */
if (request == INTERESTED)
{
result = 0;
}
else
{
result = (*fn_ptr)(fildes, request, argp);
}
return result;
}
/*
* override ioctl() - on first call get a pointer to the "real" one
* and then pass it onto our version of the function
*/
int
ioctl(int fildes,
int request,
void* argp)
{
static ioctl_fn S_fn_ptr = 0;
if (S_fn_ptr == 0)
{
S_fn_ptr = (ioctl_fn)dlsym(RTLD_NEXT, "ioctl");
}
return my_ioctl(fildes, request, argp, S_fn_ptr);
}
Carved this out of some code I had lying around, apologies if I have made it incorrect.
Well, there's always systrace.
I'm not sure about AIX, but I've done it on Linux.
On Linux, the system call table is contained in the sys_call_table array.
We need to first find out the address of this table. Now, this is a tricky thing and there are multiple ways to do it.
We can find its address by looking at sysmap file:
punb200m2labs08vm1:/ # cat /boot/System.map-4.4.21-69-default | grep sys_call_table
ffffffff81600180 R sys_call_table
Hence, ffffffff81600180 is the address of sys_call_table on my machine.
In your kernel module, you can just change the default function corresponding to certain system call number (that you're changing) and assign it to your own function.
e.g. Suppose you want to intercept 'open' system call whose number is __NR_open on Linux. After you get the sys_call_table address from above, just assign your function to index __NR_open of sys_call_table:
sys_call_table[__NR_open] = your_function;
where your_function is implemented by you to intercept 'open' system call.
From now on, every open system call will go through this function.
The details would differ on AIX, but the overall idea would be similar, I guess. You just need to find out AIX specific procedure to achieve this.

Resources