Hi Shuai,
Since you instrumented every basic block of a function, Dyninst would
relocate the whole original function to another section. The relocated
function would contain both the original code and the instrumentation
code. Therefore, executing all the instructions at the patched
sections would actually execute both your instrumentation and the
original code. One reason to not jump back immediately after
instrumentation is that executing two extra jumps for each basic block
would significantly slow down the execution.
Thanks
--Xiaozhu
On Sat, Aug 22, 2015 at 10:37 PM, Shuai Wang <wangshuai901@xxxxxxxxx> wrote:
> Dear list,
>
>
> I basically want to instrument an ELF binary, adding some instrumentation
> code to the beginning of every basic block. I use DynInst version 8.2.1 on
> 64-bit Linux platform. I am instrumenting some unstripped binaries now but I
> want to move forward to stripped binaries later.
>
> I found some very confusing situation in the instrumented output, could
> anyone educate me on that..? Sorry if it is really a stupid question.. Let
> me elaborate it here:
>
> 1. I insert one instruction to the beginning of every basic block.
>
> 2. After instrumentation, I use objdump to check the output, I are assured
> that basic blocks' begining instruction(s) have been substituted with a
> "jmp" instruction to the patched section, something like this:
> jmpq 700280 <main_dyninst>
>
> 3. I use gdb to go with the execution flow on the instrumented output, and I
> observed that when execution flow hits the first jmpq instruction (at the
> beginning of main function actually), it is redirected to the patched
> section.
>
> 4. I observed the execution at patched section, including both
> instrumentation code, also the replaced instructions at the instrumentation
> point of the original binary. However, to my surprise, the execution flow
> isn't redirected back to the original code section, and it just execute all
> the instructions at the patched sections. And as a result, even I
> instrumented every basic block, but only instrumentation code at the first
> basic block was indeed executed during runtime.
>
>
> I suppose for a static instrumentation, after execution of instrumentation
> code and replaced instructions at the patched section, the execution flow is
> then redirected back by a jmp instruction to the original code section. Am I
> missed anything here..? Or do I have to configure some options in my code
> for this type of functionality..?
>
> Sorry for my disorganized description, am I clear? If so, could anyone give
> me some help..? I really appreciate that!
>
> Sincerely,
> Shuai
>
>
>
> _______________________________________________
> Dyninst-api mailing list
> Dyninst-api@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}