On 06/10/2015 00:14, Bill Williams wrote:
On 10/05/2015 05:09 AM, Marc Brünink wrote:
At the moment I have no idea where the 0x500006a1 comes from.
Okay, this one is obvious to me, but not entirely trivial to fix: we're
handing back the relocated address where the instrumented version of
function_end called itself. Doing that translation directly in the
snippet is not a good idea; there are use cases where we need to go to
the actual control flow target and not the original address of said target.
Are you doing this instrumentation dynamically or with binary rewriting?
And if you're doing rewriting, can you get away with a post-processing
step on your output? It should be straightforward to expose a relocated
address->original address translation method at the BPatch_addressSpace
level (harder in the binary rewriting case, but should Just Work(tm) in
the process case).
I instrument dynamically. I followed Bill's suggestion and added a
translation method to BPatch_addressSpace.
I think the post-processing approach is not optimal, though.
There is a time gap between the execution of dynamicTargetExpr and the
post-processing. Thus, the relocation info might change in between.
But well... I suppose I can handle this.
This is another case for having the relocation info accessible in the
instrumented process. However, I tried this once and it was really not
trivial.
bool BPatch_addressSpace::getOrigAddr(Address relocAddr,
Address& origAddr)
{
std::vector<AddressSpace*> as;
getAS(as);
assert(as.size());
Relocation::CodeTracker::RelocInfo ri;
if (as[0]->getRelocInfo(relocAddr, ri)) {
origAddr = ri.orig;
return true;
}
return false;
}
Marc
| ![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}