[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin samp
From: |
Pavel Dovgalyuk |
Subject: |
[Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample |
Date: |
Tue, 05 Jun 2018 13:39:53 +0300 |
User-agent: |
StGit/0.17.1-dirty |
This is an example of plugin which instruments only specific instructions:
sysenter and sysexit. When executing them, it prints system call id
and return code to the QEMU log.
Signed-off-by: Pavel Dovgalyuk <address@hidden>
---
plugins/syscall-log/Makefile | 19 ++++++++++++++++
plugins/syscall-log/syscall-log.c | 44 +++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+)
create mode 100644 plugins/syscall-log/Makefile
create mode 100644 plugins/syscall-log/syscall-log.c
diff --git a/plugins/syscall-log/Makefile b/plugins/syscall-log/Makefile
new file mode 100644
index 0000000..1bbdf04
--- /dev/null
+++ b/plugins/syscall-log/Makefile
@@ -0,0 +1,19 @@
+CFLAGS += -I../include -fno-PIE -fPIC -O3
+LDFLAGS += -shared
+# TODO: Windows
+DSOSUF := .so
+
+NAME:= syscall-log
+BIN := $(NAME)$(DSOSUF)
+
+FILES := syscall-log.o
+
+%.o: %.c
+ $(CC) -c -o $@ $< $(CFLAGS)
+
+all: $(FILES)
+ $(CC) $(LDFLAGS) -o $(BIN) $(FILES)
+
+clean:
+ rm $(FILES)
+ rm $(BIN)
diff --git a/plugins/syscall-log/syscall-log.c
b/plugins/syscall-log/syscall-log.c
new file mode 100644
index 0000000..1f5d55f
--- /dev/null
+++ b/plugins/syscall-log/syscall-log.c
@@ -0,0 +1,44 @@
+#include <stdint.h>
+#include <stdio.h>
+#include "plugins.h"
+
+bool plugin_init(const char *args)
+{
+ return true;
+}
+
+bool plugin_needs_before_insn(uint64_t pc, void *cpu)
+{
+ uint8_t code = 0;
+ if (!qemulib_read_memory(cpu, pc, &code, 1)
+ && code == 0x0f) {
+ if (qemulib_read_memory(cpu, pc + 1, &code, 1)) {
+ return false;
+ }
+ if (code == 0x34) {
+ /* sysenter */
+ return true;
+ }
+ if (code == 0x35) {
+ /* sysexit */
+ return true;
+ }
+ }
+ return false;
+}
+
+void plugin_before_insn(uint64_t pc, void *cpu)
+{
+ uint8_t code = 0;
+ uint32_t reg;
+ qemulib_read_memory(cpu, pc + 1, &code, 1);
+ /* Read EAX. There should be a header with register ids
+ or a function for reading the register by the name */
+ qemulib_read_register(cpu, (uint8_t*)®, 0);
+ /* log system calls */
+ if (code == 0x34) {
+ qemulib_log("sysenter %x\n", reg);
+ } else if (code == 0x35) {
+ qemulib_log("sysexit %x\n", reg);
+ }
+}
- [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 1/7] tcg: add headers for non-target helpers, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 2/7] Add plugin support, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 3/7] plugins: provide helper functions for plugins, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 4/7] tcg: add instrumenting module, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 5/7] plugins: add plugin template, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 6/7] plugin: add instruction execution logger, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample,
Pavel Dovgalyuk <=
- Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, Peter Maydell, 2018/06/05
- Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, no-reply, 2018/06/06
- Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, no-reply, 2018/06/06
- Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, no-reply, 2018/06/06