def validate_integer_argument(pid,
syscall_object,
trace_arg,
exec_arg,
params=None):
logging.debug('Validating integer argument (trace position: %d '
'execution position: %d)',
trace_arg,
exec_arg)
# EAX is the system call number
POS_TO_REG = {0: tracereplay.EBX,
1: tracereplay.ECX,
2: tracereplay.EDX,
3: tracereplay.ESI,
4: tracereplay.EDI}
if not params:
arg = tracereplay.peek_register(pid, POS_TO_REG[exec_arg])
else:
arg = params[exec_arg]
arg_from_trace = int(syscall_object.args[trace_arg].value)
logging.debug('Argument from execution: %d', arg)
logging.debug('Argument from trace: %d', arg_from_trace)
# Check to make sure everything is the same
# Decide if this is a system call we want to replay
if arg_from_trace != arg:
raise ReplayDeltaError('Argument value at trace position: {}, '
'execution position: {} from execution ({}) '
'differs argument value from trace ({})'
.format(trace_arg,
exec_arg,
arg,
arg_from_trace))
def noop_current_syscall(pid):
logging.debug('Nooping the current system call in pid: %s', pid)
tracereplay.poke_register(pid, tracereplay.ORIG_EAX, 20)
tracereplay.syscall(pid)
next_syscall()
skipping = tracereplay.peek_register(pid, tracereplay.ORIG_EAX)
if skipping != 20:
raise Exception('Nooping did not result in getpid exit. Got {}'
.format(skipping))
tracereplay_globals.entering_syscall = False
def subcall_return_success_handler(syscall_id, syscall_object, pid):
logging.debug('Entering subcall return success handler')
if syscall_object.ret[0] == -1:
logging.debug('Handling unsuccessful call')
else:
logging.debug('Handling successful call')
ecx = tracereplay.peek_register(pid, tracereplay.ECX)
logging.debug('Extracting parameters from address %s', ecx)
params = extract_socketcall_parameters(pid, ecx, 1)
fd = params[0]
fd_from_trace = syscall_object.args[0].value
logging.debug('File descriptor from execution: %s', fd)
logging.debug('File descriptor from trace: %s', fd_from_trace)
if fd != int(fd_from_trace):
raise ReplayDeltaError('File descriptor from execution ({}) '
'differs from file descriptor from trace'
.format(fd, fd_from_trace))
noop_current_syscall(pid)
apply_return_conditions(pid, syscall_object)
def swap_trace_fd_to_execution_fd(pid, pos, syscall_object, params_addr=None):
POS_TO_REG = {
0: tracereplay.EBX,
1: tracereplay.ECX,
2: tracereplay.EDX,
3: tracereplay.ESI,
4: tracereplay.EDI,
}
logging.debug('Cleaning up file descriptor at position: {}'
.format(pos))
trace_fd = int(syscall_object.args[pos].value)
looked_up_fd = fd_pair_for_trace_fd(trace_fd)['os_fd']
if params_addr:
params = extract_socketcall_parameters(pid, params_addr, pos+1)
execution_fd = params[pos]
else:
execution_fd = tracereplay.peek_register(pid, POS_TO_REG[pos])
logging.debug('Replacing old value (trace fd): {} with new value: {}'
.format(execution_fd, looked_up_fd))
if params_addr:
update_socketcall_paramater(pid, params_addr, pos, looked_up_fd)
else:
tracereplay.poke_register(pid, POS_TO_REG[pos], looked_up_fd)
