duran 0.1.0

data/lib/duran/proc.rb

@@ -0,0 +1,49 @@
+
+module Duran
+  # XXX feature_bit_t is an enum, but there's gaps and i'm feeling lazy atm
+  typedef :uint, :feature_bit_t 
+
+  enum :cache_size_t, [
+    :CACHE_SIZE_8_KB,    #/**< L1 or L2 cache size of 8 KB. */
+    :CACHE_SIZE_16_KB,   #/**< L1 or L2 cache size of 16 KB. */
+    :CACHE_SIZE_32_KB,   #/**< L1 or L2 cache size of 32 KB. */
+    :CACHE_SIZE_64_KB,   #/**< L1 or L2 cache size of 64 KB. */
+    :CACHE_SIZE_128_KB,  #/**< L1 or L2 cache size of 128 KB. */
+    :CACHE_SIZE_256_KB,  #/**< L1 or L2 cache size of 256 KB. */
+    :CACHE_SIZE_512_KB,  #/**< L1 or L2 cache size of 512 KB. */
+    :CACHE_SIZE_1_MB,    #/**< L1 or L2 cache size of 1 MB. */
+    :CACHE_SIZE_2_MB,    #/**< L1 or L2 cache size of 2 MB. */
+    :CACHE_SIZE_UNKNOWN  #/**< Unknown L1 or L2 cache size. */
+  ]
+
+  enum :vendor_t, [:intel, :amd, :unknown]
+
+
+  attach_function :proc_get_cache_line_size, [], :size_t
+  attach_function :proc_is_cache_aligned, [:pointer], :bool
+  attach_function :proc_bump_to_end_of_cache_line, [:ptr_uint_t], :ptr_uint_t
+  attach_function :proc_get_containing_page, [:pointer], :pointer
+  attach_function :proc_get_vendor, [], :vendor_t
+  attach_function :proc_get_family, [], :uint
+  attach_function :proc_get_type, [], :uint
+  attach_function :proc_get_model, [], :uint
+  attach_function :proc_get_stepping, [], :uint
+  attach_function :proc_get_brand_string, [], :string
+  attach_function :proc_get_L1_icache_size, [], :cache_size_t
+  attach_function :proc_get_L1_dcache_size, [], :cache_size_t
+  attach_function :proc_get_L2_cache_size, [], :cache_size_t
+  attach_function :proc_get_cache_size_str, [:cache_size_t], :string
+  attach_function :proc_fpstate_save_size, [], :size_t
+  attach_function :proc_save_fpstate, [:pointer], :size_t
+  attach_function :proc_restore_fpstate, [:pointer], :void
+  attach_function :proc_has_feature, [:feature_bit_t], :bool
+  attach_function :proc_get_all_feature_bits, [], :pointer
+
+  attach_function :dr_insert_save_fpstate, 
+    [:dr_ctx_t, :pointer, :pointer, Operand], :void
+
+  attach_function :dr_insert_restore_fpstate,
+    [:dr_ctx_t, :pointer, :pointer, Operand], :void
+  
+end
+

data/lib/duran/structs.rb

@@ -0,0 +1,20 @@
+
+module Duran
+  class DRYStruct < FFI::Struct
+    include FFI::DRY::StructHelper
+  end
+
+end
+
+require 'duran/structs/operand'
+require 'duran/structs/instruction'
+require 'duran/structs/machine_context'
+require 'duran/structs/fault_fragment_info'
+require 'duran/structs/restore_state_info'
+require 'duran/structs/exception'
+require 'duran/structs/signal_info'
+require 'duran/structs/memory_info'
+require 'duran/structs/module_names'
+require 'duran/structs/module_data'
+require 'duran/structs/tracedump'
+

data/lib/duran/structs/exception.rb

@@ -0,0 +1,23 @@
+
+module Duran
+  class Exception < DRYStruct
+    dsl_layout do
+      struct :mcontext, MachineContext, :desc => "Context at exception point"
+
+      field  :record,   :pointer, :desc => "Ptr. to the Win32 EXCEPTION_RECORD"
+
+      # aligns to 8 bytes to avoid differences in padding... XXX TODO confirm!
+
+      struct :raw_mcontext, MachineContext, :desc => \
+        "The raw pre-translated machine state at the exception interruption "+
+        "point inside the code cache.  Clients are cautioned when examining "+
+        "code cache instructions to not rely on any details of code inserted "+
+        "other than their own."
+
+      struct :fault_fragment_info, FaultFragmentInfo, :desc => \
+        "Information about the code fragment inside the code cache at "+
+        "the exception interruption point. "
+
+    end
+  end
+end

data/lib/duran/structs/fault_fragment_info.rb

@@ -0,0 +1,34 @@
+module Duran
+  # See _dr_fault_fragment_info_t in dr_events.h
+  #
+  # Data structure passed within dr_exception_t, dr_siginfo_t, and
+  # dr_restore_state_info_t.
+  # Contains information about the code fragment inside the code cache 
+  # at the exception/signal/translation interruption point. 
+  class FaultFragmentInfo < DRYStruct
+    dsl_layout do
+      field :tag,                 :pointer, :desc => \
+        "The tag of the code fragment inside the code cache at the "+
+        "exception/signal/translation interruption point. NULL for "+
+        "interruption not in the code cache."
+
+      field :cache_start_pc,      :pointer, :desc => \
+        "The start address of the code fragment inside the code cache at "+
+        "the exception/signal/translation interruption point. NULL for "+
+        "interruption not in the code cache.  "+
+        "Clients are cautioned when examining code cache instructions to not"+
+        "rely on any details of code inserted other than their own.  "
+
+      field :is_trace,            :bool,    :desc => \
+        "Indicates whether the interrupted code fragment is a trace"
+
+      field :app_code_consistent, :bool,    :desc => \
+        "Indicates whether the original application code containing the "+
+        "code corresponding to the exception/signal/translation interruption "+
+        "point is guaranteed to still be in the same state it was when the "+
+        "code was placed in the code cache. This guarantee varies "+
+        "depending on the type of cache consistency being used by DR."
+
+    end
+  end
+end

data/lib/duran/structs/instruction.rb

@@ -0,0 +1,15 @@
+
+module Duran
+  # Internal structure of instr_t is below abstraction layer, but we
+  # provide its size so that it can be used in stack variables
+  # instead of always allocated on the heap.
+  class Instruction < DRYStruct
+    dsl_layout do
+      if ::Duran::ARCH == :x64
+        array :black_box_uint, [:uint, 26]
+      else
+        array :black_box_uint, [:uint, 16]
+      end
+    end
+  end
+end

data/lib/duran/structs/machine_context.rb

@@ -0,0 +1,80 @@
+
+module Duran
+  class MachineContext < DRYStruct
+    NUM_XMM_SLOTS = 
+      ::Duran::ARCH == :x64 ? ( ::Duran::PLATFORM == :windows ? 6 :  16) : 8
+
+    # comment from dr_defines.h:
+    #
+    # The SSE registers xmm0-xmm5 (-xmm15 on Linux) are volatile
+    # (caller-saved) for 64-bit and WOW64, and are actually zeroed out on
+    # Windows system calls.  These fields are ignored for 32-bit processes
+    # that are not WOW64, or if the underlying processor does not support
+    # SSE.  Use dr_mcontext_xmm_fields_valid() to determine whether the
+    # fields are valid.
+    class XMM_t < FFI::Struct
+      # Really a union, but FFI structs and unions with arrays are lots 
+      # of broken so we fake it with our own helper methods.
+      layout :u8_stub,  [:uchar, 16]
+
+      def u8
+        self[:u8_stub].to_a
+      end
+
+      def u64
+        self[:u8_stub].to_ptr.get_array_of_uint64(0,2)
+      end
+
+      def u32
+        self[:u8_stub].to_ptr.get_array_of_uint32(0,4)
+      end
+
+      alias_method :reg, (::Duran::ARCH == :x64 ? :u64 : :u32)
+    end
+
+    dsl_layout do
+      field :xdi, :reg_t, :desc => "platform-independent rdi/edi register"
+      field :xsi, :reg_t, :desc => "platform-independent rsi/esi register"
+      field :xbp, :reg_t, :desc => "platform-independent rbp/ebp register"
+      field :xsp, :reg_t, :desc => "platform-independent rsp/esp register"
+      field :xbx, :reg_t, :desc => "platform-independent rbx/ebx register"
+      field :xdx, :reg_t, :desc => "platform-independent rdx/edx register"
+      field :xcx, :reg_t, :desc => "platform-independent rcx/ecx register"
+      field :xax, :reg_t, :desc => "platform-independent rax/eax register"
+      if ::Duran::ARCH == :x64
+        field :r8,  :reg_t, :desc => "r8 register"
+        field :r9,  :reg_t, :desc => "r9 register"
+        field :r10, :reg_t, :desc => "r10 register"
+        field :r11, :reg_t, :desc => "r11 register"
+        field :r12, :reg_t, :desc => "r12 register"
+        field :r13, :reg_t, :desc => "r13 register"
+        field :r14, :reg_t, :desc => "r14 register"
+        field :r15, :reg_t, :desc => "r15 register"
+      end
+      array :xmm_stub, [:uchar, NUM_XMM_SLOTS*XMM_t.size]
+      field :xflags, :reg_t, :desc => 'platform-independent rflags/eflags register'
+      field :xip, :pointer, :desc => "platform-independent rip/eip register"
+    end
+
+    alias_method :pc, :xip
+    alias_method :pc=, :xip=
+
+    # Create e/r aliases for all the platform-independent register accessors
+    # named based on our architecture.
+    reg_pfx = ::Duran::ARCH == :x64 ? "r" : "e"
+    [:di, :si, :bp, :sp, :bx, :dx, :cx, :ax, :flags, :ip].each do |reg_sfx|
+      alias_method :"#{reg_pfx}#{reg_sfx}",  :"x#{reg_sfx}"
+      alias_method :"#{reg_pfx}#{reg_sfx}=", :"x#{reg_sfx}="
+    end
+
+    def xmm
+      off=0
+      Array.new(NUM_XMM_SLOTS) do
+        r = XMM_t.new(self[:xmm_stub].to_ptr+off)
+        off += XMM_t.size
+        r
+      end
+    end
+  end
+end
+

data/lib/duran/structs/memory_info.rb

@@ -0,0 +1,12 @@
+module Duran
+  enum :mem_type, [:free, :image, :data]
+
+  class MemoryInfo < DRYStruct
+    dsl_layout do
+      field  :base_pc,  :pointer, :desc => "Starting address of memory region"
+      field  :mem_size, :size_t, :desc => "Size of region"
+      field  :prot, :uint,  :desc => "Protection of region (MEMPROT_* flags)"
+      field  :mem_type, :uint,  :desc => "Type of region"
+    end
+  end
+end

data/lib/duran/structs/module_data.rb

@@ -0,0 +1,61 @@
+
+module Duran
+
+  class ModuleData < DRYStruct
+
+    class VersionNumber < DRYStruct
+      dsl_layout do
+        field :p2, :ushort
+        field :p1, :ushort
+        field :p4, :ushort
+        field :p3, :ushort
+      end
+
+      def ms
+        to_ptr.get_uint32(0)
+      end
+
+      def ls
+        to_ptr.get_uint32(4)
+      end
+
+      def version
+        to_ptr.get_uint64(0)
+      end
+    end
+
+    dsl_layout do
+      field :start_addr, :app_pc, 
+        :desc => 'starting address of this module'
+
+      field :end_addr, :app_pc, 
+        :desc => 'ending address of this module'
+
+      field :entry_point, :app_pc,
+        :desc => 'entry point for this module as specified in the headers'
+
+      field :flags, :uint, :desc => 'Reserved, set to 0'
+
+      struct :names, ModuleNames, 
+        :desc => 'struct containing names for this module.'
+
+      field :full_path, :string, 
+        :desc => 'full path to the file backing this module'
+
+      if ::Duran::PLATFORM == :windows
+        struct :file_version, VersionNumber,
+          :desc => "file version number from .rsrc section"
+
+        struct :product_version, VersionNumber,
+          :desc => "product version number from .rsrc section"
+
+        field :module_internal_size, :size_t, 
+          :desc => "module internal size (from PE headers SizeOfImage)"
+
+      end
+    end
+
+    alias_method :handle, :start_addr
+  end
+end
+

data/lib/duran/structs/module_names.rb

@@ -0,0 +1,24 @@
+
+module Duran
+  class ModuleNames < DRYStruct
+    dsl_layout do
+      field :module_name, :string, 
+        :desc => "The name of the module from the PE or ELF header."
+
+      field :file_name, :string, 
+        :desc => "The file name used to load this module."
+
+      if PLATFORM == :windows
+        field :exe_name, :string, 
+          :desc => "The executable name used to launch the process."
+
+        field :rsrc_name, :string, 
+          :desc => "The internal name given to the module in its resource."
+
+      else # :linux
+        field :inode, :uint64, :desc => "The inode of the module mapped in."
+      end
+    end
+  end
+end
+

data/lib/duran/structs/operand.rb

@@ -0,0 +1,15 @@
+module Duran
+  # Internal structure of opnd_t is below abstraction layer
+  # but FFI needs to know field sizes to copy it around
+  class Operand < DRYStruct
+    dsl_layout do
+      if ::Duran::ARCH == :x64
+        field :black_box_uint, :uint
+        field :black_box_uint64, :uint64
+      else
+        array :black_box_uint, [:uint, 3]
+      end
+    end
+  end
+end
+

data/lib/duran/structs/restore_state_info.rb

@@ -0,0 +1,30 @@
+
+module Duran
+  # see _dr_restore_state_info_t in dr_events.h
+  #
+  # Data structure passed to a restore_state_ex event handler (see
+  # dr_register_restore_state_ex_event()).  Contains the machine
+  # context at the translation point and other translation
+  # information.
+  class RestoreStateInfo < DRYStruct
+    dsl_layout do
+      struct :mcontext,            MachineContext, :desc => \
+        "The application machine state at the translation point."
+
+      field  :raw_mcontext_valid, :bool, :desc => \
+        "Whether raw_mcontext is valid."
+
+      struct :raw_mcontext,        MachineContext, :desc => \
+        "The raw pre-translated machine state at the translation "+
+        "interruption point inside the code cache.  Clients are "+
+        "cautioned when examining code cache instructions to not rely on "+
+        "any details of code inserted other than their own."
+
+      struct :fault_fragment,     FaultFragmentInfo, :desc => \
+        "Information about the code fragment inside the code cache "+
+        "at the translation interruption point."
+
+    end
+  end
+end
+

data/lib/duran/structs/signal_info.rb

@@ -0,0 +1,41 @@
+
+module Duran
+
+  # Data structure passed with a signal event.  Contains the machine
+  # context at the signal interruption point and other signal
+  # information.
+  class SignalInfo < DRYStruct
+    dsl_layout do
+      field  :sig, :int, :desc => "The signal number."
+
+      field  :context, :pointer, :desc => \
+        "The context of the thread receiving the signal."
+
+      struct :mcontext, MachineContext, :desc => \
+        "The application machine state at the signal interruption point."
+
+      struct :raw_mcontext, MachineContext, :desc => \
+        "The raw pre-translated machine state at the signal interruption "+
+        "point inside the code cache.  NULL for delayable signals.  Clients "+
+        "are cautioned when examining code cache instructions to not rely on "+
+        "any details of code inserted other than their own."
+
+      field :raw_mcontext_valid, :bool, :desc => "Whether raw_context is valid"
+
+      field :access_address, :pointer, :desc => \
+        "For SIGBUS and SIGSEGV, the address whose access caused the signal "+
+        "to be raised (as calculated by DR)."
+
+      field :blocked, :bool, :desc => \
+        "Indicates this signal is blocked.  DR_SIGNAL_BYPASS is not allowed, "+
+        "and a second event will be sent if the signal is later delivered to "+
+        "the application.  Events are only sent for blocked non-delayable "+
+        "signals, not for delayable signals."
+
+      struct :fault_fragment_info, FaultFragmentInfo, :desc => \
+        "Information about the code fragment inside the code cache "+
+        "at the signal interruption point."
+
+    end
+  end
+end

data/lib/duran/structs/tracedump.rb

@@ -0,0 +1,50 @@
+
+module Duran
+  class TracedumpFileHeader < DRYStruct
+    dsl_layout do
+      field :version, :int, 
+        :desc => "The DynamoRIO version that created the file"
+
+      field :x64, :bool,
+        :desc => "Whether a 64-bit DynamoRIO library created the file."
+
+      field :linkcount_size, :int, 
+        :desc => "Size of the linkcount (linkcounts are deprecated)"
+    end
+  end
+
+  class TraceDumpTraceHeader < DRYStruct
+    dsl_layout do
+      field :frag_id, :int, :desc => "Identifier for the trace"
+      field :tag, :app_pc, :desc => "Application address for start of trace"
+      field :cache_start, :app_pc, :desc => "Code cache start address."
+      field :entry_offs, :int, :desc => "Offset into trace of normal entry."
+      field :num_exits, :int, :desc => "Number of exits from the trace."
+      field :code_size, :int, :desc => "Length of the trace in the code cache"
+      field :num_bbs, :uint, :desc => "Number of bbs making up the trace"
+      field :x64, :bool, :desc => "Whether the trace contains 64-bit code"
+    end
+  end
+
+  class TraceDumpStubData < DRYStruct
+    class Count < FFI::Union
+      layout :count32, :uint32, :count64, :uint64
+
+      def count32; self[:count32]; end
+      def count32=(val); self[:count32]=val; end
+      def count64; self[:count64]; end
+      def count64=(val); self[:count64]=val; end
+    end
+
+    dsl_layout do
+      field :cti_offs, :int, :desc => "Offset from the start of the fragment"
+      field :stub_pc, :app_pc, :desc => "Code cache address of the stub"
+      field :target, :app_pc, :desc => "Target of the stub"
+      field :linked, :bool, :desc => "Whether the stub is linked to its target"
+      field :stub_size, :int, :desc => "Length of stub_code array"
+      struct :count, Count , :desc => "32 or 64 bit execution count"
+      field :stub_code, :byte, :desc => "variable sized"
+    end
+  end
+end
+