PIN Instrumentation SMC(self modifying code) Support Broken

amann__cress — Thu, 31 May 2018 10:29:29 GMT

Hi,

I have a piece of self-modifying code that PIN fails with, but dynamorio is able to show the correct behaviour. This is the below self-modifying code -

//smc.c
#include <stdio.h>
#include <windows.h>

void foo() {
    int var = -1;

    asm ("call bar\n\t"
         "bar: pop %%eax\n\t"
         "movl $0xcafebabe, 9(%%eax)\n\t"
         // this is an attempt to replace 0xffffffff                                                                                                                                   
         // with 0xcafebabe in the next instruction                                                                                                                                    
         "movl $0xffffffff,%%eax\n\t"
         : "=rax"(var));
    printf("addr - 0x%x\n", var);
}
int main() {
    DWORD old, new;
    MEMORY_BASIC_INFORMATION minfo;

    VirtualQuery((void *)0x401570, &minfo, 30);
    new = minfo.Protect;
    new = PAGE_EXECUTE_READWRITE;
    if (VirtualProtect((void*)0x401570, 30, new, &old) == 0) {
        printf("VirtualProtect() failed\n");
        fflush(stdout);
    }

    foo();
}

The above code is compiled on linux using mingw(because it has inline asm) into a MS Windows PE32 Executable using the below command and then run on windows using pin.

$ i686-w64-mingw32-gcc smc.c

If I run it from the console without PIN I get the output

0xcafebabe

which is correct, because from the inline asm, I replace the next instruction where I replace the value 0xFFFFFFFF with 0xcafebabe.

With PIN I get the output -

0xffffffff

which is wrong.

The issue comes up because the modification happens in the currently running code block, which PIN has already cached and is currently running and PIN won't modify the current code block if it is altered. I saw that pin has support for self modifying code through the API call PIN_SetSmcSupport(SMC_ENABLE), but despite that it is broken.

But the same self modifying code when run with dynamorio, it shows the correct output and dynamorio is able to track the change to the code basic block and update it on the run, something pin fails to do.

What am I missing with PIN and SMC support?

Hello,

Harold_G_Intel — Thu, 31 May 2018 18:44:20 GMT

Hello,

You might try posting your question here: https://groups.yahoo.com/neo/groups/pinheads/info

Regards, Hal

Intel(R) Developer Zone Support

http://software.intel.com
*Other names and brands may be claimed as the property of others.

Thanks Hal.

amann__cress — Fri, 01 Jun 2018 09:42:23 GMT

Thanks Hal.

I have posted my question on the yahoo group pinheads like you directed.

Is there any way this can be directed at PIN developers, because it looks like a bug to me, since dynamorio handles it, but PIN doesn't?

topic PIN Instrumentation SMC(self modifying code) Support Broken in Software Archive

PIN Instrumentation SMC(self modifying code) Support Broken

Hello,

Thanks Hal.