- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please tell me why (in the above) I get a different result running a program under the sde64 emulator than I do without the emulator? The emulator response is the expected one. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The code calls Syscall 1 to write the registers contents to the screen. This call appears to disturb register 11 on Ubuntu 20. This behavior is not reflected by sde64. Hence the difference.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is hard to tell why there are differences between native run and emulated run.
The main differences is the emulation of the CPUID and XSAVE instructions.
Currently, when Intel SDE is run without a chip knob (like in your example) it defaults to the Icelake CPU model.
Please note that Intel SDE does not emulate (most of the) instructions supported by the running CPU.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The code calls Syscall 1 to write the registers contents to the screen. This call appears to disturb register 11 on Ubuntu 20. This behavior is not reflected by sde64. Hence the difference.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Intel SDE is based on binary instrumentation technology. This means that the application is undergo translation and registers might have different values then the values in the original run. The translation process makes sure that these changes are isolated from the application, but it is not perfect. There are certain cases where these changes can be leaked/observed by the application.
In your case, before executing a system call, pin (our binary instrumentation system) preserves only part of the registers and not all, and I think that r11 is not preserved in this case.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page