Software Archive
Read-only legacy content
17061 Discussions

PIN Instrumentation SMC(self modifying code) Support Broken

amann__cress
Beginner
‎05-31-2018 03:29 AM
739 Views

 

Hi,

I have a piece of self-modifying code that PIN fails with, but dynamorio is able to show the correct behaviour.  This is the below self-modifying code -

//smc.c
#include <stdio.h>
#include <windows.h>

void foo() {
    int var = -1;

    asm ("call bar\n\t"
         "bar: pop %%eax\n\t"
         "movl $0xcafebabe, 9(%%eax)\n\t"
         // this is an attempt to replace 0xffffffff                                                                                                                                   
         // with 0xcafebabe in the next instruction                                                                                                                                    
         "movl $0xffffffff,%%eax\n\t"
         : "=rax"(var));
    printf("addr - 0x%x\n", var);
}
int main() {
    DWORD old, new;
    MEMORY_BASIC_INFORMATION minfo;

    VirtualQuery((void *)0x401570, &minfo, 30);
    new = minfo.Protect;
    new = PAGE_EXECUTE_READWRITE;
    if (VirtualProtect((void*)0x401570, 30, new, &old) == 0) {
        printf("VirtualProtect() failed\n");
        fflush(stdout);
    }

    foo();
}

The above code is compiled on linux using mingw(because it has inline asm) into a MS Windows PE32 Executable using the below command and then run on windows using pin.

$ i686-w64-mingw32-gcc smc.c

If I run it from the console without PIN I get the output
 

0xcafebabe

which is correct, because from the inline asm, I replace the next instruction where I replace the value 0xFFFFFFFF with 0xcafebabe.

With PIN I get the output - 

0xffffffff

which is wrong.  

The issue comes up because the modification happens in the currently running code block, which PIN has already cached and is currently running and PIN won't modify the current code block if it is altered.  I saw that pin has support for self modifying code through the API call PIN_SetSmcSupport(SMC_ENABLE), but despite that it is broken.

But the same self modifying code when run with dynamorio, it shows the correct output and dynamorio is able to track the change to the code basic block and update it on the run, something pin fails to do.

What am I missing with PIN and SMC support?

0 Kudos

Link Copied

2 Replies
Harold_G_Intel
Employee
‎05-31-2018 11:44 AM
739 Views

Hello,

You might try posting your question here: https://groups.yahoo.com/neo/groups/pinheads/info

Regards, Hal

Intel(R) Developer Zone Support

http://software.intel.com
*Other names and brands may be claimed as the property of others.

0 Kudos
Copy link
amann__cress
Beginner
‎06-01-2018 02:42 AM
739 Views

Thanks Hal.

I have posted my question on the yahoo group pinheads like you directed.

Is there any way this can be directed at PIN developers, because it looks like a bug to me, since dynamorio handles it, but PIN doesn't?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.