示例#1
0
        protected override void DumpBackTrace(TextWriter outputWriter, IBinInfo binInfo)
        {
            var frameNr = 0;

            var currentPc = Engine.RegRead(ArchInfo.PC);
            var currentFramePointerAddress = Engine.RegRead(ArchInfo.FP);
            var currentLrAddress           = Engine.RegRead(Simulation.Engine.ArchInfo.AArch64.LR);

            var lastFrame    = false;
            var didLastFrame = false;

            while (Config.AddressSpace.IsMapped(currentLrAddress - 4) && !didLastFrame)
            {
                if (!lastFrame)
                {
                    outputWriter.WriteLine($"#{frameNr++} {currentPc:X16} {binInfo.Symbolize(currentPc)} (LR: {currentLrAddress:X16} FP: {currentFramePointerAddress:X16})");

                    if (Config.AddressSpace.IsInRegion(Config.AddressSpace.GetRegion(Config.StackBase), currentFramePointerAddress, 8))
                    {
                        var storedFpData = new byte[8];
                        var storedLrData = new byte[8];

                        Engine.MemRead(currentFramePointerAddress + 0, storedFpData);
                        Engine.MemRead(currentFramePointerAddress + 8, storedLrData);

                        var storedFp = BitConverter.ToUInt64(storedFpData, 0);
                        var storedLr = BitConverter.ToUInt64(storedLrData, 0);

                        currentPc = currentLrAddress - 4;
                        currentFramePointerAddress = storedFp;
                        currentLrAddress           = storedLr;
                    }
                    else
                    {
                        currentPc = currentLrAddress - 4;

                        lastFrame = true;
                    }
                }
                else
                {
                    outputWriter.WriteLine($"#{frameNr++} {currentPc:X16} {binInfo.Symbolize(currentPc)}");

                    didLastFrame = true;
                }
            }
        }
示例#2
0
        private static void _doTUIFaultSim(MyConfig simConfig, IBinInfo binInfo, IFaultModel[] faultModels, IEnumerable <TraceRange> glitchRange)
        {
            Console.WriteLine("Starting simulation... This will take several minutes.");

            // Good / Bad simulation
            _doFaultSimTrace(simConfig, binInfo, glitchRange, out var correctSignTraceData, out var wrongSignTraceData);

            simConfig.UseAltData = true;

            var faultSim = new FaultSimulator(simConfig);

            faultSim.OnGlitchSimulationCompleted += (runs, eng, result) => {
                if (result.Result == Result.Completed)
                {
                    Console.WriteLine($"{result.Fault.FaultModel.Name} {result.Fault.ToString()} {binInfo.Symbolize(result.Fault.FaultAddress)}");
                }

                return(false);
            };

            faultSim.RunSimulation(faultModels, wrongSignTraceData);

            Environment.Exit(0);
        }