/* * Original implementation came with Pin tool under name strace.c * Modified by Muhammad Abdulla to print function names rather than integer values. */ #include #if defined(TARGET_MAC) #include #else #include #endif #include "pin.H" FILE * trace; // Print syscall number and arguments VOID SysBefore(ADDRINT ip, ADDRINT num, ADDRINT arg0, ADDRINT arg1, ADDRINT arg2, ADDRINT arg3, ADDRINT arg4, ADDRINT arg5) { #if defined(TARGET_IA32) // On ia32, there are only 5 registers for passing system call arguments, // but mmap needs 6. For mmap on ia32, the first argument to the system call // is a pointer to an array of the 6 arguments if (num == SYS_mmap) { ADDRINT * mmapArgs = reinterpret_cast(arg0); arg0 = mmapArgs[0]; arg1 = mmapArgs[1]; arg2 = mmapArgs[2]; arg3 = mmapArgs[3]; arg4 = mmapArgs[4]; arg5 = mmapArgs[5]; } #endif fprintf(trace, "0x%lx: ", (unsigned long) ip); switch(num) { case SYS__sysctl: fprintf(trace, "_sysctl"); break; case SYS_access: fprintf(trace, "access"); break; case SYS_acct: fprintf(trace, "acct"); break; case SYS_add_key: fprintf(trace, "add_key"); break; case SYS_adjtimex: fprintf(trace, "adjtimex"); break; case SYS_afs_syscall: fprintf(trace, "afs_syscall"); break; case SYS_alarm: fprintf(trace, "alarm"); break; case SYS_brk: fprintf(trace, "brk"); break; case SYS_capget: fprintf(trace, "capget"); break; case SYS_capset: fprintf(trace, "capset"); break; case SYS_chdir: fprintf(trace, "chdir"); break; case SYS_chmod: fprintf(trace, "chmod"); break; case SYS_chown: fprintf(trace, "chown"); break; case SYS_chroot: fprintf(trace, "chroot"); break; case SYS_clock_getres: fprintf(trace, "clock_getres"); break; case SYS_clock_gettime: fprintf(trace, "clock_gettime"); break; case SYS_clock_nanosleep: fprintf(trace, "clock_nanosleep"); break; case SYS_clock_settime: fprintf(trace, "clock_settime"); break; case SYS_clone: fprintf(trace, "clone"); break; case SYS_close: fprintf(trace, "close"); break; case SYS_creat: fprintf(trace, "creat"); break; case SYS_create_module: fprintf(trace, "create_module"); break; case SYS_delete_module: fprintf(trace, "delete_module"); break; case SYS_dup: fprintf(trace, "dup"); break; case SYS_dup2: fprintf(trace, "dup2"); break; case SYS_dup3: fprintf(trace, "dup3"); break; case SYS_epoll_create: fprintf(trace, "epoll_create"); break; case SYS_epoll_create1: fprintf(trace, "epoll_create1"); break; case SYS_epoll_ctl: fprintf(trace, "epoll_ctl"); break; case SYS_epoll_pwait: fprintf(trace, "epoll_pwait"); break; case SYS_epoll_wait: fprintf(trace, "epoll_wait"); break; case SYS_eventfd: fprintf(trace, "eventfd"); break; case SYS_eventfd2: fprintf(trace, "eventfd2"); break; case SYS_execve: fprintf(trace, "execve"); break; case SYS_exit: fprintf(trace, "exit"); break; case SYS_exit_group: fprintf(trace, "exit_group"); break; case SYS_faccessat: fprintf(trace, "faccessat"); break; case SYS_fadvise64: fprintf(trace, "fadvise64"); break; case SYS_fallocate: fprintf(trace, "fallocate"); break; case SYS_fchdir: fprintf(trace, "fchdir"); break; case SYS_fchmod: fprintf(trace, "fchmod"); break; case SYS_fchmodat: fprintf(trace, "fchmodat"); break; case SYS_fchown: fprintf(trace, "fchown"); break; case SYS_fchownat: fprintf(trace, "fchownat"); break; case SYS_fcntl: fprintf(trace, "fcntl"); break; case SYS_fdatasync: fprintf(trace, "fdatasync"); break; case SYS_fgetxattr: fprintf(trace, "fgetxattr"); break; case SYS_flistxattr: fprintf(trace, "flistxattr"); break; case SYS_flock: fprintf(trace, "flock"); break; case SYS_fork: fprintf(trace, "fork"); break; case SYS_fremovexattr: fprintf(trace, "fremovexattr"); break; case SYS_fsetxattr: fprintf(trace, "fsetxattr"); break; case SYS_fstat: fprintf(trace, "fstat"); break; case SYS_fstatfs: fprintf(trace, "fstatfs"); break; case SYS_fsync: fprintf(trace, "fsync"); break; case SYS_ftruncate: fprintf(trace, "ftruncate"); break; case SYS_futex: fprintf(trace, "futex"); break; case SYS_futimesat: fprintf(trace, "futimesat"); break; case SYS_get_kernel_syms: fprintf(trace, "get_kernel_syms"); break; case SYS_get_mempolicy: fprintf(trace, "get_mempolicy"); break; case SYS_get_robust_list: fprintf(trace, "get_robust_list"); break; case SYS_get_thread_area: fprintf(trace, "get_thread_area"); break; case SYS_getcwd: fprintf(trace, "getcwd"); break; case SYS_getdents: fprintf(trace, "getdents"); break; case SYS_getdents64: fprintf(trace, "getdents64"); break; case SYS_getegid: fprintf(trace, "getegid"); break; case SYS_geteuid: fprintf(trace, "geteuid"); break; case SYS_getgid: fprintf(trace, "getgid"); break; case SYS_getgroups: fprintf(trace, "getgroups"); break; case SYS_getitimer: fprintf(trace, "getitimer"); break; case SYS_getpgid: fprintf(trace, "getpgid"); break; case SYS_getpgrp: fprintf(trace, "getpgrp"); break; case SYS_getpid: fprintf(trace, "getpid"); break; case SYS_getpmsg: fprintf(trace, "getpmsg"); break; case SYS_getppid: fprintf(trace, "getppid"); break; case SYS_getpriority: fprintf(trace, "getpriority"); break; case SYS_getresgid: fprintf(trace, "getresgid"); break; case SYS_getresuid: fprintf(trace, "getresuid"); break; case SYS_getrlimit: fprintf(trace, "getrlimit"); break; case SYS_getrusage: fprintf(trace, "getrusage"); break; case SYS_getsid: fprintf(trace, "getsid"); break; case SYS_gettid: fprintf(trace, "gettid"); break; case SYS_gettimeofday: fprintf(trace, "gettimeofday"); break; case SYS_getuid: fprintf(trace, "getuid"); break; case SYS_getxattr: fprintf(trace, "getxattr"); break; case SYS_init_module: fprintf(trace, "init_module"); break; case SYS_inotify_add_watch: fprintf(trace, "inotify_add_watch"); break; case SYS_inotify_init: fprintf(trace, "inotify_init"); break; case SYS_inotify_init1: fprintf(trace, "inotify_init1"); break; case SYS_inotify_rm_watch: fprintf(trace, "inotify_rm_watch"); break; case SYS_io_cancel: fprintf(trace, "io_cancel"); break; case SYS_io_destroy: fprintf(trace, "io_destroy"); break; case SYS_io_getevents: fprintf(trace, "io_getevents"); break; case SYS_io_setup: fprintf(trace, "io_setup"); break; case SYS_io_submit: fprintf(trace, "io_submit"); break; case SYS_ioctl: fprintf(trace, "ioctl"); break; case SYS_ioperm: fprintf(trace, "ioperm"); break; case SYS_iopl: fprintf(trace, "iopl"); break; case SYS_ioprio_get: fprintf(trace, "ioprio_get"); break; case SYS_ioprio_set: fprintf(trace, "ioprio_set"); break; case SYS_kexec_load: fprintf(trace, "kexec_load"); break; case SYS_keyctl: fprintf(trace, "keyctl"); break; case SYS_kill: fprintf(trace, "kill"); break; case SYS_lchown: fprintf(trace, "lchown"); break; case SYS_lgetxattr: fprintf(trace, "lgetxattr"); break; case SYS_link: fprintf(trace, "link"); break; case SYS_linkat: fprintf(trace, "linkat"); break; case SYS_listxattr: fprintf(trace, "listxattr"); break; case SYS_llistxattr: fprintf(trace, "llistxattr"); break; case SYS_lookup_dcookie: fprintf(trace, "lookup_dcookie"); break; case SYS_lremovexattr: fprintf(trace, "lremovexattr"); break; case SYS_lseek: fprintf(trace, "lseek"); break; case SYS_lsetxattr: fprintf(trace, "lsetxattr"); break; case SYS_lstat: fprintf(trace, "lstat"); break; case SYS_madvise: fprintf(trace, "madvise"); break; case SYS_mbind: fprintf(trace, "mbind"); break; case SYS_migrate_pages: fprintf(trace, "migrate_pages"); break; case SYS_mincore: fprintf(trace, "mincore"); break; case SYS_mkdir: fprintf(trace, "mkdir"); break; case SYS_mkdirat: fprintf(trace, "mkdirat"); break; case SYS_mknod: fprintf(trace, "mknod"); break; case SYS_mknodat: fprintf(trace, "mknodat"); break; case SYS_mlock: fprintf(trace, "mlock"); break; case SYS_mlockall: fprintf(trace, "mlockall"); break; case SYS_mmap: fprintf(trace, "mmap"); break; case SYS_modify_ldt: fprintf(trace, "modify_ldt"); break; case SYS_mount: fprintf(trace, "mount"); break; case SYS_move_pages: fprintf(trace, "move_pages"); break; case SYS_mprotect: fprintf(trace, "mprotect"); break; case SYS_mq_getsetattr: fprintf(trace, "mq_getsetattr"); break; case SYS_mq_notify: fprintf(trace, "mq_notify"); break; case SYS_mq_open: fprintf(trace, "mq_open"); break; case SYS_mq_timedreceive: fprintf(trace, "mq_timedreceive"); break; case SYS_mq_timedsend: fprintf(trace, "mq_timedsend"); break; case SYS_mq_unlink: fprintf(trace, "mq_unlink"); break; case SYS_mremap: fprintf(trace, "mremap"); break; case SYS_msync: fprintf(trace, "msync"); break; case SYS_munlock: fprintf(trace, "munlock"); break; case SYS_munlockall: fprintf(trace, "munlockall"); break; case SYS_munmap: fprintf(trace, "munmap"); break; case SYS_nanosleep: fprintf(trace, "nanosleep"); break; case SYS_nfsservctl: fprintf(trace, "nfsservctl"); break; case SYS_open: fprintf(trace, "open"); break; case SYS_openat: fprintf(trace, "openat"); break; case SYS_pause: fprintf(trace, "pause"); break; case SYS_perf_event_open: fprintf(trace, "perf_event_open"); break; case SYS_personality: fprintf(trace, "personality"); break; case SYS_pipe: fprintf(trace, "pipe"); break; case SYS_pipe2: fprintf(trace, "pipe2"); break; case SYS_pivot_root: fprintf(trace, "pivot_root"); break; case SYS_poll: fprintf(trace, "poll"); break; case SYS_ppoll: fprintf(trace, "ppoll"); break; case SYS_prctl: fprintf(trace, "prctl"); break; case SYS_pread64: fprintf(trace, "pread64"); break; case SYS_preadv: fprintf(trace, "preadv"); break; case SYS_pselect6: fprintf(trace, "pselect6"); break; case SYS_ptrace: fprintf(trace, "ptrace"); break; case SYS_putpmsg: fprintf(trace, "putpmsg"); break; case SYS_pwrite64: fprintf(trace, "pwrite64"); break; case SYS_pwritev: fprintf(trace, "pwritev"); break; case SYS_query_module: fprintf(trace, "query_module"); break; case SYS_quotactl: fprintf(trace, "quotactl"); break; case SYS_read: fprintf(trace, "read"); break; case SYS_readahead: fprintf(trace, "readahead"); break; case SYS_readlink: fprintf(trace, "readlink"); break; case SYS_readlinkat: fprintf(trace, "readlinkat"); break; case SYS_readv: fprintf(trace, "readv"); break; case SYS_reboot: fprintf(trace, "reboot"); break; case SYS_remap_file_pages: fprintf(trace, "remap_file_pages"); break; case SYS_removexattr: fprintf(trace, "removexattr"); break; case SYS_rename: fprintf(trace, "rename"); break; case SYS_renameat: fprintf(trace, "renameat"); break; case SYS_request_key: fprintf(trace, "request_key"); break; case SYS_restart_syscall: fprintf(trace, "restart_syscall"); break; case SYS_rmdir: fprintf(trace, "rmdir"); break; case SYS_rt_sigaction: fprintf(trace, "rt_sigaction"); break; case SYS_rt_sigpending: fprintf(trace, "rt_sigpending"); break; case SYS_rt_sigprocmask: fprintf(trace, "rt_sigprocmask"); break; case SYS_rt_sigqueueinfo: fprintf(trace, "rt_sigqueueinfo"); break; case SYS_rt_sigreturn: fprintf(trace, "rt_sigreturn"); break; case SYS_rt_sigsuspend: fprintf(trace, "rt_sigsuspend"); break; case SYS_rt_sigtimedwait: fprintf(trace, "rt_sigtimedwait"); break; case SYS_rt_tgsigqueueinfo: fprintf(trace, "rt_tgsigqueueinfo"); break; case SYS_sched_get_priority_max: fprintf(trace, "sched_get_priority_max"); break; case SYS_sched_get_priority_min: fprintf(trace, "sched_get_priority_min"); break; case SYS_sched_getaffinity: fprintf(trace, "sched_getaffinity"); break; case SYS_sched_getparam: fprintf(trace, "sched_getparam"); break; case SYS_sched_getscheduler: fprintf(trace, "sched_getscheduler"); break; case SYS_sched_rr_get_interval: fprintf(trace, "sched_rr_get_interval"); break; case SYS_sched_setaffinity: fprintf(trace, "sched_setaffinity"); break; case SYS_sched_setparam: fprintf(trace, "sched_setparam"); break; case SYS_sched_setscheduler: fprintf(trace, "sched_setscheduler"); break; case SYS_sched_yield: fprintf(trace, "sched_yield"); break; case SYS_select: fprintf(trace, "select"); break; case SYS_sendfile: fprintf(trace, "sendfile"); break; case SYS_set_mempolicy: fprintf(trace, "set_mempolicy"); break; case SYS_set_robust_list: fprintf(trace, "set_robust_list"); break; case SYS_set_thread_area: fprintf(trace, "set_thread_area"); break; case SYS_set_tid_address: fprintf(trace, "set_tid_address"); break; case SYS_setdomainname: fprintf(trace, "setdomainname"); break; case SYS_setfsgid: fprintf(trace, "setfsgid"); break; case SYS_setfsuid: fprintf(trace, "setfsuid"); break; case SYS_setgid: fprintf(trace, "setgid"); break; case SYS_setgroups: fprintf(trace, "setgroups"); break; case SYS_sethostname: fprintf(trace, "sethostname"); break; case SYS_setitimer: fprintf(trace, "setitimer"); break; case SYS_setpgid: fprintf(trace, "setpgid"); break; case SYS_setpriority: fprintf(trace, "setpriority"); break; case SYS_setregid: fprintf(trace, "setregid"); break; case SYS_setresgid: fprintf(trace, "setresgid"); break; case SYS_setresuid: fprintf(trace, "setresuid"); break; case SYS_setreuid: fprintf(trace, "setreuid"); break; case SYS_setrlimit: fprintf(trace, "setrlimit"); break; case SYS_setsid: fprintf(trace, "setsid"); break; case SYS_settimeofday: fprintf(trace, "settimeofday"); break; case SYS_setuid: fprintf(trace, "setuid"); break; case SYS_setxattr: fprintf(trace, "setxattr"); break; case SYS_sigaltstack: fprintf(trace, "sigaltstack"); break; case SYS_signalfd: fprintf(trace, "signalfd"); break; case SYS_signalfd4: fprintf(trace, "signalfd4"); break; case SYS_splice: fprintf(trace, "splice"); break; case SYS_stat: fprintf(trace, "stat"); break; case SYS_statfs: fprintf(trace, "statfs"); break; case SYS_swapoff: fprintf(trace, "swapoff"); break; case SYS_swapon: fprintf(trace, "swapon"); break; case SYS_symlink: fprintf(trace, "symlink"); break; case SYS_symlinkat: fprintf(trace, "symlinkat"); break; case SYS_sync: fprintf(trace, "sync"); break; case SYS_sync_file_range: fprintf(trace, "sync_file_range"); break; case SYS_sysfs: fprintf(trace, "sysfs"); break; case SYS_sysinfo: fprintf(trace, "sysinfo"); break; case SYS_syslog: fprintf(trace, "syslog"); break; case SYS_tee: fprintf(trace, "tee"); break; case SYS_tgkill: fprintf(trace, "tgkill"); break; case SYS_time: fprintf(trace, "time"); break; case SYS_timer_create: fprintf(trace, "timer_create"); break; case SYS_timer_delete: fprintf(trace, "timer_delete"); break; case SYS_timer_getoverrun: fprintf(trace, "timer_getoverrun"); break; case SYS_timer_gettime: fprintf(trace, "timer_gettime"); break; case SYS_timer_settime: fprintf(trace, "timer_settime"); break; case SYS_timerfd_create: fprintf(trace, "timerfd_create"); break; case SYS_timerfd_gettime: fprintf(trace, "timerfd_gettime"); break; case SYS_timerfd_settime: fprintf(trace, "timerfd_settime"); break; case SYS_times: fprintf(trace, "times"); break; case SYS_tkill: fprintf(trace, "tkill"); break; case SYS_truncate: fprintf(trace, "truncate"); break; case SYS_umask: fprintf(trace, "umask"); break; case SYS_umount2: fprintf(trace, "umount2"); break; case SYS_uname: fprintf(trace, "uname"); break; case SYS_unlink: fprintf(trace, "unlink"); break; case SYS_unlinkat: fprintf(trace, "unlinkat"); break; case SYS_unshare: fprintf(trace, "unshare"); break; case SYS_uselib: fprintf(trace, "uselib"); break; case SYS_ustat: fprintf(trace, "ustat"); break; case SYS_utime: fprintf(trace, "utime"); break; case SYS_utimensat: fprintf(trace, "utimensat"); break; case SYS_utimes: fprintf(trace, "utimes"); break; case SYS_vfork: fprintf(trace, "vfork"); break; case SYS_vhangup: fprintf(trace, "vhangup"); break; case SYS_vmsplice: fprintf(trace, "vmsplice"); break; case SYS_vserver: fprintf(trace, "vserver"); break; case SYS_wait4: fprintf(trace, "wait4"); break; case SYS_waitid: fprintf(trace, "waitid"); break; case SYS_write: fprintf(trace, "write"); break; case SYS_writev: fprintf(trace, "writev"); break; case SYS__llseek: fprintf(trace, "_llseek"); break; case SYS__newselect: fprintf(trace, "_newselect"); break; case SYS_bdflush: fprintf(trace, "bdflush"); break; case SYS_break: fprintf(trace, "break"); break; case SYS_chown32: fprintf(trace, "chown32"); break; case SYS_fadvise64_64: fprintf(trace, "fadvise64_64"); break; case SYS_fchown32: fprintf(trace, "fchown32"); break; case SYS_fcntl64: fprintf(trace, "fcntl64"); break; case SYS_fstat64: fprintf(trace, "fstat64"); break; case SYS_fstatat64: fprintf(trace, "fstatat64"); break; case SYS_fstatfs64: fprintf(trace, "fstatfs64"); break; case SYS_ftime: fprintf(trace, "ftime"); break; case SYS_ftruncate64: fprintf(trace, "ftruncate64"); break; case SYS_getcpu: fprintf(trace, "getcpu"); break; case SYS_getegid32: fprintf(trace, "getegid32"); break; case SYS_geteuid32: fprintf(trace, "geteuid32"); break; case SYS_getgid32: fprintf(trace, "getgid32"); break; case SYS_getgroups32: fprintf(trace, "getgroups32"); break; case SYS_getresgid32: fprintf(trace, "getresgid32"); break; case SYS_getresuid32: fprintf(trace, "getresuid32"); break; case SYS_getuid32: fprintf(trace, "getuid32"); break; case SYS_gtty: fprintf(trace, "gtty"); break; case SYS_idle: fprintf(trace, "idle"); break; case SYS_ipc: fprintf(trace, "ipc"); break; case SYS_lchown32: fprintf(trace, "lchown32"); break; case SYS_lock: fprintf(trace, "lock"); break; case SYS_lstat64: fprintf(trace, "lstat64"); break; case SYS_mmap2: fprintf(trace, "mmap2"); break; case SYS_mpx: fprintf(trace, "mpx"); break; case SYS_nice: fprintf(trace, "nice"); break; case SYS_oldfstat: fprintf(trace, "oldfstat"); break; case SYS_oldlstat: fprintf(trace, "oldlstat"); break; case SYS_oldolduname: fprintf(trace, "oldolduname"); break; case SYS_oldstat: fprintf(trace, "oldstat"); break; case SYS_olduname: fprintf(trace, "olduname"); break; case SYS_prof: fprintf(trace, "prof"); break; case SYS_profil: fprintf(trace, "profil"); break; case SYS_readdir: fprintf(trace, "readdir"); break; case SYS_sendfile64: fprintf(trace, "sendfile64"); break; case SYS_setfsgid32: fprintf(trace, "setfsgid32"); break; case SYS_setfsuid32: fprintf(trace, "setfsuid32"); break; case SYS_setgid32: fprintf(trace, "setgid32"); break; case SYS_setgroups32: fprintf(trace, "setgroups32"); break; case SYS_setregid32: fprintf(trace, "setregid32"); break; case SYS_setresgid32: fprintf(trace, "setresgid32"); break; case SYS_setresuid32: fprintf(trace, "setresuid32"); break; case SYS_setreuid32: fprintf(trace, "setreuid32"); break; case SYS_setuid32: fprintf(trace, "setuid32"); break; case SYS_sgetmask: fprintf(trace, "sgetmask"); break; case SYS_sigaction: fprintf(trace, "sigaction"); break; case SYS_signal: fprintf(trace, "signal"); break; case SYS_sigpending: fprintf(trace, "sigpending"); break; case SYS_sigprocmask: fprintf(trace, "sigprocmask"); break; case SYS_sigreturn: fprintf(trace, "sigreturn"); break; case SYS_sigsuspend: fprintf(trace, "sigsuspend"); break; case SYS_socketcall: fprintf(trace, "socketcall"); break; case SYS_ssetmask: fprintf(trace, "ssetmask"); break; case SYS_stat64: fprintf(trace, "stat64"); break; case SYS_statfs64: fprintf(trace, "statfs64"); break; case SYS_stime: fprintf(trace, "stime"); break; case SYS_stty: fprintf(trace, "stty"); break; case SYS_truncate64: fprintf(trace, "truncate64"); break; case SYS_ugetrlimit: fprintf(trace, "ugetrlimit"); break; case SYS_ulimit: fprintf(trace, "ulimit"); break; case SYS_umount: fprintf(trace, "umount"); break; case SYS_vm86: fprintf(trace, "vm86"); break; case SYS_vm86old: fprintf(trace, "vm86old"); break; case SYS_waitpid: fprintf(trace, "waitpid"); break; default: fprintf(trace,"0x%ld", (long) num); break; } fprintf(trace,"(0x%lx, 0x%lx, 0x%lx, 0x%lx, 0x%lx, 0x%lx)", (unsigned long)arg0, (unsigned long)arg1, (unsigned long)arg2, (unsigned long)arg3, (unsigned long)arg4, (unsigned long)arg5); } // Print the return value of the system call VOID SysAfter(ADDRINT ret) { fprintf(trace,"returns: 0x%lx\n", (unsigned long)ret); fflush(trace); } VOID SyscallEntry(THREADID threadIndex, CONTEXT *ctxt, SYSCALL_STANDARD std, VOID *v) { SysBefore(PIN_GetContextReg(ctxt, REG_INST_PTR), PIN_GetSyscallNumber(ctxt, std), PIN_GetSyscallArgument(ctxt, std, 0), PIN_GetSyscallArgument(ctxt, std, 1), PIN_GetSyscallArgument(ctxt, std, 2), PIN_GetSyscallArgument(ctxt, std, 3), PIN_GetSyscallArgument(ctxt, std, 4), PIN_GetSyscallArgument(ctxt, std, 5)); } VOID SyscallExit(THREADID threadIndex, CONTEXT *ctxt, SYSCALL_STANDARD std, VOID *v) { SysAfter(PIN_GetSyscallReturn(ctxt, std)); } // Is called for every instruction and instruments syscalls VOID Instruction(INS ins, VOID *v) { // For O/S's (Mac) that don't support PIN_AddSyscallEntryFunction(), // instrument the system call instruction. if (INS_IsSyscall(ins) && INS_HasFallThrough(ins)) { // Arguments and syscall number is only available before INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(SysBefore), IARG_INST_PTR, IARG_SYSCALL_NUMBER, IARG_SYSARG_VALUE, 0, IARG_SYSARG_VALUE, 1, IARG_SYSARG_VALUE, 2, IARG_SYSARG_VALUE, 3, IARG_SYSARG_VALUE, 4, IARG_SYSARG_VALUE, 5, IARG_END); // return value only available after INS_InsertCall(ins, IPOINT_AFTER, AFUNPTR(SysAfter), IARG_SYSRET_VALUE, IARG_END); } } VOID Fini(INT32 code, VOID *v) { fprintf(trace,"#eof\n"); fclose(trace); } /* ===================================================================== */ /* Print Help Message */ /* ===================================================================== */ INT32 Usage() { PIN_ERROR("This tool prints a log of system calls" + KNOB_BASE::StringKnobSummary() + "\n"); return -1; } /* ===================================================================== */ /* Main */ /* ===================================================================== */ int main(int argc, char *argv[]) { if (PIN_Init(argc, argv)) return Usage(); trace = fopen("strace.out", "w"); INS_AddInstrumentFunction(Instruction, 0); PIN_AddSyscallEntryFunction(SyscallEntry, 0); PIN_AddSyscallExitFunction(SyscallExit, 0); PIN_AddFiniFunction(Fini, 0); // Never returns PIN_StartProgram(); return 0; }