forked from hasherezade/tiny_tracer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TraceLog.cpp
107 lines (95 loc) · 2.54 KB
/
TraceLog.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#include "TraceLog.h"
#define DELIMITER ';'
#include "Util.h"
void TraceLog::logCall(const ADDRINT prevModuleBase, const ADDRINT prevAddr, bool isRVA, const std::string module, const std::string func)
{
if (!createFile()) return;
ADDRINT rva = (isRVA) ? prevAddr : prevAddr - prevModuleBase;
if (!isRVA) {
m_traceFile << "> " << prevModuleBase << "+";
}
m_traceFile <<
std::hex << rva
<< DELIMITER;
if (!m_shortLog) {
m_traceFile << "called: "
<< module;
}
else {
m_traceFile << util::getDllName(module);
}
if (func.length() > 0) {
m_traceFile << "." << func;
}
m_traceFile << std::endl;
m_traceFile.flush();
}
void TraceLog::logCall(const ADDRINT prevBase, const ADDRINT prevAddr, const ADDRINT calledPageBase, const ADDRINT callAddr)
{
if (!createFile()) return;
if (prevBase) {
m_traceFile << "> " << prevBase << "+";
}
const ADDRINT rva = callAddr - calledPageBase;
m_traceFile <<
std::hex << prevAddr
<< DELIMITER
<< "called: ?? [" << calledPageBase << "+" << rva << "]"
<< std::endl;
m_traceFile.flush();
}
void TraceLog::logSectionChange(const ADDRINT prevAddr, std::string name)
{
if (!createFile()) return;
m_traceFile
<< std::hex << prevAddr
<< DELIMITER
<< "section: [" << name << "]"
<< std::endl;
m_traceFile.flush();
}
void TraceLog::logRdtsc(const ADDRINT base, const ADDRINT rva)
{
if (!createFile()) return;
if (base) {
m_traceFile << "> " << std::hex << base << "+";
}
m_traceFile
<< std::hex << rva
<< DELIMITER
<< "RDTSC"
<< std::endl;
m_traceFile.flush();
}
void TraceLog::logCpuid(const ADDRINT base, const ADDRINT rva, const ADDRINT param)
{
if (!createFile()) return;
if (base) {
m_traceFile << "> " << std::hex << base << "+";
}
m_traceFile
<< std::hex << rva
<< DELIMITER
<< "CPUID:"
<< std::hex << param
<< std::endl;
m_traceFile.flush();
}
void TraceLog::logLine(std::string str)
{
if (!createFile()) return;
m_traceFile
<< str
<< std::endl;
m_traceFile.flush();
}
void TraceLog::logNewSectionCalled(const ADDRINT prevAddr, std::string prevSection, std::string currSection)
{
createFile();
m_traceFile
<< std::hex << prevAddr
<< DELIMITER
<< "[" << prevSection << "] -> [" << currSection << "]"
<< std::endl;
m_traceFile.flush();
}