search

gaasedelen / tenet

A Trace Explorer for Reverse Engineers
MIT License
1.33k stars 131 forks source link

pintenet segfaults without the -w option #9

Closed nkaretnikov closed 3 years ago

nkaretnikov commented 3 years ago

test program

~/tenet/tracers/pin$ cat test.c
#include <stdio.h>

int main() { printf("hello\n"); }

~/tenet/tracers/pin$ gcc -g -o test test.c -Wall -Werror -Wextra

~/tenet/tracers/pin$ ./test
hello

crash

~/tenet/tracers/pin$ /home/test/pin/pin-3.19-98425-gd666b2bee-gcc-linux/pin -t obj-intel64/pintenet.so
   -o moo -- "./test"
Loaded image: 0x563463397000:0x563463399157 -> test
Loaded image: 0x7f01cbc50000:0x7f01cbc7bccb -> ld-linux-x86-64.so.2
Loaded image: 0x7ffce369a000:0x7ffce369aec7 -> [vdso]
Loaded image: 0x7f01b7200000:0x7f01b73f14d7 -> libc.so.6
C: [tid:38587] Tool (or Pin) caused signal 11 at PC 0x7f01c998d65d
Segmentation fault (core dumped)

no crash

~/tenet/tracers/pin$ /home/test/pin/pin-3.19-98425-gd666b2bee-gcc-linux/pin -t obj-intel64/pintenet.so   -w "test" -o moo -- "./test"
White-listing image: test
Loaded image: 0x55d75fe6f000:0x55d75fe71157 -> test
Loaded image: 0x7f78b5d1e000:0x7f78b5d49ccb -> ld-linux-x86-64.so.2
Loaded image: 0x7ffca6a61000:0x7ffca6a61ec7 -> [vdso]
Loaded image: 0x7f78a13c1000:0x7f78a15b24d7 -> libc.so.6
hello

generated trace

~/tenet/tracers/pin$ head moo.0.log  -n3
rdi=0x7f78b5d4d190,rsi=0x7f78b5d4d730,rsp=0x7ffca6a1d700,rdx=0x7f78b5d2fd50,rcx=0x7ffca6a1d718,rax=0x1c,r8=0x7f78a1573700,r9=0x9,r11=0x7f78a15738f0,r12=0x55d75fe70060,r13=0x7ffca6a1d700,rip=0x55d75fe70060,mr=0x7ffca6a1d6f8:3af1d1b5787f0000,mw=0x7f78b5d4d4ac:1c
rip=0x55d75fe70064
rip=0x55d75fe70066
nkaretnikov commented 3 years ago

P.S. I'd mention make TARGET=intel64 for Linux here and add error-checking for empty export PIN_ROOT (since it's mandatory).

gaasedelen commented 3 years ago

Have you tested this with 7f97ae8? Because this crash looks like it might just be a dupe of #5

Otherwise I'll try to take a look when I have more time.

Thanks!

nkaretnikov commented 3 years ago

@gaasedelen

Hey! Yeah, no rush!

The commit I used is 352237b98b600f7c337314312cd3731bdbfa00a8, which is the latest right now.

BTW, I think the pintool from lighthouse doesn't have this problem (85818f5b9bff026e47cd673ba01391e7c703e6cb), but maybe I just got lucky.

Thanks!

gaasedelen commented 3 years ago

Thanks for the quick response :-)

The commit in question (7f97ae8) is on the development branch, not on master. If you have some time, try switching branches and building with that fix. I think it's the same issue, but I could be wrong.

On that note... tenet's pin tool is pretty experimental :-P. I've traced a few 'big' things with it before and it has been fine, but crashed on others. While there is some code re-use from the lighthouse pin tool, this one is actually pretty different. It could definitely use some love.