search

hasherezade / tiny_tracer

A Pin Tool for tracing API calls etc
1.25k stars 138 forks source link

Function name displayed in .pdb files #39

Closed HongThatCong closed 1 year ago

HongThatCong commented 1 year ago

Pin v3.28, tiny_tracer v2.6 I don't know if this is new code of tiny_tracer or new feature of Pin v3.28. When the environment variable _NT_SYMBOL_PATH is set, and I have long since set it, the tiny_tracer (or Pin v3.28) will path and display the function name according to the debug symbol files (.pdb/.xxx). So the functions I define in params.txt don't match. I was forced to delete (temporarily rename) this _NT_SYMBOL_PATH environment variable. Previous versions of Pin and tiny_tracer do not have this problem. Below is a screenshot of an example. image And after turn off _NT_SYMBOL_PATH, it run OK image

hasherezade commented 1 year ago

hi @HongThatCong ! Thanks for reporting. I didn't change anything related with the name resolutions in TinyTracer, so I believe this is a change introduced in Pin platform itself. I will investigate it in details soon, and make some workaround. I guess this is the change in Pin that caused it:

   o RTN_Name()/SYM_Name() on Windows OS are now returning public mangled routine/symbol name (e.g. ?foo@ccc@@QAEPADH@Z) if exists.
     Use PIN_UndecorateSymbolName() when comparing routine names rather than direct comparison 
     (e.g. PIN_UndecorateSymbolName(RTN_Name(rtn), UNDECORATION_NAME_ONLY) == "RaiseX87OverflowException").
hasherezade commented 1 year ago

@HongThatCong - please check if my latest commit helps. For now I disabled using Debug symbols at all, only export symbols (so it should work like if the _NT_SYMBOL_PATH was not available). Later I am gonna implement a version with demangling.

hasherezade commented 1 year ago

@HongThatCong - I also implemented name unmangling in a new branch: https://github.com/hasherezade/tiny_tracer/tree/unmangle Please try both options and let me know if they help.

HongThatCong commented 1 year ago

Yes, change to PIN_InitSymbolsAlt(EXPORT_SYMBOL) works fine for my needs now. But new branch unmangling is even better, when we need to monitor C++/Rust... export functions with name mangling. I will testing with new unmangling branch

Tks and brgs. TQN image

HongThatCong commented 1 year ago

Somethings still wrong with unmangling branch.

  1. An underscore in front of the output name has been removed (by PIN_UndecorateSymbolName func?) image

  2. Function name still get from debug symbol name (pdb). image

  3. But C++ export demangled is OK image

hasherezade commented 1 year ago

@HongThatCong - thanks for checking. Unfortunately, when some functions are represented by different names in the Debug symbol vs Exports, it is gonna be difficult to solve. Pin doesn't offer any way of using both versions simultaneously. And there is no one way to normalize them. What I can do is making it configurable via INI file, whether or not you want the Debug symbols to be used.

hasherezade commented 1 year ago

@HongThatCong - please check the update to the unmangle branch. Now you can select if from the INI file if you want to use the debug symbols: https://github.com/hasherezade/tiny_tracer/blob/unmangle/install32_64/TinyTracer.ini#L2