[FunctionTrace] Finish Function Tracer module

[Freakston]

• [x] Iterate through the entire program and get details on all the function calls
• [x] Sort whether each call is a library call or a user defined call
• [x] Store addresses of each function call
• [x] Store statistics of each function call (ie. how many times is it called)

TODO:

• [ ] Get function arguments for each call
• [ ] Mark out common arguments for multiple functions - (It can help us figure out some pattern)

[pranjalsingh008]

This is what the output looks like Currently, the issue is that the offsets of those library function are negative as the address is before the image_base

[akulpillai]

We need to find a better approach to recognizing library functions, for dynamically linked binaries at least can't we just get this info from the .plt section?

[Freakston]

• [x] Get function arguments for each call (Partial support)

I can't think of ways of getting the number of arguments passed to each function.

• [ ] Mark out common arguments for multiple functions

Wouldn't this be better with the taint module ? That way we will be able to identify the value passed as well.

I've attached link to the gist that contain the log while running this on babyvm log

[akulpillai]

I can't think of ways of getting the number of arguments passed to each function.

• [ ] Mark out common arguments for multiple functions

Wouldn't this be better with the taint module ? That way we will be able to identify the value passed as well.

Yes, it might also be easier to recognize the arguments using the taint module. But it is quite a complex problem so we might end up writing a separate module. We need to discuss how to go about this.

I've attached link to the gist that contain the log while running this on babyvm log

A lot of data dumped at once. We need to rewrite it in a way where the user can chose to run a module with options specified. For example, which function to dump this data for. I guess this is already on the roadmap.

[Freakston]

A lot of data dumped at once. We need to rewrite it in a way where the user can choose to run a module with options specified. For example, which functions to dump this data for. I guess this is already on the roadmap.

Yes, I was intending on doing the same.

Yes, it might also be easier to recognize the arguments using the Taint module. But it is quite a complex problem so we might end up writing a separate module. We need to discuss how to go about this.

I'm reading through a couple of methods by which we can find the function signature of the file and then use that to our advantage like what has been done for syscalls in Syscalls Tracer.

Merging this PR for now.