behavior was wrong, we want the last change, not the first

middleware/qira.py

@@ -12,6 +12,7 @@ import qira_webserver
 if __name__ == '__main__':
   parser = argparse.ArgumentParser(description = 'Analyze binary.')
   parser.add_argument('-s', "--server", help="bind on port 4000. like socat", action="store_true")
+  parser.add_argument('-t', "--tracelibraries", help="trace into all libraries", action="store_true")
   parser.add_argument('binary', help="path to the binary")
   parser.add_argument('args', nargs='*', help="arguments to the binary")
   args = parser.parse_args()
@@ -19,6 +20,9 @@ if __name__ == '__main__':
   # creates the file symlink, program is constant through server run
   program = qira_program.Program(args.binary, args.args)
 
+  if args.tracelibraries:
+    program.defaultargs.append("-tracelibraries")
+
   is_qira_running = 1
   try:
     socket.create_connection(('127.0.0.1', qira_webserver.QIRA_PORT))
@@ -36,8 +40,7 @@ if __name__ == '__main__':
   else:
     print "**** running "+program.program
     if is_qira_running or os.fork() == 0:   # cute?
-      os.execvp(program.qirabinary, [program.qirabinary, "-strace", "-D", "/dev/null", "-d", "in_asm",
-        "-singlestep",  program.program]+program.args)
+      program.execqira()
 
   if not is_qira_running:
     # start the http server

middleware/qira_program.py

@@ -29,6 +29,9 @@ class Program:
         pass
       os.symlink(os.path.realpath(prog), "/tmp/qira_binary")
 
+    # defaultargs for qira binary
+    self.defaultargs = ["-strace", "-D", "/dev/null", "-d", "in_asm", "-singlestep"]
+
     # pmaps is global, but updated by the traces
     self.instructions = {}
 
@@ -133,6 +136,9 @@ class Program:
   def add_trace(self, fn, i):
     self.traces[i] = Trace(fn, i, self.tregs[1], len(self.tregs[0]), self.tregs[2])
 
+  def execqira(self, args=[]):
+    os.execvp(self.qirabinary, [self.qirabinary]+self.defaultargs+args+[self.program]+self.args)
+
 class Trace:
   def __init__(self, fn, forknum, r1, r2, r3):
     self.forknum = forknum

middleware/qira_socat.py

@@ -53,7 +53,5 @@ def start_bindserver(program, myss, parent_id, start_cl, loop = False):
       except:
         pass
     # fingerprint here
-    os.execvp(program.qirabinary, [program.qirabinary, "-strace", "-D", "/dev/null", "-d", "in_asm",
-      "-qirachild", "%d %d %d" % (parent_id, start_cl, run_id), "-singlestep",
-      program.program]+program.args)
+    program.execqira(["-qirachild", "%d %d %d" % (parent_id, start_cl, run_id)])
 

qemu_mods/main.c

@@ -3652,6 +3652,12 @@ static void handle_arg_qirachild(const char *arg) {
   }
 }
 
+extern int GLOBAL_tracelibraries;
+
+static void handle_arg_tracelibraries(const char *arg) {
+  GLOBAL_tracelibraries = 1;
+}
+
 static const struct qemu_argument arg_table[] = {
     {"h",          "",                 false, handle_arg_help,
      "",           "print this help"},
@@ -3688,6 +3694,8 @@ static const struct qemu_argument arg_table[] = {
      "",           "run in singlestep mode"},
     {"qirachild",  "QIRA_CHILD",  true, handle_arg_qirachild,
      "",           "parent_id, start_clnum, id"},
+    {"tracelibraries",  "QIRA_TRACELIBRARIES",  false, handle_arg_tracelibraries,
+     "",           "parent_id, start_clnum, id"},
     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
      "",           "log system calls"},
     {"version",    "QEMU_VERSION",     false, handle_arg_version,

qemu_mods/tci.c

@@ -486,6 +486,8 @@ struct logstate *GLOBAL_logstate;
 uint32_t GLOBAL_start_clnum = 1;
 int GLOBAL_parent_id = -1, GLOBAL_id = -1;
 
+int GLOBAL_tracelibraries = 0;
+
 FILE *GLOBAL_asm_file = NULL;
 FILE *GLOBAL_strace_file = NULL;
 
@@ -774,7 +776,11 @@ bool is_filtered_address(target_ulong pc) {
   // to remove the warning
   uint64_t bpc = (uint64_t)pc;
   // TODO(geohot): FIX THIS!, filter anything that isn't the user binary and not dynamic
-  return ((bpc > 0x40000000 && bpc < 0xf6800000) || bpc >= 0x100000000);
+  if (unlikely(GLOBAL_tracelibraries)) {
+    return false;
+  } else {
+    return ((bpc > 0x40000000 && bpc < 0xf6800000) || bpc >= 0x100000000);
+  }
 }
 
 void real_target_disas(FILE *out, CPUArchState *env, target_ulong code, target_ulong size, int flags);

qiradb/qiradb.cpp

@@ -62,7 +62,7 @@ char Trace::get_type_from_flags(uint32_t flags) {
 
 inline void Trace::commit_memory(Clnum clnum, Address a, uint8_t d) {
   pair<map<Address, MemoryCell>::iterator, bool> ret = memory_.insert(MP(a, MemoryCell()));
-  ret.first->second.insert(MP(clnum, d));
+  ret.first->second[clnum] = d;
 }
 
 inline MemoryWithValid Trace::get_byte(Clnum clnum, Address a) {
@@ -146,7 +146,7 @@ void Trace::process() {
 
     // registers_
     if (type == 'W' && c->address < (register_size_ * register_count_)) {
-      registers_[c->address / register_size_].insert(MP(c->clnum, c->data));
+      registers_[c->address / register_size_][c->clnum] = c->data;
     }
 
     // memory_, data_pages_

web/client/controls.js

@@ -17,7 +17,8 @@ Template.controls.daddr = function() {
 };
 
 // probably shouldn't be here
-Session.setDefault('is_analyzing', true);
+// left off for now, doesn't work if things are big
+//Session.setDefault('is_analyzing', true);
 
 Template.controls.events = {
   'change #control_clnum': function(e) {