|
From: Chris J. <ch...@at...> - 2004-06-23 11:33:27
|
Hello, I am trying to find a way to match function calls up with returns. For example: XXX: CALL somecode somecode: . . . YYY: RET I want to match the return at YYY with the call at XXX. Whatever method I use must be able to cope with 1) the stack pointer warping (e.g. due to longjmp) and 2) not all calls/returns being instrumented. To cope with 1) I decided to give each CALL instance a unique index and pushed this value on the stack. The instrumented RET would pop this value from the stack and in this way the RET could be matched with the CALL. To cope with 2) I decided that when an instrumented CALL occurred it would have to modify the return address on the stack to point to some trampoline code that would also pop the extra index from the stack. I hope I am making sense so far! I don't want the trampoline code instrumented so I decided to manually insert a non-instrumneted copy (compiled from Ucode) in the translation table. Unfortunately this requires the use of some internal functions and is generally messy. Can anyone help me out here and suggest a better way to do what I'm doing? Regargs, Chris -- http://www.atomice.com |