panda-re 0.49.0

The official library for interfacing with PANDA (Platform for Architecture-Neutral Dynamic Analysis)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

use std::{
    collections::HashMap,
    ffi::c_void,
    sync::{
        atomic::{AtomicU64, Ordering},
        RwLock,
    },
};

use once_cell::sync::OnceCell;

use crate::sys::{hwaddr, target_ptr_t, CPUState, MachineState, Monitor, TranslationBlock};
use crate::{sys, PluginHandle};

/// A reference to a given callback slot which can be used to install,
/// enable, disable, or otherwise reference, a closure-based callback.
///
/// Since this is a reference to a callback slot and does not include storage
/// for the callback itself, it can be trivially copied, as well as included in
/// the callback itself (for the purposes of enabling/disabling).
///
/// ## Example
///
/// ```
/// use panda::prelude::*;
/// use panda::Callback;
///
/// let mut count = 0;
/// let bb_callback = Callback::new();
/// bb_callback.before_block_exec(move |_, _| {
///     count += 1;
///     println!("Basic block #{}", count);
///
///     if count > 5 {
///         bb_callback.disable();
///     }
/// });
///
/// Panda::new()
///    .generic("x86_64")
///    .run();
/// ```
///
/// ## Note
///
/// Callback closures must have a static lifetime in order to live past the end of the
/// function. This means that the only references a callback can include are references
/// to static variables or leaked objects on the heap (See `Box::leak` for more info).
///
/// If you'd like to reference shared data without leaking, this can be accomplished via
/// reference counting. See [`Arc`] for more info. If you want to capture data owned
/// by the current function without sharing it, you can mark your closure as `move` in
/// order to move all the variables you capture into your closure. (Such as in the above
/// example, where `count` is moved into the closure for modification)
///
/// [`Arc`]: https://doc.rust-lang.org/std/sync/struct.Arc.html
#[repr(transparent)]
#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord)]
pub struct Callback(u64);

static CURRENT_CALLBACK_ID: AtomicU64 = AtomicU64::new(0);

impl Callback {
    /// Create a new callback slot which can then be used to install or modify
    /// a given callback.
    pub fn new() -> Self {
        Self(CURRENT_CALLBACK_ID.fetch_add(1, Ordering::SeqCst))
    }

    /// Enable the callback assigned to the given slot, if any.
    pub fn enable(&self) {
        let callbacks = CALLBACKS.read().unwrap();
        if let Some(callback) = callbacks.get(&self.0) {
            unsafe {
                sys::panda_enable_callback_with_context(
                    get_plugin_ref(),
                    callback.cb_kind,
                    callback.trampoline,
                    callback.closure_ref as *mut c_void,
                );
            }
        }
    }

    /// Disable the callback assigned to the given slot, if any.
    pub fn disable(&self) {
        let callbacks = CALLBACKS.read().unwrap();

        if let Some(callback) = callbacks.get(&self.0) {
            unsafe {
                sys::panda_disable_callback_with_context(
                    get_plugin_ref(),
                    callback.cb_kind,
                    callback.trampoline,
                    callback.closure_ref as *mut c_void,
                );
            }
        }
    }
}

struct ClosureCallback {
    closure_ref: *mut *mut c_void,
    cb_kind: sys::panda_cb_type,
    trampoline: sys::panda_cb_with_context,
    drop_fn: unsafe fn(*mut *mut c_void),
}

unsafe impl Sync for ClosureCallback {}
unsafe impl Send for ClosureCallback {}

lazy_static::lazy_static! {
    static ref CALLBACKS: RwLock<HashMap<u64, ClosureCallback>> = RwLock::new(HashMap::new());
}

static PLUGIN_REF: OnceCell<u64> = OnceCell::new();

#[doc(hidden)]
pub fn set_plugin_ref(plugin: *mut PluginHandle) {
    let _ = PLUGIN_REF.set(plugin as u64);
}

fn get_plugin_ref() -> *mut c_void {
    *PLUGIN_REF.get_or_init(|| &PLUGIN_REF as *const _ as u64) as _
}

fn install_closure_callback(id: u64, callback: ClosureCallback) {
    unsafe {
        sys::panda_register_callback_with_context(
            get_plugin_ref(),
            callback.cb_kind,
            callback.trampoline,
            callback.closure_ref as *mut c_void,
        );
    }

    CALLBACKS.write().unwrap().insert(id, callback);
}

impl std::ops::Drop for ClosureCallback {
    fn drop(&mut self) {
        unsafe { (self.drop_fn)(self.closure_ref) }
    }
}

panda_macros::define_closure_callbacks!();