Google Git
Sign in
chromium / syzygy / 4c7cb860467e960396dc24e5146c57802ce3669b / . / syzygy / playback / playback.h
blob: a41fd713d12516febb37feedf01b3efb953e6031 [file] [log] [blame]
// Copyright 2012 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// This defines the playback class. The class encapsulates the workflow
// associated with parsing a trace file with respect to an original module.
// It takes care of validating that all data sources match (trace files,
// instrumented module, original module), decomposing the original module,
// and provides functionality for mapping trace events back to
// addresses/blocks in the original module.
//
// Playback playback(module_path, instrumented_path, trace_files);
// playback.Init(pe_file, image, parser)
// playback.ConsumeCallTraceEvents()
#ifndef SYZYGY_PLAYBACK_PLAYBACK_H_
#define SYZYGY_PLAYBACK_PLAYBACK_H_
#include <windows.h>
#include "base/win/event_trace_consumer.h"
#include "syzygy/block_graph/block_graph.h"
#include "syzygy/pdb/omap.h"
#include "syzygy/pe/decomposer.h"
#include "syzygy/pe/image_layout.h"
#include "syzygy/trace/parse/parser.h"
namespace playback {
class Playback {
public:
typedef block_graph::BlockGraph BlockGraph;
typedef pe::ImageLayout ImageLayout;
typedef pe::PEFile PEFile;
typedef std::vector<base::FilePath> TraceFileList;
typedef trace::parser::ModuleInformation ModuleInformation;
typedef trace::parser::Parser Parser;
// Construct a new Playback instance.
// @param module_path The path of the module dll.
// @param instrumented_path The path of the instrumented dll.
// @param trace_files A list of the trace files to analyze.
Playback(const base::FilePath& module_path,
const base::FilePath& instrumented_path,
const TraceFileList& trace_files);
~Playback();
// Initializes the playback class and decomposes the given image.
// This function is virtual to aid testing of classes that may own Playback.
// @param pe_file The PE file to be initialized.
// @param image The image that will receive the decomposed module.
// @param parser The parser to be used.
// @returns true on success, false on failure.
virtual bool Init(PEFile* pe_file, ImageLayout* image, Parser* parser);
// @returns true if the given ModuleInformation matches the instrumented
// module signature, false otherwise.
bool MatchesInstrumentedModuleSignature(
const ModuleInformation& module_info) const;
// Gets a code block from our image from its function address and process id.
// @param process_id The process id of the module where the function resides.
// @param function The relative address of the function we are searching.
// @param error Will be set to true if an error occurs.
// @returns The code block @p function and @p process_id refer to, or NULL if
// no such block can be found (this can occur if events for multiple
// instrumented modules occur in the same trace file, and we are
// processing an event from a module that is not our module of interest.)
// If an error occurs this will also return NULL.
const BlockGraph::Block* FindFunctionBlock(DWORD process_id,
FuncAddr function,
bool* error);
// @name Accessors
// @{
const PEFile* pe_file() const { return pe_file_; }
const ImageLayout* image() const { return image_; }
const TraceFileList& trace_files() const { return trace_files_; }
const std::vector<OMAP>& omap_to() const { return omap_to_; }
const std::vector<OMAP>& omap_from() const { return omap_from_; }
const PEFile::Signature& instr_signature() const { return instr_signature_; }
// @}
protected:
typedef pe::Decomposer Decomposer;
typedef TraceFileList::iterator TraceFileIter;
typedef uint64_t AbsoluteAddress64;
typedef uint64_t Size64;
// Loads information from the instrumented and original modules.
bool LoadModuleInformation();
// Initializes the parser.
bool InitializeParser();
// Loads OMAP information for the instrumented module.
bool LoadInstrumentedOmap();
// Decomposes the original image.
bool DecomposeImage();
// Parses the instrumented DLL headers, validating that it was produced
// by a compatible version of the toolchain, and extracting signature
// information and metadata.
// @returns true on success, false otherwise.
bool ValidateInstrumentedModuleAndParseSignature(
PEFile::Signature* orig_signature);
// The paths of the test module, instrumented module, and trace files.
base::FilePath module_path_;
base::FilePath instrumented_path_;
TraceFileList trace_files_;
// This is a copy of the parser used to decompose the image, which needs
// to be initialized with a ParseEventHandler before being used.
Parser* parser_;
// A pointer to the PE file info for the module we're analyzing. This
// is actually a pointer to a part of the output structure, but several
// internals make use of it during processing.
PEFile* pe_file_;
// The decomposed image of the module we're analyzing. This is actually
// a pointer to an image in the output structure, but several internals
// make use of it during processing.
ImageLayout* image_;
// The OMAP info from the instrumented module's PDB. Used for mapping
// addresses back and forth between the instrumented DLL and the original DLL.
std::vector<OMAP> omap_to_;
std::vector<OMAP> omap_from_;
// Signature of the instrumented DLL. Used for filtering call-trace events.
PEFile::Signature instr_signature_;
};
} // namespace playback
#endif // SYZYGY_PLAYBACK_PLAYBACK_H_