Optimize binary tracking in callstack_instr.

MarkMankins · lacraig2 · commit 42648a98c153 · 2025-10-17T13:59:18.000-04:00
Updated README.md with an example of how to use the new api.
diff --git a/panda/plugins/callstack_instr/README.md b/panda/plugins/callstack_instr/README.md
@@ -65,6 +65,9 @@ uint32_t get_functions(target_ulong *functions, uint32_t n, CPUState *env);
 // Must have OSI enabled for this api to work.
 uint32_t get_binaries(char **libs, uint32_t n, CPUState *cpu);
 
+// Must be called by plugins which intend to call get_binaries.
+void callstack_enable_binary_tracking(void);
+
 // Get the current program point: (Caller, PC, stack ID)
 // This isn't quite the right place for it, but since it's awkward
 // right now to have a "utilities" library, this will have to do
@@ -102,10 +105,13 @@ Example
 
 int some_plugin_fn(CPUState *env) {
     target_ulong callers[16];
+    char *binaries[16];
     int n;
     n = get_callers(callers, 16, env);
+    get_binaries(binaries, 16, env);
     for (int i = 0; i < n; i++)
-        printf("Callstack entry: " TARGET_FMT_lx "\n", callers[i]);
+        printf("Callstack entry: " TARGET_FMT_lx " %s\n", callers[i],
+            binaries[i]);
     return 0;
 }
 
@@ -114,5 +120,6 @@ int some_plugin_fn(CPUState *env) {
 bool init_plugin(void *self) {
     panda_require("callstack_instr");
     if (!init_callstack_instr_api()) return false;
+    callstack_enable_binary_tracking();
 }
 ```
diff --git a/panda/plugins/callstack_instr/callstack_instr.cpp b/panda/plugins/callstack_instr/callstack_instr.cpp
@@ -30,7 +30,6 @@ PANDAENDCOMMENT */
 #include <memory>
 #include <set>
 #include <vector>
-#include <utility>
 
 #include <capstone/capstone.h>
 #if defined(TARGET_I386)
@@ -82,8 +81,6 @@ bool old_capstone=false; // Should we use fallback instruction group detection l
 // callstack_instr arguments
 static bool verbose = false;
 static bool include_binary_info = false;
-static std::string no_osi_msg = "OSI is not enabled";
-static std::vector<char> no_osi_msg_vector(no_osi_msg.begin(), no_osi_msg.end());
 
 enum instr_type {
   INSTR_UNKNOWN = 0,
@@ -382,12 +379,15 @@ void before_block_exec(CPUState *cpu, TranslationBlock *tb) {
   if (need_to_check) {
     std::vector<stack_entry> &v = callstacks[cur_stackid];
     std::vector<target_ulong> &w = function_stacks[cur_stackid];
-
     if (v.empty()) {
         return;
     }
 
-    std::map<target_ulong, std::vector<char>> &binary_info_stack = binary_info_stacks[cur_stackid];
+    std::map<target_ulong, std::vector<char>> *binary_info_stack = nullptr;
+
+    if(include_binary_info) {
+      binary_info_stack = &binary_info_stacks[cur_stackid];
+    }
 
     // Search up to 10 down
     for (int i = v.size() - 1; i > ((int)(v.size() - 10)) && i >= 0; i--) {
@@ -397,8 +397,10 @@ void before_block_exec(CPUState *cpu, TranslationBlock *tb) {
 
         PPP_RUN_CB(on_ret, cpu, w[i]);
 
-        for (std::vector<stack_entry>::iterator it = v.begin() + i; it != v.end(); ++it) {
-            binary_info_stack.erase(it->pc);
+        if(include_binary_info) {
+          for (std::vector<stack_entry>::iterator it = v.begin() + i; it != v.end(); ++it) {
+            binary_info_stack->erase(it->pc);
+          }
         }
 
         v.erase(v.begin() + i, v.end());
@@ -412,38 +414,22 @@ void before_block_exec(CPUState *cpu, TranslationBlock *tb) {
 
 std::vector<char> getLib(CPUState* cpu, target_ulong pc) {
 
-    target_ulong end_addr;
-
     std::shared_ptr<OsiProc> proc(get_current_process(cpu), free_osiproc);
 
-    std::shared_ptr<GArray> mappings(get_mappings(cpu, proc.get()),
-                                    [](GArray *a) {
-                                        if (a != nullptr) {
-                                            g_array_free(a, true);
-                                        }
-                                    });
-
-    if(nullptr != mappings) {
-       for(uint32_t i = 0; i < mappings->len; i++) {
-           OsiModule *osimodule = &g_array_index(mappings.get(), OsiModule, i);
-           end_addr = osimodule->base + (osimodule->size - 1);
-
-           if (pc >= osimodule->base && pc < end_addr) {
-               if (nullptr != osimodule->file) {
-                   std::size_t len = strlen(osimodule->file);
-                   std::vector<char> lib_str_buf(len + 1);
-                   std::snprintf(lib_str_buf.data(), lib_str_buf.size(), "%s", osimodule->file);
-                   return lib_str_buf;
-               } else if (nullptr != osimodule->name) {
-                   std::size_t len = strlen(osimodule->name);
-                   std::vector<char> lib_str_buf(len + 1);
-                   std::snprintf(lib_str_buf.data(), lib_str_buf.size(), "%s", osimodule->name);
-                   return lib_str_buf;
-               } else {
-                   return std::vector<char>(1, '\0');
-               }
-           }
-       }
+    OsiModule *module = get_mapping_by_addr(cpu, proc.get(), pc);
+
+    if(nullptr != module) {
+        const char *lib = "";
+        if (nullptr != module->file) {
+            lib = module->file;
+        } else if (nullptr != module->name) {
+           lib = module->name;
+        }
+        std::size_t len = strlen(lib);
+        std::vector<char> lib_str_buf(len + 1);
+        std::snprintf(lib_str_buf.data(), lib_str_buf.size(), "%s", lib);
+        free_osimodule(module);
+        return lib_str_buf;
     }
 
     return std::vector<char>(1, '\0');
@@ -464,8 +450,9 @@ void after_block_exec(CPUState* cpu, TranslationBlock *tb, uint8_t exitCode) {
         if (tb_type == INSTR_CALL) {
             stack_entry se = {tb->pc + tb->size, tb_type};
             callstacks[curStackid].push_back(se);
-            binary_info_stacks[curStackid][se.pc] =
-                    include_binary_info ? getLib(cpu, se.pc) : no_osi_msg_vector;
+            if(include_binary_info) {
+                binary_info_stacks[curStackid][se.pc] = getLib(cpu, se.pc);
+            }
 
             // Also track the function that gets called
             // This retrieves the pc in an architecture-neutral way
@@ -494,6 +481,7 @@ void after_block_exec(CPUState* cpu, TranslationBlock *tb, uint8_t exitCode) {
     }
 }
 
+
 static uint32_t get_callers_priv(target_ulong callers[], uint32_t n,
         CPUState* cpu, stackid stackid) {
     std::vector<stack_entry> &v = callstacks[stackid];
@@ -511,13 +499,26 @@ uint32_t get_callers(target_ulong callers[], uint32_t n, CPUState* cpu) {
 }
 
 uint32_t get_binaries(char **libs, uint32_t n, CPUState *cpu) {
-    stackid stack_id = get_stackid(cpu);
-    std::vector<stack_entry> &call_stack = callstacks[stack_id];
-    std::map<target_ulong, std::vector<char>> &binary_info_stack = binary_info_stacks[stack_id];
-
-    n = std::min((uint32_t) call_stack.size(), n);
-    for (uint32_t i = 0; i < n; ++i) {
-        libs[i] = binary_info_stack[call_stack[call_stack.size() - 1 - i].pc].data();
+    static bool warning_shown = false;
+    for(uint32_t i=0; i<n; libs[i++] = nullptr);
+    if(include_binary_info) {
+        stackid stack_id = get_stackid(cpu);
+        std::vector<stack_entry> &call_stack = callstacks[stack_id];
+        std::map<target_ulong, std::vector<char>> &binary_info_stack = binary_info_stacks[stack_id];
+
+        n = std::min((uint32_t) call_stack.size(), n);
+        for (uint32_t i = 0; i < n; ++i) {
+            libs[i] = binary_info_stack[call_stack[call_stack.size() - 1 - i].pc].data();
+        }
+    } else {
+        if(!warning_shown) {
+            fprintf(stderr, "WARNING: callstack_instr: get_binaries called "
+                "but binary tracking not enabled. %s\n",
+                (nullptr == panda_get_plugin_by_name("osi") ?
+                "OSI plugin not loaded." : ""));
+            warning_shown = true;
+        }
+        n = 0;
     }
 
     return n;
@@ -541,6 +542,7 @@ Panda__CallStack *pandalog_callstack_create() {
     return cs;
 }
 
+
 /**
  * @brief Frees a pandalog entry containing callstack information.
  */
@@ -549,6 +551,7 @@ void pandalog_callstack_free(Panda__CallStack *cs) {
     free(cs);
 }
 
+
 /**
  * @brief Fills preallocated buffer \p functions with up to \p n function addresses.
  */
@@ -623,6 +626,7 @@ bool setup_osi() {
 #endif
 }
 
+
 bool init_plugin(void *self) {
 
     // get arguments to this plugin
@@ -742,11 +746,13 @@ bool init_plugin(void *self) {
         printf("callstack_instr:  using heuristic stack_type\n");
     }
 
-    include_binary_info = setup_ok && (nullptr != panda_get_plugin_by_name("osi"));
-
     return setup_ok;
 }
 
+void callstack_enable_binary_tracking() {
+    include_binary_info = (nullptr != panda_get_plugin_by_name("osi"));
+}
+
 void uninit_plugin(void *self) {
     // nothing to do
 }
diff --git a/panda/plugins/callstack_instr/callstack_instr_int_fns.h b/panda/plugins/callstack_instr/callstack_instr_int_fns.h
@@ -22,6 +22,9 @@ uint32_t get_functions(target_ulong *functions, uint32_t n, CPUState *cpu);
 // Binaries are returned in libs[], most recent first
 uint32_t get_binaries(char **libs, uint32_t n, CPUState *cpu);
 
+// Called by plugins that intend to call get_binaries.
+void callstack_enable_binary_tracking(void);
+
 // END_PYPANDA_NEEDS_THIS -- do not delete this comment!
 
 // NB: prog_point is c++, so beware
