Windows Deployment
在Windows下配置DynamoRIO
来源:http://dynamorio.org/docs/page_deploy.html
There are two methods for running a process under DynamoRIO: the one-time configure-and-run, and the two-step separate configuration and execution. The drrun.exe tool supports the first, simpler model, while the drconfig.exe and drinject.exe tools support the second, more powerful model. The drconfig.exe tool, or the corresponding the drconfiglib.dll library, can also be used to nudge running processes.
有两种方式在DynamoRIO上跑程序:one-time configure-and-run和two-step分离的配置和执行。drrun.exe工具支持第一种方式,仅限简单模型;drconfig.exe和drinject.exe支持第二种方式,能运行一些更复杂的模型。对应于drconfiglib.dll动态链接库的drconfig.exe工具,也可以用来nudge(微调?)运行中的程序。
Configuration information is stored in files in the current user’s profile directory, which is obtained from the environment variable USERPROFILE. Thus, configurations are persistent across reboots and are private to each user. If the DYNAMORIO_CONFIGDIR environment variable is set, its value is used instead of USERPROFILE. If neither is set, a temp directory will be used when creating new configuration files for configure-and-run execution.
配置信息存储在当年用户配置文件目录中,可以从环境变量USERPROFILE获得。因此,在重新启动时配置信息任然存在且对每个用户是私有的。如果设置了环境变量DYNAMORIO_CONFIGDIR,则USERPROFILE被取代。如果没有设置,当configure-and-run执行时创建一个新的配置文件时,临时目录将会被使用。
DynamoRIO also supports global configurations, which are stored in the “config” subdirectory of the directory specified by the DYNAMORIO_HOME registry value in the registry key \HKLM\SOFTWARE\DynamoRIO\DynamoRIO (or for 32-bit on 64-bit Windows (WOW64)\HKLM\SOFTWARE\Wow6432Node\DynamoRIO\DynamoRIO). Setting that DYNAMORIO_HOME value and creating the directory it points to must be done manually. The provided tools support reading and writing both local and global configuration files, and automatically creating the local directory.
DynamoRIO支持全局配置,存放由DYNAMORIP_HOME注册表的关键值为\HKLM\SOFTWARE\DynamoRIO\DynamoRIO 指定的目录下的“config”子目录。设置DYNAMORIO_HOME值,创建指定目录必须人工完成。提供的工具只支持读写本地或全局的配置文件,自动创建本地目录。
DynamoRIO gives local files precedence when both exist. Note that applications that do not have a USEPROFILE environment variable can be controlled using DYNAMORIO_CONFIGDIR or global configurations. Also note that by default USERPROFILE is not set over cygwin ssh and must be explicitly set in the shell startup files.
若两者同时存在,DynamoRIO给本地文件更高的优先级。没有USEPROFILE环境变量的应用程序可以通过DYNAMORIO_CONFIGDIR或全局配置控制。默认情况下,USEPROFILE在cygwin ssh下没有被设置,必须在shell启动文件下被显式设置。
Configurations are per-process, with the basename of the process used for identification (e.g., notepad.exe). One-time configuration also uses the process id to specify that the configuration is for that process instance only.
配置对每个进程都是必须的,用作进程的基本名来识别。One-time配置用进程的id来区分每个配置仅相对于每个进程实例。
As an example, assume you have unpacked the DynamoRIO distribution and your current directory is its base directory. Run notepad.exe with the bbsize sample client using the following configure-and-run command:
假定你打开了DynamoRIO且当前目录为其基本目录。用下面的configure-and-run命令运行notepad.exe with bbsize样本客户端。
bin32/drrun.exe -c samples/bin32/bbsize.dll -- notepadTo use system-wide injection, allowing for an application to be run under DynamoRIO regardless of how it is invoked, configure the application first (-syswide_on requires administrative privileges):
为了利用系统级别的注入,允许程序在DynamoRIO中跑不论它如何被调用,首先配置应用程序如下(syswide_on需要管理权限):
bin32/drconfig.exe -reg notepad.exe -syswide_on -c samples/bin32/bbsize.dllThe next time notepad.exe is started by the current user, it will run under DynamoRIO with the bbsize client.
下次notepad.exe被当前用户启动,它将会在DynamoRIO的bbsize client下运行。
To unregister notepad.exe, issue the following command:
移除对notepad.exe的注册,输入如下命令:
bin32/drconfig.exe -unreg notepad.exeInvoke any of the drconfig.exe, drrun.exe, or drinject.exe tools with no arguments to see the full list of options available.
调用drconfig.exe,drrun.exe或drinject.exe工具,没有任何参数来显式完整列表of可用选项。
By default, DynamoRIO follows into all child processes, with the parent’s settings inherited by the child if there is no configuration set up ahead of time for the child application. To instead only follow children that are configured (via drconfig.exe), use the -no_follow_children runtime option.
默认情况,DynamoRIO对所有子进程遵循,如果没有任何配置被设置在子应用程序创建之前,子进程继承父进程的设置。(相反,仅有直系子进程继承,用 -no_follow_children运行时选项。?)
To nudge all instances of notepad.exe running under DynamoRIO with argument “5”, use:
让所有的notepad.exe实例以参数“5”运行在DynamoRIO:
bin32/drconfig.exe -nudge notepad.exe 0 5This will result in a nudge event with argument=5 delivered to the client callback registered with dr_register_nudge_event() in all notepad.exe processes running under DynamoRIO. The third argument, 0, is an ID supplied at registration which uniquely identifies the target client (see dr_deploy.h for details).
这将导致一个参数为5的nudge事件送到客户端回调,用dr_register_nudge_event()注册在所有运行在DynamoRIO的notepad.exe进程中。第三个参数0是由注册器提供的,唯一的标示目标客户。(在dr_deplot.h中查看细节)
To view 32-bit or WOW64 processes running under DynamoRIO the drview.exe tool can be used. The bin64 version will display both 32-bit and 64-bit processes and will indicate which are 32-bit. The bin32 version will display 64-bit processes but is unable to determine whether DynamoRIO is present.
查看32位或WOW64进程在DynamoRIO中运行用drview.exe工具。bin64版本可以显示32位和64位进程,还可以标识出32位进程。bin32版本可以显示64位进程但是不能确定DynamoRIO是否is present。
4253
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
