On the way to retrieve system state

[kingsleyluoxin]

I have found DynamoRIO offers rich APIs to operate for instrumentation. I noticed that most of us used drx_buf_insert_buf_store to store the value retrieved. I am wondering about the differences between drx_buf_insert_buf_store and directly saving using file pointer or something like this. Is this for the sake of efficiency?

[toshipiazza]

Can you elaborate? Do you mean to insert assembly instrumentation that manipulates a FILE * structure directly, writing values directly into its buffered contents? Or emitting a clean call directly to fprintf?

Alternatively, most of the DR samples follow the same convention as memtrace_simple. These samples call a clean call at the end of every basic block which calls fprintf. This is less complicated since the clean call can manipulate drmgr TLS fields from C instead of directly in assembly. Is this what you're looking for?

This way is also faster than using the drx_buf API, though I ran those performance benchmarks a few years ago on a crummy laptop in a VM. There may have been something wrong with my testing setup or something else may have changed since then.