Reduce cpuid, rdtsc and rdtscp logs in concise mode

2026-01-18 11:13:57 +00:00 · 2025-09-07 17:21:14 +02:00
parent fbcc489bf2
commit dad460411c
3 changed files with 11 additions and 8 deletions
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -399,7 +399,7 @@ namespace
        }
    }

-    void handle_rdtsc(const analysis_context& c)
+    void handle_rdtsc(analysis_context& c)
    {
        auto& win_emu = *c.win_emu;
        auto& emu = win_emu.emu();
@@ -407,7 +407,7 @@ namespace
        const auto rip = emu.read_instruction_pointer();
        const auto mod = get_module_if_interesting(win_emu.mod_manager, c.settings->modules, rip);

-        if (!mod.has_value())
+        if (!mod.has_value() || (c.settings->concise_logging && !c.rdtsc_cache.insert(rip).second))
        {
            return;
        }
@@ -415,7 +415,7 @@ namespace
        win_emu.log.print(color::blue, "Executing RDTSC instruction at 0x%" PRIx64 " (%s)\n", rip, (*mod) ? (*mod)->name.c_str() : "<N/A>");
    }

-    void handle_rdtscp(const analysis_context& c)
+    void handle_rdtscp(analysis_context& c)
    {
        auto& win_emu = *c.win_emu;
        auto& emu = win_emu.emu();
@@ -423,7 +423,7 @@ namespace
        const auto rip = emu.read_instruction_pointer();
        const auto mod = get_module_if_interesting(win_emu.mod_manager, c.settings->modules, rip);

-        if (!mod.has_value())
+        if (!mod.has_value() || (c.settings->concise_logging && !c.rdtscp_cache.insert(rip).second))
        {
            return;
        }
--- a/src/analyzer/analysis.hpp
+++ b/src/analyzer/analysis.hpp
@@ -44,6 +44,9 @@ struct analysis_context
    disassembler d{};
    std::unordered_map<uint32_t, uint64_t> instructions{};
    std::vector<accessed_import> accessed_imports{};
+    std::set<uint64_t> rdtsc_cache{};
+    std::set<uint64_t> rdtscp_cache{};
+    std::set<std::pair<uint64_t, uint32_t>> cpuid_cache{};
 };

 void register_analysis_callbacks(analysis_context& c);
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -453,6 +453,8 @@ namespace
            .settings = &options,
        };

+        const auto concise_logging = !options.verbose_logging;
+
        const auto win_emu = setup_emulator(options, args);
        win_emu->log.disable_output(options.concise_logging || options.silent);
        context.win_emu = win_emu.get();
@@ -471,15 +473,13 @@ namespace

        const auto& exe = *win_emu->mod_manager.executable;

-        const auto concise_logging = !options.verbose_logging;
-
        win_emu->emu().hook_instruction(x86_hookable_instructions::cpuid, [&] {
            const auto rip = win_emu->emu().read_instruction_pointer();
+            const auto leaf = win_emu->emu().reg<uint32_t>(x86_register::eax);
            const auto mod = get_module_if_interesting(win_emu->mod_manager, options.modules, rip);

-            if (mod.has_value())
+            if (mod.has_value() && (!concise_logging || context.cpuid_cache.insert({rip, leaf}).second))
            {
-                const auto leaf = win_emu->emu().reg<uint32_t>(x86_register::eax);
                win_emu->log.print(color::blue, "Executing CPUID instruction with leaf 0x%X at 0x%" PRIx64 " (%s)\n", leaf, rip,
                                   (*mod) ? (*mod)->name.c_str() : "<N/A>");
            }