使用 intel pintool 记录所有指令

Log all instruction with intel pintool

我写了这个 pintool:

#include "pin.H"
#include <iostream>
#include <fstream>

VOID Instruction(INS ins, VOID *v)
{
        cout << INS_Disassemble(ins) << endl;
}

VOID Fini(INT32 code, VOID *v)
{
        cout << "Fin" << endl;
}

int main(int argc, char *argv[])
{
    if( PIN_Init(argc,argv) )
    {
            cout << "Erreur PIN_Init" << endl;
            return 0;
    }

    INS_AddInstrumentFunction(Instruction, 0);
    PIN_AddFiniFunction(Fini, 0);
    PIN_StartProgram();

    return 0;
}

我正在打印所有说明。 我现在要做的是显示指令地址(EIP)

我该怎么做?

谢谢

您将需要添加一个分析例程,并将 IARG_REG_VALUE 传递给该例程。

 VOID your_analysis_function(VOID * ip)
   {
        out << "ip:" << ip << endl;
   }    
   VOID Instruction(INS ins, VOID *v)
   {
       INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)your_analysis_function,
        IARG_INST_PTR, IARG_REG_VALUE, IARG_END);
   }
#include "pin.H"
#include <iostream>
#include <fstream>
#include <string>
VOID DisplayInstruction(ADDRINT instructionAddress,string assemblyCode){
 cout<<std::hex<<instructionAddress<<":"<<std::dec<<assemblyCode<<"\n";

}

VOID Instruction(INS ins, VOID *v)
{       
 INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)DisplayInstruction,
    IARG_INST_PTR, IARG_REG_VALUE,new string(INS_Assemble(ins)), IARG_END);
}

VOID Fini(INT32 code, VOID *v)
{
        cout << "Fin" << endl;
}

int main(int argc, char *argv[])
{
    if( PIN_Init(argc,argv) )
    {
            cout << "Erreur PIN_Init" << endl;
            return 0;
    }

    INS_AddInstrumentFunction(Instruction, 0);
    PIN_AddFiniFunction(Fini, 0);
    PIN_StartProgram();

    return 0;
}