使用 intel pintool 记录所有指令
Log all instruction with intel pintool
我写了这个 pintool:
#include "pin.H"
#include <iostream>
#include <fstream>
VOID Instruction(INS ins, VOID *v)
{
cout << INS_Disassemble(ins) << endl;
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
我正在打印所有说明。
我现在要做的是显示指令地址(EIP)
我该怎么做?
谢谢
您将需要添加一个分析例程,并将 IARG_REG_VALUE 传递给该例程。
VOID your_analysis_function(VOID * ip)
{
out << "ip:" << ip << endl;
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)your_analysis_function,
IARG_INST_PTR, IARG_REG_VALUE, IARG_END);
}
#include "pin.H"
#include <iostream>
#include <fstream>
#include <string>
VOID DisplayInstruction(ADDRINT instructionAddress,string assemblyCode){
cout<<std::hex<<instructionAddress<<":"<<std::dec<<assemblyCode<<"\n";
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)DisplayInstruction,
IARG_INST_PTR, IARG_REG_VALUE,new string(INS_Assemble(ins)), IARG_END);
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
我写了这个 pintool:
#include "pin.H"
#include <iostream>
#include <fstream>
VOID Instruction(INS ins, VOID *v)
{
cout << INS_Disassemble(ins) << endl;
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
我正在打印所有说明。 我现在要做的是显示指令地址(EIP)
我该怎么做?
谢谢
您将需要添加一个分析例程,并将 IARG_REG_VALUE 传递给该例程。
VOID your_analysis_function(VOID * ip)
{
out << "ip:" << ip << endl;
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)your_analysis_function,
IARG_INST_PTR, IARG_REG_VALUE, IARG_END);
}
#include "pin.H"
#include <iostream>
#include <fstream>
#include <string>
VOID DisplayInstruction(ADDRINT instructionAddress,string assemblyCode){
cout<<std::hex<<instructionAddress<<":"<<std::dec<<assemblyCode<<"\n";
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)DisplayInstruction,
IARG_INST_PTR, IARG_REG_VALUE,new string(INS_Assemble(ins)), IARG_END);
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}