Pin工具,静态ins地址(INS_Address(ins))与检测指令地址(IARG_INST_PTR)不同
Pin tool,the static ins address (INS_Address(ins)) is different from the address of the instrumented instruction(IARG_INST_PTR)
我要打印每一个rtn的名字,指令属于这个rtn。我的代码如下所示:
'''
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
//OutFile << "SEC name: " << SEC_Name(sec) << endl;
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
if(RTN_NumIns(rtn) >= 1){
OutFile << RTN_Name(rtn) << ";" << std::dec << RTN_NumIns(rtn) << endl;
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
OutFile << hex << INS_Address(ins) << ";" << INS_Disassemble(ins) << ";" \
...;
}
// to preserve space, release data associated with RTN after we have processed it
RTN_Close(rtn);
}
}
}
'''
然后我使用 INS_AddInstrumentFunction 来打印内存跟踪。
'''
VOID RecordMemRead(VOID * ip, VOID * addr)
{
fprintf(trace,"%p: R %p\n", ip, addr);
}
VOID RecordMemWrite(VOID * ip, VOID * addr)
{
fprintf(trace,"%p: W %p\n", ip, addr);
}
VOID Instruction(INS ins, VOID *v)
{
UINT32 memOperands = INS_MemoryOperandCount(ins);
for (UINT32 memOp = 0; memOp < memOperands; memOp++)
{
if (INS_MemoryOperandIsRead(ins, memOp))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemRead,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp,
IARG_END);
}
if (INS_MemoryOperandIsWritten(ins, memOp))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp,
IARG_END);
}
}
}
'''
最后,我得到了不同的ins地址,为什么会这样?我在这里卡得太久了。
INS_Address(ins) 打印在 initial loading 期间加载指令的地址。
IARG_INST_PTR给出指令在执行时的地址。图像的重定位发生在运行时。因此地址可能不同。
参见 instruction point value of dynamic linking and static linking。你的问题是相似的。只是措辞不同。
我要打印每一个rtn的名字,指令属于这个rtn。我的代码如下所示: '''
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
//OutFile << "SEC name: " << SEC_Name(sec) << endl;
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn))
{
if(RTN_NumIns(rtn) >= 1){
OutFile << RTN_Name(rtn) << ";" << std::dec << RTN_NumIns(rtn) << endl;
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins))
{
OutFile << hex << INS_Address(ins) << ";" << INS_Disassemble(ins) << ";" \
...;
}
// to preserve space, release data associated with RTN after we have processed it
RTN_Close(rtn);
}
}
}
''' 然后我使用 INS_AddInstrumentFunction 来打印内存跟踪。 '''
VOID RecordMemRead(VOID * ip, VOID * addr)
{
fprintf(trace,"%p: R %p\n", ip, addr);
}
VOID RecordMemWrite(VOID * ip, VOID * addr)
{
fprintf(trace,"%p: W %p\n", ip, addr);
}
VOID Instruction(INS ins, VOID *v)
{
UINT32 memOperands = INS_MemoryOperandCount(ins);
for (UINT32 memOp = 0; memOp < memOperands; memOp++)
{
if (INS_MemoryOperandIsRead(ins, memOp))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemRead,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp,
IARG_END);
}
if (INS_MemoryOperandIsWritten(ins, memOp))
{
INS_InsertPredicatedCall(
ins, IPOINT_BEFORE, (AFUNPTR)RecordMemWrite,
IARG_INST_PTR,
IARG_MEMORYOP_EA, memOp,
IARG_END);
}
}
}
''' 最后,我得到了不同的ins地址,为什么会这样?我在这里卡得太久了。
INS_Address(ins) 打印在 initial loading 期间加载指令的地址。 IARG_INST_PTR给出指令在执行时的地址。图像的重定位发生在运行时。因此地址可能不同。
参见 instruction point value of dynamic linking and static linking。你的问题是相似的。只是措辞不同。