问题
I have written this pintool:
#include "pin.H"
#include <iostream>
#include <fstream>
VOID Instruction(INS ins, VOID *v)
{
cout << INS_Disassemble(ins) << endl;
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
I am printing all instructions. What i want to do now is to display instructions address (EIP)
How can i do this ?
Thanks
回答1:
#include "pin.H"
#include <iostream>
#include <fstream>
#include <string>
VOID DisplayInstruction(ADDRINT instructionAddress,string assemblyCode){
cout<<std::hex<<instructionAddress<<":"<<std::dec<<assemblyCode<<"\n";
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)DisplayInstruction,
IARG_INST_PTR, IARG_REG_VALUE,new string(INS_Assemble(ins)), IARG_END);
}
VOID Fini(INT32 code, VOID *v)
{
cout << "Fin" << endl;
}
int main(int argc, char *argv[])
{
if( PIN_Init(argc,argv) )
{
cout << "Erreur PIN_Init" << endl;
return 0;
}
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
回答2:
You will need to add an analysis routine, and to pass IARG_REG_VALUE to that routine.
VOID your_analysis_function(VOID * ip)
{
out << "ip:" << ip << endl;
}
VOID Instruction(INS ins, VOID *v)
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)your_analysis_function,
IARG_INST_PTR, IARG_REG_VALUE, IARG_END);
}
来源:https://stackoverflow.com/questions/51478420/log-all-instruction-with-intel-pintool