问题
I am writing a Pin tool where I want to detect an instruction with a particular opcode. I have an executable from a sample C program where I am printing hello world. The architecture used is x86_64 and I have the trace of assembly instructions in the program. I am giving this program's assembly instruction trace to the Intel PIN tool, on which I am running the instruction trace and performing operations.
My goal here is to detect a particular opcode from my original program. For example I have added the following line in my C program-
asm(".byte 0x17"); // pop ss in 32-bit mode, but illegal in x86-64
Due to this 0x17 is an instruction in my C program trace. In my Intel PIN tool I have an instruction trace like this-
VOID Instruction(INS ins, VOID *v)
{
if(INS_Opcode(ins)==0x17)
{
//Do something
}
}
However when I run my instruction trace, my Pin tool fails due to the illegal instruction 0x17 I have placed.
When I print the instruction opcodes as they come, I see that they have different opcodes from the x86_64 ones. For example the instruction AND has opcode 0x17 when I print. Do I have to do some kind of decoding or I am I detecting the opcodes in the wrong way?
来源:https://stackoverflow.com/questions/46571389/detecting-an-illegal-instruction-opcode-on-intel-pin