3

I am a newbie to intel-pin,I am trying to do a bit width analysis on binaries.
I try to analyze the exact number of bits used for operands in each assembly instruction.
For example if an unsigned integer 15 has been stored then 4 bits enough.
To do this I need to get a copy of the operands. Is there any method to do this using intel-pin api.

Krish
  • 189
  • 2
  • 3
  • 9
  • I found the method INS_OperandImmediate(ins, i) to extract the immediate operand, but I could not find any explicit method to extract register and memory operands. – Krish Jun 19 '14 at 05:02

1 Answers1

3

Regarding memory operands, you can use INS_IsMemoryRead and INS_IsMemoryWrite to see if the instruction accesses memory, and then instrument it based on the number of memory operands (there can be more than one because some instructions implicitly access memory). Look at IARG_MEMORYREAD_EA and friends to get the memory read and write values in the analysis function.

To see the values in the actual registers you can use IARG_REG_VALUE.

nitzanms
  • 1,786
  • 12
  • 35
  • How about 64 bit registers? IARG_REG_VALUE is ADDRINT-limited. – ogurets Apr 02 '18 at 00:28
  • 1
    ADDRINT is 64-bit in Intel architectures that have 64 bit registers, isn't it? – nitzanms Apr 07 '18 at 09:04
  • 1
    Yep. Turns out I've mistakenly used TARGET_IA32 instead of TARGET_IA32E, which caused ADDRINT to be declared as UINT32 even under x64 visual studio configuration. And rewritten my little code with IARG_REG_REFERENCE before noticing that. – ogurets Apr 07 '18 at 09:40