2

I am trying to get a complete dynamic trace of a program using Intel PIN tool. My trace would have : {Instruction address, Instruction, Operands, EFLAGS, OPCODES}.

I have managed to get the first three using xed-interface.H provided in the kit. Now, I want to get the EFLAGS state at each instruction. Also, I would like to get the opcodes in the same file.

Which API should I use to achieve this?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Nikhilesh Singh
  • 99
  • 13
  • Okay I found something in the manual: In the LEVEL_CORE Namespace reference page, there's an enumeration type LEVEL_CORE::FLAGS mentioned. Though I didn't get how to use it in my pintool. – Nikhilesh Singh Sep 27 '18 at 17:16

1 Answers1

0

Add IARG_CONST_CONTEXT to the list of arguments in the INS_InsertCall() call in the instrumentation routine. Then you can call PIN_GetContextRegval(ctx, REG_EFLAGS, &pin_register) to get the value of eflags in pin_register.

nitzanms
  • 1,786
  • 12
  • 35
  • If this is killing your performance take a look at partial context which can be used to get the same effect. – nitzanms Sep 29 '18 at 08:54