0

Using Pin, I would like to call some instrumentation function before and after each application function call. I've read that RTN_InsertCall to add some entry/exit analysis functions with IPOINT_BEFORE and IPOINT_AFTER is unreliable as the exit may never be called.

My understanding is that the 'correct' way to do this is to replace the routine via RTN_ReplaceSignature, then in my replacement function add the entry and exit calls around a call to the original routine, where the original routine is called using PIN_CallApplicationFunction.

However, as far as I can tell PIN_CallApplicationFunction requires that I state in advance all of the arguments for the routine that I am wrapping, e.g., for malloc I would need to explicitly pass in some size_t argument, whereas for free I would pass in a pointer, and so on.

As I just want to wrap all function calls, I don't know the arguments! Is there some way to simply jump into the original function that I replaced, passing along the arguments for the original signature? Or perhaps some better way to do this?

Thanks for any help!

ricky116
  • 744
  • 8
  • 21
  • You can use a static analysis tool to autogenerate the replacement functions and then compile your tool with the result – nitzanms May 16 '20 at 10:38
  • That's seems a little inelegant but a good idea if there's no other way around the problem! Any idea of a lightweight static analysis tool that would suit? Thanks! – ricky116 May 16 '20 at 13:27

1 Answers1

0

The problem with IPOINT_BEFORE, IPOINT_AFTER is that IPOINT_AFTER may miss some ret instructions. RTN_Replace functions will require a function pointer having the same signature as original (as you do not want to modify the default code).

A simple solution could be instrument all 'call' and 'ret' instructions. use INS_Rtn function to find out the routine name. This way you can instrument all functions without bothering for each function signature.

ajit
  • 410
  • 3
  • 9