0

I want to list all traces with the blocks they contain, using intel pin. But, as a result, I have a maximum of three blocks in the trace, although there should be more. Tell me, please, why is that so? Thanks in advance!

#include "pin.H"
#include <stdio.h>
using namespace std;

FILE* traceFile;
UINT32 traceNumber = 0;

VOID Trace(TRACE trace, VOID* v)
{    
    UINT32 blockNumber = 0;

    // print trace info
    fprintf(traceFile, "Trace [%d]: %p, number of blocks: %d\n", traceNumber, TRACE_Address(trace), TRACE_NumBbl(trace));
    
    for (BBL bbl = TRACE_BblHead(trace); BBL_Valid(bbl); bbl = BBL_Next(bbl))
    {                
        // print block info
        fprintf(traceFile, "\nBlock [%d]: %p, insts in block: %d\n\n",
            blockNumber, BBL_Address(bbl), BBL_NumIns(bbl));

        // print all insts in block
        for (INS ins = BBL_InsHead(bbl); INS_Valid(ins); ins = INS_Next(ins))
            fprintf(traceFile, "%p: %s\n", INS_Address(ins), INS_Disassemble(ins).c_str());        
        blockNumber++;
    }
    fprintf(traceFile, "\nTrace [%d] end. %s", traceNumber,
        "\n---------------------------------------------------\n\n");
    traceNumber++;
}

void Fini(INT32 code, void* v) { 
    fclose(traceFile);
}

int main(int argc, char* argv[])
{
    traceFile = fopen("itrace.out", "w");
    PIN_InitSymbols();
    PIN_Init(argc, argv);        
    TRACE_AddInstrumentFunction(Trace, 0);    
    PIN_AddFiniFunction(Fini, 0);
    PIN_StartProgram();
    return 0;
}

For example, there are only three blocks here, although I expected to see more:

Trace [4]: 0x7722de32, number of blocks: 3

Block [0]: 0x7722de32, insts in block: 2

0x7722de32: test eax, eax
0x7722de34: jnz 0x77279708

Block [1]: 0x7722de3a, insts in block: 3

0x7722de3a: movzx eax, byte ptr [0x7ffe0384]
0x7722de41: test eax, eax
0x7722de43: jnz 0x7727971d

Block [2]: 0x7722de49, insts in block: 2

0x7722de49: cmp dword ptr [ebp-0x24], ebx
0x7722de4c: jnz 0x7722de5b

Trace [4] end. 
---------------------------------------------------

Shouldn't there be 5 blocks here? Apparently, I don’t understand something about blocks and traces. I didn’t see anywhere in the logs that the number of blocks in traces is more than three, for some reason.

in the debugger I see at least 4 blocks

I want to list all traces with the blocks they contain, using intel pin. But, as a result, I have a maximum of three blocks in the trace, although there should be more. Tell me, please, why is that so? Thanks in advance!

Artorios
  • 1
  • 1

0 Answers0