Stack Overflow
Stack Overflow

Questions tagged [intel-pin]

Pin is a dynamic binary instrumentation framework for the IA-32 and x86-64 instruction-set architectures that enables the creation of dynamic program analysis tools.

"Pin is a dynamic binary instrumentation framework for the IA-32 and x86-64 instruction-set architectures that enables the creation of dynamic program analysis tools."

Pin resources:

237 questions
0
votes
1 answer

intel-pin: How to pass command line arguments to binary

I have a simple c code. I am running the binary of that with my pin tool: pin -t tool.so -- test/test.o a Here, test/test.o is a binary, and a is some random command line argument to the pin tool (say tool.so), and not the binary (so, there is a…
R4444
  • 2,016
  • 2
  • 19
  • 30
0
votes
1 answer

Why does the total number of instructions executed change in an empty C program?

I've been counting the instructions executed by an empty C program using Intel's Pin. Most of the time I get a total instruction count of 118724, but now and then the count goes up to 118770. What can be the reason for this change? Code run: int…
JustAnotherUser
  • 45
  • 2
  • 9
0
votes
1 answer

How to get the global variable address of the executable program through pin and libelf.h

I want to develop a pintool to find out the address of global variable of my C program.Suppose I have a C program in which I had some Global pointer variables. When I run the same program with pintool then I wish to find the address of those global…
Jing_H
  • 3
  • 3
0
votes
1 answer

Cannot use IARG_MEMORYREAD_SIZE on non-standard memory access of instruction at 0x7ffbdcbe4e88: xsave ptr [rsp+0x40]

I'm trying to use Intel Pin for investigating memory activity of an executable. And I tried to use IARG_MEMORYREAD_SIZE parameter. Here is the source code. #include #include #include #include #include…
Kolin Huang
  • 85
  • 1
  • 1
  • 6
0
votes
0 answers

Finding calling site of instrumented system calls

In my pintool, I check NtReadFile() and NtCreateFile() system calls using the PIN API: PIN_AddSyscallEntryFunction() PIN_AddSyscallExitFunction() But the outputs seems to be polluted with many unexpected additional interceptions, I would like to…
Heyji
  • 1,113
  • 8
  • 26
0
votes
0 answers

Intel-pin: INS_MemoryDisplacement(ins) is not working in every case

I asked this question before. The answer explains I am working on the same Pin-tool. But, my question is rather broad. If I have an instruction: mov eax, dword ptr [rbp-0x4] I can get the displacement(-0x4) using (pin api):…
R4444
  • 2,016
  • 2
  • 19
  • 30
0
votes
1 answer

How to stop the pintool artificially

I want to use the pin to track the address of the first 256*256 instructions, but I don't know how to stop the pin after the number is reached. I know there is a method PIN_ExitProcess(), but make will cause an error after adding it. Is there any…
yuriXO
  • 3
  • 3
0
votes
2 answers

Pin does not Detect All Dynamic Allocations

I wrote a really simple Pin tool to calculate the number of dynamically allocated bytes in a program. I instrumented GIMP with this tool and it reported 77 MB of allocations. I did the same experiment with Valgrind which reported 117 MB. My Pin tool…
TheAhmad
  • 810
  • 1
  • 9
  • 21
0
votes
1 answer

Intel Pin: How to generate objectdump-ish code?

I am experimenting with intel-pin tool. I have a simple Hello-world.c (It prints nothing but "Hello world") program (say a.out). If I want to generate assembly from the binary, I would do objdump -D a.out. I want to instrument some instructions in…
R4444
  • 2,016
  • 2
  • 19
  • 30
0
votes
1 answer

Pin:Insert two different instructions at the same address

I want to change the function inserted at the timing before the instruction with the same address. What should I do? For,example. int count=10; void insert_check_code(INS ins){ if(INS_Address(ins) == tmpaddr) if(count > 5){ …
pinenight
  • 15
  • 5
0
votes
1 answer

Intel Pin:Invalid REG for IARG_REG_VALUE reg: xmm0

I'm making a program to trace the program, but I am having trouble with the error like the title. Is there anyone who can understand something? INS_InsertCall(ins, action, AFUNPTR(RegOpnd::at_call), IARG_PTR, data, IARG_PTR,…
pinenight
  • 15
  • 5
0
votes
0 answers

how to get memory value read or written in user defined function of a executable without symbol information with Intel Pin?

I want to get memory value records read or written by user defined function of one executable without symbol information with Intel Pin.because there is no symbol information Intel pin can not identify the scope of function(mainly user defined…
wentaolu
  • 1
  • 1
0
votes
0 answers

Duplicate function calls while instrumenting with Pintool

I am trying to count the number of calls to malloc using a Pintool. I am using Pin3.6/source/tools/ManualExamples/malloc_mt.cpp as a reference. All my instrumentation does is looks for malloc definition when an image is loaded and inserts a print…
abjoshi - Reinstate Monica
  • 372
  • 1
  • 13
0
votes
1 answer

Adding elements to global vector of vectors of structs

I have a global vector of vector of structs of this form: vector> shadowStacksVector where the idea is to have a vector per thread. In the thread start function I do the following: vector
Simus
  • 319
  • 2
  • 18
0
votes
1 answer

Intel Pin: how to obtain return address of system call

In Intel Pin you can get the return address of a routine call using IARG_RETURN_IP as one of the arguments of RTN_InsertCall. I wanted to do the same with a system call, instrumented using PIN_AddSyscallEntryFunction and…
Simus
  • 319
  • 2
  • 18
1 2 3
15 16