CODEWITHSUNDEEP
intel-pin
Bob5421
Bob5421

Reputation: 9163

Log all instruction with intel pintool

I have written this pintool:

#include "pin.H"
#include <iostream>
#include <fstream>

VOID Instruction(INS ins, VOID *v)
{
        cout << INS_Disassemble(ins) << endl;
}

VOID Fini(INT32 code, VOID *v)
{
        cout << "Fin" << endl;
}

int main(int argc, char *argv[])
{
    if( PIN_Init(argc,argv) )
    {
            cout << "Erreur PIN_Init" << endl;
            return 0;
    }

    INS_AddInstrumentFunction(Instruction, 0);
    PIN_AddFiniFunction(Fini, 0);
    PIN_StartProgram();

    return 0;
}

I am printing all instructions. What i want to do now is to display instructions address (EIP)

How can i do this ?

Thanks

Upvotes: 5

Views: 2544

Answers (2)

Bernard Nongpoh
Bernard Nongpoh

Reputation: 1058

#include "pin.H"
#include <iostream>
#include <fstream>
#include <string>

VOID DisplayInstruction(ADDRINT instructionAddress,string assemblyCode)
{
    cout<<std::hex<<instructionAddress<<":"<<std::dec<<assemblyCode<<"\n";
}

VOID Instruction(INS ins, VOID *v)
{       
    INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)DisplayInstruction,
                   IARG_INST_PTR, IARG_REG_VALUE,
                   new string(INS_Assemble(ins)), IARG_END);
}

VOID Fini(INT32 code, VOID *v)
{
    cout << "Fin" << endl;
}

int main(int argc, char *argv[])
{
    if( PIN_Init(argc,argv) )
    {
        cout << "Erreur PIN_Init" << endl;
        return 0;
    }

    INS_AddInstrumentFunction(Instruction, 0);
    PIN_AddFiniFunction(Fini, 0);
    PIN_StartProgram();

    return 0;
}

Upvotes: 3

mn1
mn1

Reputation: 440

You will need to add an analysis routine, and to pass IARG_REG_VALUE to that routine.

 VOID your_analysis_function(VOID * ip)
   {
        out << "ip:" << ip << endl;
   }    
   VOID Instruction(INS ins, VOID *v)
   {
       INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)your_analysis_function,
        IARG_INST_PTR, IARG_REG_VALUE, IARG_END);
   }

Upvotes: 0

Related Questions