Reputation: 11
How to get operands of 'lea' instruction using PIN?
I'm developing a taint analysis tool using PIN.
And I have a question, How to get operands of lea instruction?
About lea instruction like lea rdx, ptr [rip+0x2244aa],
getting the first operand using INS_OperandReg(ins, 0) is possible.
But I want to check if the second operand is tainted, but I cannot get it.
And I couldn't find any function that returns the value of rip+0x2244aa
Is there any function that I can get the memory address(second operand) in lea?
Upvotes: 1
Views: 440
Answers (1)
Reputation: 317
To access the operands used in a typical lea instruction, which has the form:
EffectiveAddress = base + (index * scale) + displacement
So you have to access each individual values,
if(INS_OperandMemoryIndexReg(ins,1) != REG_INVALID_)
{ /* get index register */
INT64 scale = INS_OperandMemoryScale (ins, I);//value of scale: 1, 2, 4, 8.
}
if(INS_OperandMemoryBaseReg(ins, 1) != REG_INVALID_)
{ /* get base register */}
if(INS_OperandMemoryDisplacement (ins, 1) != 0)
{ /* get displacement value */}
Finally, you will know what registers are used or even calculate the actual values of the given effective memory address by calculating them up, (if you got their values by PIN_GetContextRegval(...) ).
Upvotes: 1
Related Questions
- Pin Tool - intercepting an instruction by its address to dump the registers value
- x86 lea instruction
- LEA instruction - How to transform into C language?
- PIN get assembly opcodes from instruction address
- Extracting a copy of operands using Intel-pin
- x86 Intel Assembler LEA
- x86 confusion with lea instruction
- IA32 Assembly: lea instruction
- How can I get the "lea" instruction from a C++ function by disassembly?
- LEA operation with 8086 assembly