Stack Overflow
Stack Overflow

Questions tagged [intel-pin]

Pin is a dynamic binary instrumentation framework for the IA-32 and x86-64 instruction-set architectures that enables the creation of dynamic program analysis tools.

"Pin is a dynamic binary instrumentation framework for the IA-32 and x86-64 instruction-set architectures that enables the creation of dynamic program analysis tools."

Pin resources:

237 questions
8
votes
1 answer

Intel pin: Instrumentate running process

I created a simple pin tool that dumps any win32 CreateFileW calls. It works fine, but when i try to attach it to an already running process, the process simply terminates. Tried with several applications (notepad, wordpad, internet explorer), same…
Donpedro
  • 828
  • 7
  • 22
5
votes
2 answers

Log all instruction with intel pintool

I have written this pintool: #include "pin.H" #include #include VOID Instruction(INS ins, VOID *v) { cout << INS_Disassemble(ins) << endl; } VOID Fini(INT32 code, VOID *v) { cout << "Fin" << endl; } int…
Bob5421
  • 7,757
  • 14
  • 81
  • 175
5
votes
1 answer

Intel Pin with C++14

The Questions I have a few questions surrounding usage of Intel Pin with C++14 or other C++ verions. There are rarely any problems compiling code from older C++ with newer versions, but since Intel Pin is manipulates instruction level, is there any…
Gabriel Vasconcelos
  • 576
  • 5
  • 15
5
votes
1 answer

How to generate a listing of branches with Intel Pin tool?

I am relatively new to using the Intel Pin tool for code instrumentation and I am attempting to study Branch Prediction. Specifically, I would like to generate a listing of all the branches, their branch targets, and whether they are taken/not…
Boo Radley
  • 684
  • 1
  • 13
  • 25
5
votes
2 answers

How can i specify an area of code to instrument it by pintool?

There are four levels of granularity in Pin: routine, instruction and image, trace. Can i specify an limits/area to start and stop inserting instrumentation code. may by like directive like ( # start instrumentation , # end instrumentation ) or some…
Mos Moh
  • 317
  • 3
  • 15
5
votes
2 answers

Intel Pin Get Function Argument Number

I am trying to write a function call tracer using Pin. It could print each function call as well as the value of each argument. A difficulty is to get all arguments of a function. Using RTN_InsertCall, you can pass function arguments to your…
ZillGate
  • 1,173
  • 12
  • 22
5
votes
2 answers

Pin tool for tracking CreateFile calls

I've made a pin tool to dump CreatFile win32 calls (in my case CreateFileW) and its return values. It looks like this: /* ... */ VOID Image(IMG img, VOID *v) { RTN cfwRtn = RTN_FindByName(img, "CreateFileW"); if (RTN_Valid(cfwRtn)) { …
Donpedro
  • 828
  • 7
  • 22
4
votes
1 answer

How to get memory operation values using Intel PIN?

I am using Intel PIN to modify memory allocation in the system. I cannot find a way to get the actual values under memory instructions. VOID Instruction(INS ins, VOID *v) { UINT32 memOperands = INS_MemoryOperandCount(ins) for (UINT32 memOp =…
Mantas
  • 1,223
  • 1
  • 10
  • 15
4
votes
0 answers

the old version of intel pin tool

I want to use the dynamic data flow tracking tool libdft, but it requires the old version of intel pin tool. At present, the official downloading page only provides the versions pin-2.14 and pin-3.2. Can anyone help me download the old version of…
Haijun
  • 61
  • 4
4
votes
2 answers

Compiling PIN tool with dependencies

As the title states, I am looking for a way to make compile my PIN tool with some dependencies. So for example if I #include "somefile.h" in my PIN tool, and generate some object file g++ -c somefile.cpp, how do I link my object file to compile with…
TypeKazt
  • 318
  • 1
  • 13
4
votes
1 answer

How can i track a specific loop in binary instrumentation by using pin tool?

I am fresh in using intel pin tool, and want to track a certain loop in a binary file, but i found in each run the address of the instructions changed in each run, how can i find a specific instruction or a specific loop even it change in each run ?…
Mos Moh
  • 317
  • 3
  • 15
3
votes
1 answer

Why is Intel Pin not able to instrument open syscall?

I am trying to build a pintool that should be able to instrument an open() syscall that targets a specific file/directory and replace the file path argument with another value. For example, here is a very simple code that I want to instrument: …
Preet Derasari
  • 80
  • 7
3
votes
0 answers

Instrumenting QEMU instance with Intel Pin Tool

I'm trying to trace memory accesses made by a single core QEMU KVM enabled VM using the Intel Pin instrumentation tool. As QEMU creates 2 child threads from a parent, which one should be used for tracing the VMs memory accesses in…
SanthoshKumar
  • 93
  • 3
3
votes
1 answer

intel Pin: analysis routine detects ah register instead of rsp (REG_STACK_PTR)

I asked this question few days ago. I wanted to get the stack allocation size (after the function creation). The answer suggests to do: if((INS_Opcode(ins) == XED_ICLASS_ADD || INS_Opcode(ins) == XED_ICLASS_SUB) && REG(INS_OperandReg(ins, 0))…
R4444
  • 2,016
  • 2
  • 19
  • 30
3
votes
1 answer

Detecting mov dword ptr [rbp - ...] instructions with a specific register in the addressing mode, using Intel PIN

I want to detect the instructions like mov dword ptr [rbp-0x28], 0x7 (so, all the instructions in mov dword ptr [rbp-0xxx], xxx format) using Intel PIN (mainly to get array writes information). In un-optimized code, this should get most stores to…
R4444
  • 2,016
  • 2
  • 19
  • 30
1
2 3
15 16