//
// This tool prints a trace of image load and unload events
//
#include "pin.H"
#include <iostream>
#include <fstream>
#include <stdlib.h>
using namespace std;
KNOB<string> KnobOutputFile(KNOB_MODE_WRITEONCE, "pintool",
"o", "imageload.out", "specify file name");
ofstream TraceFile;
VOID print(VOID *ip, string *s) {
TraceFile <<" 0x"<<std::hex<<ip<< " "<< *s << endl;
}
VOID ImageLoad(IMG img, VOID *v)
{
if (IMG_IsMainExecutable(img)) {
TraceFile << IMG_Name(img) << endl;
for (SEC sec = IMG_SecHead(img); SEC_Valid(sec); sec = SEC_Next(sec))
{
if(SEC_IsExecutable(sec))
{
TraceFile << "Address: 0x" << std::hex << SEC_Address(sec) << " SEC_name " << SEC_Name(sec) << " is executable" << endl;
for (RTN rtn = SEC_RtnHead(sec); RTN_Valid(rtn); rtn = RTN_Next(rtn)) {
RTN_Open(rtn);
for (INS ins = RTN_InsHead(rtn); INS_Valid(ins); ins = INS_Next(ins)) {
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)print, IARG_INST_PTR, IARG_PTR, new string(INS_Disassemble(ins)),IARG_END);
}
RTN_Close(rtn);
}
}
else TraceFile << "Address: 0x" << std::hex<< SEC_Address(sec) << " SEC_name " << SEC_Name(sec) << endl;
}
}
}
// This function is called when the application exits
// It closes the output file.
VOID Fini(INT32 code, VOID *v)
{
if (TraceFile.is_open()) { TraceFile.close(); }
}
/* ===================================================================== */
/* Print Help Message */
/* ===================================================================== */
INT32 Usage()
{
PIN_ERROR("This tool prints a log of image load and unload events\n"
+ KNOB_BASE::StringKnobSummary() + "\n");
return -1;
}
/* ===================================================================== */
/* Main */
/* ===================================================================== */
int main(int argc, char * argv[])
{
// Initialize symbol processing
PIN_InitSymbols();
// Initialize pin
if (PIN_Init(argc, argv)) return Usage();
TraceFile.open(KnobOutputFile.Value().c_str());
// Register ImageLoad to be called when an image is loaded
IMG_AddInstrumentFunction(ImageLoad, 0);
// Register Fini to be called when the application exits
PIN_AddFiniFunction(Fini, 0);
// Start the program, never returns
PIN_StartProgram();
return 0;
}이번건 image들 중 실행가능한 image에 대해서 각 section의 name과 시작 주소를 출력하고
section 중 executable한 section에 대해서만 instruction의 주소를 출력하고 디스어셈블을 해보는 것이었다.
이걸하면서 깨달은 점은 IMG>SEC>RTN>BBL>INS>라는 점이다.
IMG는 image로 exe 혹은 library를 의미한다.
SEC은 image안에 있는 section들을 의미한다.
RTN은 각 section안에 있는 routine/function/procedure를 의미한다.
또한 RTN is not broken up into BBLs, it is merely a sequence of INSs!
그 다음에, TRACE안에 BBL이 있다.
TRACE: a single entrance, multiple exit sequence of instructions
BBL(Basic block): a single entrance, single exit sequence of instructions
TRACE>BBL>INS
it is often possible to insert a single analysis call for a BBL, instead of one analysis call for every instruction.
Reducing the number of analysis calls makes instrumentation more efficient.
'pintool' 카테고리의 다른 글
| 내장함수의 리턴값 바꾸기 (1) | 2018.10.17 |
|---|---|
| helloworld출력 프로그램에서 출력하는 문자열 바꾸기 (0) | 2018.10.15 |
| Disassemble (0) | 2018.10.12 |
| Managed platforms support2 (0) | 2018.10.02 |
| Managed platforms support1 (0) | 2018.10.02 |
