#include "pin.H"
#include <iostream>
namespace WINDOWS
{
#include <windows.h>
}
FILE * trace;
int start = 0;
VOID print_argument(ADDRINT insAddr, CONTEXT *ctx, /*ADDRINT * arg0, ADDRINT * arg1, ADDRINT * arg2, ADDRINT * arg3, ADDRINT * arg4*/ADDRINT *pEAX)
{
/*
if (start) {
fprintf(trace, "0x%x ", *arg0);
fprintf(trace, "%d ", *arg1);
fprintf(trace, "0x%x ", *arg2);
fprintf(trace, "%s ", *arg3);
fprintf(trace, "%d\n", *arg4);
*arg1 = 2;
arg3[0] = 'A';
arg3[1] = 'B';
arg3[2] = '\x00';
*arg4 = 1;
}
else start = 1;
*/
printf("%d\n", *pEAX);
*pEAX = 1;
}
VOID ImageLoad(IMG img, VOID *v)
{
RTN rtn = RTN_FindByName(img, "RtlMultiByteToUnicodeN");
if (RTN_Valid(rtn))
{
RTN_Open(rtn);
RTN_InsertCall(rtn, IPOINT_AFTER, (AFUNPTR)print_argument,
IARG_ADDRINT, "print_argument",
IARG_CONTEXT,
/*
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 0,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 1,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 2,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 3,
IARG_FUNCARG_ENTRYPOINT_REFERENCE, 4,
*/
IARG_REG_REFERENCE, REG_EAX,
IARG_END);
RTN_Close(rtn);
}
}
VOID Fini(INT32 code, VOID *v)
{
fprintf(trace, "#eof\n");
fclose(trace);
}
int main(INT32 argc, CHAR *argv[])
{
trace = fopen("argument.out", "w");
PIN_InitSymbols();
if (PIN_Init(argc, argv)) return -1;
IMG_AddInstrumentFunction(ImageLoad, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
'pintool' 카테고리의 다른 글
| total (0) | 2018.10.19 |
|---|---|
| ex2 (0) | 2018.10.17 |
| memory break_inline (0) | 2018.10.17 |
| RDTSC (0) | 2018.10.17 |
| 내장함수의 리턴값 바꾸기 (1) | 2018.10.17 |