Intel Pin初探
1、在/home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/source/tools/ManualExamples/目录下写自己的pintools
去到该目录
cd /home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/source/tools/ManualExamples/
编写pintools
vim Mycmp.cpp
下面是Mycmp.cpp内容
#include "pin.H"
#include <iostream>
#include <fstream>
std::ofstream outfile;
VOID Instruction(INS ins, VOID *v)
{
if (INS_Opcode(ins) == XED_ICLASS_CMP)
{
outfile << "CMP Instruction at address: " << INS_Address(ins) << std::endl;
for (UINT32 i = 0; i < INS_OperandCount(ins); ++i)
{
if (INS_OperandIsReg(ins, i))
{
outfile << "Operand " << i << ": Register" << std::endl;
}
else if (INS_OperandIsMemory(ins, i))
{
outfile << "Operand " << i << ": Memory" << std::endl;
}
else if (INS_OperandIsImmediate(ins, i))
{
outfile << "Operand " << i << ": Immediate Value: " << INS_OperandImmediate(ins, i) << std::endl;
}
}
outfile << std::endl;
}
}
VOID Fini(INT32 code, VOID *v)
{
outfile.close();
}
int main(int argc, char *argv[])
{
// Initialize Pin
PIN_InitSymbols();
if (PIN_Init(argc, argv))
{
return -1;
}
// Open output file
outfile.open("cmp_operations.txt");
// Register Instruction to be called to instrument instructions
INS_AddInstrumentFunction(Instruction, 0);
// Register Fini to be called when the application exits
PIN_AddFiniFunction(Fini, 0);
// Start the program, never returns
PIN_StartProgram();
return 0;
}
2、生成pintool
当前在目录下
输入
make obj-intel64/Mycmp.so TARGET=intel64
这时可以在obj-intel64目录下查看到Mycmp.so
3、使用Pintool
我的mytools.so在/home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/source/tools/ManualExamples/obj-intel64/,要分析的service.exe在/home/hf/Desktop/pin/
去目录下
cd /home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/
使用命令执行pintool
./pin -t /home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/source/tools/ManualExamples/obj-intel64/Mycmp.so -- /home/hf/Desktop/pin/service.exe
这个命令的格式为 pin -t <pintool目录绝对路径> -- <要分析的程序的绝对路径>
上面的方法会将结果输出到命令行,我们还可以将结果输出到一个文本文件中,只需在命令后加上 > output.txt
即
./pin -t /home/hf/Desktop/pin/pin-3.30-98830-g1d7b601b3-gcc-linux/source/tools/ManualExamples/obj-intel64/Mycmp.so -- /home/hf/Desktop/pin/service.exe > output.txt
注意:此时可能没有操作server.exe的权限
使用命令查看server.exe的权限
ls -l /home/hf/Desktop/pin/Server.exe
如果输出中没有执行权限(x 权限),可以使用 chmod 命令添加执行权限:
chmod +x /home/hf/Desktop/pin/Server.exe