修改PIN中的应用指令 [英] Modify application instruction in PIN
问题描述
我正在使用英特尔PIN修改我的应用程序中的指令.我正在使用此链接中的Safecopy()示例作为参考:
I am using Intel PIN to modify an instruction in my application. I am using the Safecopy() example from this link as a reference:
https://软件.intel.com/sites/landingpage/pintool/docs/81205/Pin/html/index.html#SafeCopy
我有以下示例C程序:
int main()
{
asm(".byte 0x16");
return 0;
}
0x16在x86_64中是非法的,当我运行可执行文件时,它会按预期显示以下错误:
0x16 is illegal in x86_64 and when I run the executable it displays the following error as expected:
Illegal instruction (core dumped)
我有一个pintool,它将上面的可执行文件作为输入,并修改了非法指令0x16以做其他事情.
I have a pintool which takes the above executable as input and modifies the illegal instruction 0x16 to do something else.
我的Pintool如下:
My Pintool is as follows:
#include "pin.H"
#include <iostream>
#include <fstream>
using namespace std;
KNOB<string> KnobOutputFile(KNOB_MODE_WRITEONCE, "pintool", "o", "test.out","This pin tool simulates ULI");
FILE * op;
//====================================================================
// Analysis Routines
//====================================================================
VOID analysis_routine(VOID *ip, UINT32 size)
{
fprintf(op,"16 came to analysis routine\n\n");
}
//====================================================================
// Instrumentation Routines
//====================================================================
VOID Instruction(INS ins, void *v)
{
UINT8 opcodeBytes[15];
UINT64 fetched = PIN_SafeCopy(&opcodeBytes[0],(void *)INS_Address(ins),INS_Size(ins));
if (fetched != INS_Size(ins))
fprintf(op,"\nBad\n");
else
{
if(opcodeBytes[0]==0x16)
{
fprintf(op,"\n16 came to instrumentation routine\n");
INS_InsertCall( ins, IPOINT_BEFORE, (AFUNPTR)analysis_routine, IARG_INST_PTR, IARG_UINT64, INS_Size(ins) , IARG_END);
INS_Delete(ins);
}
}
}
VOID Fini(INT32 code, VOID *v)
{
}
INT32 Usage() {
PIN_ERROR("This Pintool failed\n" + KNOB_BASE::StringKnobSummary() + "\n");
return -1;
}
int main(int argc, char *argv[])
{
op = fopen("test.out", "w");
if (PIN_Init(argc, argv))
return Usage();
PIN_InitSymbols();
INS_AddInstrumentFunction(Instruction, 0);
PIN_AddFiniFunction(Fini, 0);
PIN_StartProgram();
return 0;
}
据我了解,检测例程在每次遇到新指令时都会执行一条指令,并且根据我的代码,在执行该指令之前会调用分析例程,因为我在检测函数中使用IPOINT_BEFORE参数来调用分析常规.因此,我正在检查我的操作码,如果它是0x16,那么我正在调用我的分析例程并删除我的原始指令.由于该指示是非法的并且已被删除,因此我的跟踪应该继续进行而不会出现任何问题.
According to my understanding the instrumentation routine Instruction is executed everytime a new instruction is encountered and according to my code, the analysis routine is called before the instruction is executed as I am using the IPOINT_BEFORE argument in my instrumentation function to invoke the analysis routine. I am thus checking for my opcode and if it is 0x16, then I am invoking my analysis routine and deleting my original instruction. Since the insturction was illegal and it has been deleted, my trace should proceed futher without any problems.
但是,即使采用这种逻辑,似乎我的非法指令正在执行,程序崩溃并给出相同的非法指令错误.我无法理解该问题,因为我似乎在执行该指令之前将其删除,并且我使用的是Pin教程中的相同示例.
However even with this logic, it seems my illegal instruction is being executed and my program crashes and gives the same illegal instruction error. I am not able to understand the problem as I seem to be deleting the instruction before it executes and I am using the same example from the Pin tutorial.
如果我调用任何错误的任何想法?如果上述任何地方有误,也请纠正我.根据我的理解,检测例程在指令执行之前被调用,因此我也可以在该时间修改指令.如果我错了,请纠正我.
Any ideas if I am invoking anything wrong? Also please correct me if I am wrong anywhere above. According to my understanding the instrumentation routine is invoked before the instruction executes and thus I can modify the instruction that time also. Please correct me if I am wrong.
推荐答案
我不知道这里出了什么问题,但这就是我要做的事情:我将从在检测例程中打印有关该指令的更多信息开始
I don't know what's going wrong here, but here's what I'd do: I would start with printing far more information about the instruction in the instrumentation routine.
- 多长时间?
- 该指令的地址是什么?在测试程序中打印main()的地址,以查看两者是否彼此靠近.
- 其他指令字节是多少?它们是否恰好是与非法字节之后的指令相匹配的字节?
另外:
- 确保每次打印后都会刷新输出文件,以确保不会发生非法指令失败,从而掩盖调试打印结果
- 我建议捕获SIGILL信号,表明您的程序可能正在获取,并确保在有和没有Pin的情况下,它都在同一位置发生.
这篇关于修改PIN中的应用指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
