Using Intel PIN for differential reversing
 

Using Intel PIN for differential reversing
hxxp://dion.t-rexin.org/notes/2009/09/29/differential-reversing/

Pin by Intel
hxxp://www.pintool.org/
hxxp://www.pintool.org/docs/29972/Pin/html/

Purpose. Pin is a tool for the dynamic instrumentation of programs. It supports Linux binary executables for Intel (R) Xscale (R), IA-32, Intel64 (64 bit x86), and Itanium (R) processors; Windows executables for IA-32 and Intel64; and MacOS executables for IA-32. Pin was designed to provide functionality similar to the popular ATOM toolkit for Compaq's Tru64 Unix on Alpha, i.e. arbitrary code (written in C or C++) can be injected at arbitrary places in the executable. Unlike Atom, Pin does not instrument an executable statically by rewriting it, but rather adds the code dynamically while the executable is running. This also makes it possible to attach Pin to an already running process.

The API. Pin provides a rich API that abstracts away the underlying instruction set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well.

pin is really impressive, but its not ready for primetime yet
for example, secu wont run happily when pin'd

pin is indeed a powerful framework. if it is used properly you can finish up a lot of the heavy envelope protections out there!

regards,
PAPiLLiON