Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-05-2009, 05:07
ycloud ycloud is offline
Friend
 
Join Date: Feb 2004
Posts: 53
Rept. Given: 2
Rept. Rcvd 22 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 32 Times in 8 Posts
ycloud Reputation: 23
Using Intel PIN for differential reversing

Using Intel PIN for differential reversing
hxxp://dion.t-rexin.org/notes/2009/09/29/differential-reversing/

Pin by Intel
hxxp://www.pintool.org/
hxxp://www.pintool.org/docs/29972/Pin/html/

Purpose. Pin is a tool for the dynamic instrumentation of programs. It supports Linux binary executables for Intel (R) Xscale (R), IA-32, Intel64 (64 bit x86), and Itanium (R) processors; Windows executables for IA-32 and Intel64; and MacOS executables for IA-32. Pin was designed to provide functionality similar to the popular ATOM toolkit for Compaq's Tru64 Unix on Alpha, i.e. arbitrary code (written in C or C++) can be injected at arbitrary places in the executable. Unlike Atom, Pin does not instrument an executable statically by rewriting it, but rather adds the code dynamically while the executable is running. This also makes it possible to attach Pin to an already running process.

The API. Pin provides a rich API that abstracts away the underlying instruction set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well.
Reply With Quote
  #2  
Old 11-01-2009, 21:15
niom niom is offline
Friend
 
Join Date: Jul 2004
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
niom Reputation: 0
pin is really impressive, but its not ready for primetime yet
for example, secu wont run happily when pin'd
Reply With Quote
  #3  
Old 11-10-2009, 06:27
OHPen's Avatar
OHPen OHPen is offline
Friend
 
Join Date: Aug 2003
Location: lost in code...
Posts: 92
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
OHPen Reputation: 0
pin is indeed a powerful framework. if it is used properly you can finish up a lot of the heavy envelope protections out there!

regards,
PAPiLLiON
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 08:34.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )