|
|
#1
10-05-2009, 05:07
|
|||
|
|||
|
Using Intel PIN for differential reversing
Using Intel PIN for differential reversing
hxxp://dion.t-rexin.org/notes/2009/09/29/differential-reversing/ Pin by Intel hxxp://www.pintool.org/ hxxp://www.pintool.org/docs/29972/Pin/html/ Purpose. Pin is a tool for the dynamic instrumentation of programs. It supports Linux binary executables for Intel (R) Xscale (R), IA-32, Intel64 (64 bit x86), and Itanium (R) processors; Windows executables for IA-32 and Intel64; and MacOS executables for IA-32. Pin was designed to provide functionality similar to the popular ATOM toolkit for Compaq's Tru64 Unix on Alpha, i.e. arbitrary code (written in C or C++) can be injected at arbitrary places in the executable. Unlike Atom, Pin does not instrument an executable statically by rewriting it, but rather adds the code dynamically while the executable is running. This also makes it possible to attach Pin to an already running process. The API. Pin provides a rich API that abstracts away the underlying instruction set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well. 
|
|
|
Threaded Mode