Questions tagged [instrumentation]
Instrumentation is the process of injecting probe functions into a code (executable, source code, ...) for measurement purposes. It is extensively used for *profiling* or *dynamic-analysis* by tools like Valgrind, MAQAO, DynInst, and many others.
43
questions
1
vote
1
answer
79
views
Inject ELF with an entierly self-contained code section that can statically call standard library functions
What I want to do
What I want to do is inject an existing ELF binary with additional code that runs before the original .text section and then transfers control back to it.
What I can already do
Now, ...
0
votes
0
answers
76
views
Intel Pin Tool : Memory Trace of a function and all the functions called by it
I want a memory (read) trace of a function and all the functions called by the function I wish to trace.
This is the code I wrote.
#include "pin.H"
#include <cstdint>
#include <...
2
votes
1
answer
79
views
In Pintool, How to find the name of an routine's caller?
I want to trace the mutex variables in my rust program(e.g. which mutex called lock() and unlock() methods). And I think there're static methods.
2
votes
0
answers
221
views
PinTools Multi-threaded example (inscount_Tls.cpp): only one thread outputs
I am studying PinTools multithread example inscount_tls.cpp. When I change the number of thread to 3, only 1 thread outputs the result. Is anyone familiar with Intel Pintools instruments that can give ...
0
votes
1
answer
102
views
Dynamic instrumentation tool for injecting assembly
I'm not sure about all tools. But afaik at least with Frida functions are patched and new code is added to other memory regions and then jumped to. The rest of the code layout stays the same. Is there ...
1
vote
0
answers
411
views
How to add Instructions (OpCodes) after a If Statement in C#?
I hope someone can help me out with my problem. Currently I'm working with C# and use the library Mono.Cecil to add Instruction Code before a method exits. There is this one case, when a if statement ...
-1
votes
1
answer
256
views
Instrument memory accesses of python scripts
My research requires processing memory traces of applications. For C/C++ programs, this is easy using Intel's PIN library. However, as suggested here https://stackoverflow.com/questions/51835532/use-...
0
votes
0
answers
121
views
Pin DBI tool - Create executable
I'm starting to learn Intel's Pin framework and I can't figure out if it's possible to create an executable.
I mean, rather than creating a module and forcing people to download Pin + the module, is ...
1
vote
0
answers
620
views
Miasm VS Triton - which to choose? [closed]
Hello and thank you for reading my question,
I was wondering, which is the right tool for me to choose according to the following:
I will be using it mainly for Malware analysis and for exploit ...
0
votes
1
answer
298
views
modern instrumentation for reversing and researching [closed]
i am really glad i found this great site and wanted to ask from your expertise regarding the following issue:
i have been doing malware analysis and researching for a few years, and i want to learn ...
2
votes
0
answers
1k
views
Do you know the equivalent of the Intel Pin utility for AMD processors
Do you know an instrument equivalent to Intel Pin (https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) for AMD processors, which helps me especially for reverse of ...
5
votes
2
answers
2k
views
Trace Method Calls in .NET/C# Binary
I have a heavily obfuscated Windows service binary. Fields, types and methods are renamed. While it is possible to decompile the binary using dnSpy, it is still very cumbersome to identify important/...
1
vote
0
answers
3k
views
Tracing calls, rets and instructions with Intel Pin
I am writing a Pin tool with the following functionality:
It has to record instructions with arguments. (works well)
It has to record memory access operations associated with instructions. (works ...
1
vote
0
answers
42
views
Instrumentation fail when app use far jump 0x33 crash
Do you known any dbi tool that support instrumentation of application that use far jump 0x33?
P.S. pin, dymanoRIO don't support far jump 0x33.
1
vote
0
answers
145
views
Is Dynamic Binary Instrumentation legal in UK/EU for malware analysis?
I am doing a university project about performing malware analysis on binary files. The end goal would be to analyze real world executables(Microsoft Office installation file for example). If I use DBI,...