SSA - Pwnable Study 1st Pintool
-Opcodes and Immediate Operands Auto-Analysis -
※Special Thanks to KSHMK (Compile&Test)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | #include <stdio.h> #include "pin.H" FILE *fp; unsigned char xorVal, cmpVal; char chk = 0; VOID Instruction(INS ins, VOID *v) { ADDRINT addr = INS_Address(ins); if (addr >= 0x8048202 && addr <= 0x80a3778) { switch (INS_Opcode(ins)) { case XED_ICLASS_XOR: xorVal = (unsigned char)INS_OperandImmediate(ins, 1); chk = 1; break; case XED_ICLASS_CMP: cmpVal = (unsigned char)INS_OperandImmediate(ins, 1); if (chk) { chk = 0; fprintf(fp, "%c", (xorVal^cmpVal)); break; } else { fprintf(fp, "%c", cmpVal); break; } } INS_Delete(ins); } } INT32 Usage() { PIN_ERROR("This Pintool prints the IPs of every instruction executed\n" + KNOB_BASE::StringKnobSummary() + "\n"); return -1; } VOID Start(THREADID threadIndex, CONTEXT *ctxt, INT32 flags, VOID *v) { fp = fopen("flaaaag", "w"); } VOID Fini(THREADID threadIndex, const CONTEXT *ctxt, INT32 code, VOID *v) { fclose(fp); } int main(int argc, char * argv[]) { if (PIN_Init(argc, argv)) return Usage(); INS_AddInstrumentFunction(Instruction, 0); PIN_AddThreadStartFunction(Start, 0); PIN_AddThreadFiniFunction(Fini, 0); PIN_StartProgram(); return 0; } | cs |
