티스토리 뷰
#include "pin.H"
#include <fstream>
#include<iostream>
#include<string.h>
#include <cstdint>
#include<stdlib.h>
// #define start 0x7FFD95D65A90
// #define end 0x7FFD95D6602D
//#define start 0x7FFC46E42DD0
//#define end 0x7FFC46E43067
#define start 0x7FFC46E428A0
#define end 0x7FFC46E42AB1
#define XOR 49
#define SHL 193
#define SHR 193
#define AND 129
UINT8 Xcount = 0;
UINT8 Acount = 0;
UINT8 Rcount = 0;
UINT8 Lcount = 0;
using namespace std;
KNOB<string> KnobOutputFile(KNOB_MODE_WRITEONCE, "pintool", "o", "test.out","A pin tool");
FILE * trace;
FILE * trace2;
// UINT8 XOR[6] = {0x30,0x31,0x32,0x33,0x34,0x35};
//====================================================================
// Analysis Routines
//====================================================================
VOID printip(VOID *ip) {
fprintf(trace, "%p ", ip);
}
VOID printdisassembly(string s) {
fprintf(trace, "%s\t", s.c_str());
}
VOID printNB(UINT32 nb){
fprintf(trace2,",%d\n",nb);
}
//VOID printOpDec( VOID *ip, OPCODE *op, string *s){
// int dec = (int)op;
// switch(dec){
// case 1723:
// fprintf(trace,"%p %s %d\n",ip, s, dec);
// break;
// case 31:
// fprintf(trace,"%p %s %d\n",ip, s, dec);
// break;
// case 799:
// fprintf(trace,"%p %s %d\n",ip, s, dec);
// break;
// case 796:
// fprintf(trace,"%p %s %d\n",ip, s, dec);
// break;
// }
//}
VOID printOpDec(string s){
//fprintf(trace,"%s\n",s.c_str());
// unsigned char op[15];
// int size=sizeof(s);
// PIN_SafeCopy(&op[0],s,sizeof(s));
// for(int i=0;i<size;i++){
// fprintf(trace,"%s",op[i]);
// }
// fprintf(trace,"\n\n");
const char str1[4][4]={"XOR","SHL","SHR","AND"};
if(strcmp(s.c_str(),str1[0]) == 0){
fprintf(trace,"%d\n",XOR);
}
else if(strcmp(s.c_str(),str1[1]) == 0){
fprintf(trace,"%d\n",SHL);
}
else if(strcmp(s.c_str(),str1[2]) == 0){
fprintf(trace,"%d\n",SHR);
}
else if(strcmp(s.c_str(),str1[3]) == 0){
fprintf(trace,"%d\n",AND);
}
}
VOID printBip(VOID *ip){
fprintf(trace2,"BBL ADDR : %p ",ip);
}
VOID printTip(VOID *ip){
fprintf(trace2,"TRACE ADDR : %p ",ip);
}
VOID dump(VOID *ip, UINT32 size, string *s) {
unsigned int i;
//unsigned int j = 0;
UINT8 opcodeBytes[15];
// const char* opcodeBytes[15];
//unsigned int opDecBytes[15];
//PIN_SafeCopy로 프로그램(openssl)이 사용한 value를 읽고 쓸수 있게 함.
//opcodeBytes에 ip값을 size만큼 복사
UINT32 fetched = PIN_SafeCopy(&opcodeBytes[0], ip, size);
if (fetched != size) {
fprintf(trace, "*** error fetching instruction at address 0x%lx",(unsigned long)ip);
return;
}
// fprintf(trace, "\n\n",size);
// for(i = 0; i<2; i++){
// while(j < 6){
// if(opcodeBytes[i] == XOR[j]){
// fprintf(trace,"%p ",ip);
// fprintf(trace,"%s\t",s);
// fprintf(trace,"%02x\n",opcodeBytes[i]);
// break;
// }
// else
// j++;
// }
// }
for(i = 0;i<size;i++){
fprintf(trace,"%02x",opcodeBytes[i]);
}
fprintf(trace,"\n\n");
fflush(trace);
}
//====================================================================
// Instrumentation Routines
//====================================================================
VOID Instruction(INS ins, void *v) {
//ADDRINT address = INS_Address(ins);
//if(start <=address && address <= end){
//INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)printip, IARG_INST_PTR, IARG_END);
//INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)printdisassembly, IARG_PTR, new string(INS_Disassemble(ins)), IARG_END);
// INS_InsertCall( ins, IPOINT_BEFORE, (AFUNPTR)dump, IARG_INST_PTR, IARG_UINT32, INS_Size(ins), , IARG_END);
// INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)dump, IARG_INST_PTR, IARG_UINT32, INS_Size(ins), IARG_END);
//INS_InsertCall(ins,IPOINT_BEFORE,(AFUNPTR)printOpDec,IARG_INST_PTR, IARG_PTR,INS_Opcode(ins),IARG_PTR, new string(INS_Disassemble(ins)),IARG_END);
//INS_InsertCall(ins,IPOINT_BEFORE,(AFUNPTR)printOpDec,IARG_PTR,INS_Opcode(ins),IARG_END);
INS_InsertCall(ins,IPOINT_BEFORE,(AFUNPTR)printOpDec,IARG_PTR,new string(INS_Mnemonic(ins)),IARG_END);
//}
}
// VOID Trace(TRACE trace, void *v){
// ADDRINT addr = TRACE_Address(trace);
// if(start <= addr && addr <= end){
// for(BBL bbl = TRACE_BblHead(trace);BBL_Valid(bbl);bbl = BBL_Next(bbl)){
// TRACE_InsertCall(trace,IPOINT_BEFORE,(AFUNPTR)printTip,IARG_PTR,TRACE_Address(trace),IARG_END);
// TRACE_InsertCall(trace,IPOINT_BEFORE,(AFUNPTR)printBip,IARG_PTR,BBL_Address(bbl),IARG_END);
// }
// TRACE_InsertCall(trace,IPOINT_BEFORE,(AFUNPTR)printNB,IARG_PTR,TRACE_NumBbl(trace),IARG_END);
// }
// }
VOID Fini(INT32 code, VOID *v) {
// printf("count = %ld\n",(long)Bcount);
fclose(trace);
fclose(trace2);
}
INT32 Usage(VOID) {
PIN_ERROR("This Pintool failed\n"
+ KNOB_BASE::StringKnobSummary() + "\n");
return -1;
}
int main(int argc, char *argv[])
{
printf("start\n");
trace = fopen("getop1.out", "w");
trace2 = fopen("getop2.out", "w");
printf("trace\n");
if (PIN_Init(argc, argv)) return Usage();
PIN_InitSymbols();
//PIN_AddInternalExceptionHandler(ExceptionHandler,NULL);
INS_AddInstrumentFunction(Instruction, 0);
// TRACE_AddInstrumentFunction(Trace,0);
PIN_AddFiniFunction(Fini, 0);
// Never returns
PIN_StartProgram();
printf("end\n");
return 0;
}'리버싱' 카테고리의 다른 글
| 리버스 엔지니어링 바이블-0320 (0) | 2022.03.21 |
|---|---|
| 리버싱 엔지니어링 바이블-0311 (0) | 2022.03.11 |
| 리버싱 엔지니어링 바이블 - 0307 (0) | 2022.03.07 |
| PinTool BBL 개수 출력 (0) | 2022.02.15 |
| Taint Analysis란 (0) | 2022.02.14 |
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- one-to-many
- 딥러닝
- CAN-FD
- automotive
- 머신러닝
- SOME/IP
- porks
- PCA
- 회귀
- AVB
- many-to-many
- 차량 네트워크
- automotive ethernet
- 단순선형회귀
- json2html
- AE
- 차량용 이더넷
- 로지스틱회귀
- many-to-one
- cuckoo
- AVTP
- 크로스 엔트로피
- problem statement
- 케라스
- Ethernet
- 이상탐지
- Python
- 논문 잘 쓰는법
- SVM
- HTML
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
글 보관함