首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 资源下载
    3. 发新帖
[转帖]pinlog by deroko
发表于: 2012-11-15 23:19 1924

[转帖]pinlog by deroko

linhanshi 活跃值
2012-11-15 23:19
1924
pinlog by deroko
From:EXETOOLS
Here is one small, and (I hope) useful tool. What it will do is to use Pin to trace execution flow of an application, and count how many times instructions are executed. This will produce log file, which later can be imported in ida via ida plugin, and highlight code which is executed. Of course, code which is executed more will have darker highlight, and ones which are executed less will have brighter color.
Tool itself is very simple, so I don't even dare to call it project
It supports x32/x64 both Linux, and Windows
Link with source code : http://deroko.phearless.org/pinlog.zip

pinlog.zip

[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法

上传的附件:
收藏
免费 1
支持
分享
最新回复 (2)
justlovemm
雪    币: 208
活跃值: (40)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
2
多谢林版。
另外,问一下,这个是不是用的那个CPU的分支记录功能实现的?
2012-11-16 10:04
0
justlovemm
雪    币: 208
活跃值: (40)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
3
林版,这是个什么情况?

E:\tools\codetrace\pinlog\bin>pinlog c:\windows\system32\notepad.exe notepad.exe notepad.log
No trace happened inside process

E:\tools\codetrace\pinlog\bin>pinlog c:\windows\system32\notepad.exe kernel32.dll notepad.log
No trace happened inside process

看了main.c里面的代码,知道是filemap中没有记录到数据。不过这代码前面的的CreateProcess也不是直接创建arg1的进程的。看不懂代码的原理。还请林版能指教一二,多谢了。
2012-11-16 10:12
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//