Intel® C++ Compiler
Support and discussions for creating C++ code that runs on platforms based on Intel® processors.
7744 Discussions

Does taint analysis in pintool (Pin version 3.13) works in both windows and linux ?

MehdiGhninou
Beginner
824 Views

Hi I have a question please, I have builded a pintool with make on windows and used pin-3.13 to run the pin tool with the command : 

pin -t taint.dll -- main.exe

 

but I did not see any results and any information about the tainted data ? Am I missing something in the pintool c++ code ? Or the functions of the pintool aren't associated with the pin-3.13 version ?

 

here is my source code of my pintool (taint.cpp) 

 

And thank you so much for your response

0 Kudos
6 Replies
ArpitaP_Intel
Moderator
761 Views

Hi,


Thanks for reaching out to us.

We are checking your query internally, will get back to you on the updates.


Regards,

Arpita


MehdiGhninou
Beginner
740 Views
ArpitaP_Intel
Moderator
678 Views

Hi,


You're using the pintool correctly. However I can see a number of issues with the pintool code.

First, you're using the wrong types.


For example, your analysis routine has the following signature


VOID ReadMem(UINT64 insAddr, std::string insDis, UINT64 memOp)


whereas according to your instrumentation it should be


VOID ReadMem(ADDRINT insAddr, ADDRINT insDis, ADDRINT memOp)


If you want to print insDis you should call: cout << (CHAR*)insDis << endl;


Also, there is a problem with the instrumentation:


if (INS_MemoryOperandIsRead(ins, 0) && INS_OperandIsReg(ins, 0))

else if (INS_MemoryOperandIsWritten(ins, 0)){


You are using operand index 0 without checking whether it's the operand that you want.

Moreover, it's not necessarily the same operand because INS_MemoryOperandIsRead(ins, 0) refers to the first *memory* operand,

and INS_OperandIsReg(ins, 0) refers to the first *generic* (memory or register) operand.

What happens if the instruction does not have a memory operand at all?


As for the syscall callback. I'd recommend adding some printouts inside the callback to see what syscall numbers you are getting. If you're not getting any data from your pintool it could be that you are not entering the if statement in the syscall callback.


Thanks


ArpitaP_Intel
Moderator
638 Views

Hi,


Please let us know if your issue is resolved.


Thanks!


MehdiGhninou
Beginner
618 Views

Thank you so much for your help sir. Finaly ! It works on windows system 

Thank you again !

ArpitaP_Intel
Moderator
607 Views

Hi,


Glad to know that your issue is resolved. If you need any additional information, please post a new question as this thread will no longer be monitored by Intel.


Thanks!


Reply