Pin is a dynamic binary instrumentation tool that enables the creation of dynamic program analysis tools.
- Instrumentation is performed directly on the binary code, which makes it independent of the source code;
- All executed code is generated by the Pin tool - original code is not executed;
- Pin operates by applying a tool to the binary code of an application;
- A tool is a user-developed dynamic library containing functions that perform the desired analysis;
- Instrumentation is performed once by registered callback functions that are invoked as code elements of the application program are translated (e.g., individual instructions, basic clocks, routines, libraries).
A Pin tool file (implemented in C++) has the following structure:
- Global Variables - used to store information that is shared among the callback functions;
- Command Line Options - used to specify the arguments that the tool will receive - KNOBS (Key Name Option Based System);
- Usage Function - prints the tool's usage;
- Analysis Functions - functions that perform the desired analysis - update global variables;
- Instrumentation Functions - functions that insert analysis code into the application code;
To use a Pin tool, the following steps are required:
- Initialize Pin -
PIN_Init(argc, argv); - Check Command Line Arguments -
PIN_InitSymbols();; - Register Instrumentation Functions -
INS_AddInstrumentFunction(Instruction, 0);; - Register Finishing Function -
PIN_AddFiniFunction(Fini, 0);; - Start Pin -
PIN_StartProgram();.
Useful command line commands:
- Check usage -
pin -t <tool> -help -- <application>; - Execute -
pin -t <tool> -- <application>. - The output is written to an output file -
<tool>.out.