int main(int argc, char * argv[])
{
PIN_Init(argc, argv);
// Callback function to invoke for every
// execution of an instruction
INS_AddInstrumentFunction(Instruction, 0);
// Callback functions to invoke before
// Pin releases control of the application
PIN_AddDetachFunction(HelloWorld, 0);
PIN_AddDetachFunction(ByeWorld, 0);
PIN_AddFiniFunction(Fini, 0);
// Never returns
PIN_StartProgram();
return 0;
}
int main(int argc, char *argv[])
{
// Initialize PIN library. Print help message if -h(elp) is specified
// in the command line or the command line is invalid
if(PIN_Init(argc,argv))
return Usage();
/// Instrumentations
// Register function to be called to instrument traces
TRACE_AddInstrumentFunction(trace_instrumentation, 0);
// Register function to be called when the application exits
PIN_AddFiniFunction(this_is_the_end, 0);
// Register function to be called when a module is loaded
IMG_AddInstrumentFunction(image_instrumentation, 0);
/// Other stuffs
// This routine will be called if the sleeping_thread calls PIN_Detach() (when the time is out)
PIN_AddDetachFunction(pin_is_detached, 0);
// Run a thread that will wait for the time out
PIN_SpawnInternalThread(
sleeping_thread,
0,
0,
NULL
);
// If we are in a wow64 process we must blacklist manually the JMP FAR: stub
// from being instrumented (each time a syscall is called, it will be instrumented for *nothing*)
// Its address is in FS:[0xC0] on Windows 7
ADDRINT wow64stub = __readfsdword(0xC0);
modules_blacklisted.insert(
std::make_pair(
std::string("wow64stub"),
std::make_pair(
wow64stub,
wow64stub
)
)
);
/// FIRE IN THE HOLE
// Start the program, never returns
PIN_StartProgram();
return 0;
}
