int main(int argc, char * argv[]) { PIN_Init(argc, argv); // Callback function to invoke for every // execution of an instruction INS_AddInstrumentFunction(Instruction, 0); // Callback functions to invoke before // Pin releases control of the application PIN_AddDetachFunction(HelloWorld, 0); PIN_AddDetachFunction(ByeWorld, 0); PIN_AddFiniFunction(Fini, 0); // Never returns PIN_StartProgram(); return 0; }
int main(int argc, char *argv[]) { // Initialize PIN library. Print help message if -h(elp) is specified // in the command line or the command line is invalid if(PIN_Init(argc,argv)) return Usage(); /// Instrumentations // Register function to be called to instrument traces TRACE_AddInstrumentFunction(trace_instrumentation, 0); // Register function to be called when the application exits PIN_AddFiniFunction(this_is_the_end, 0); // Register function to be called when a module is loaded IMG_AddInstrumentFunction(image_instrumentation, 0); /// Other stuffs // This routine will be called if the sleeping_thread calls PIN_Detach() (when the time is out) PIN_AddDetachFunction(pin_is_detached, 0); // Run a thread that will wait for the time out PIN_SpawnInternalThread( sleeping_thread, 0, 0, NULL ); // If we are in a wow64 process we must blacklist manually the JMP FAR: stub // from being instrumented (each time a syscall is called, it will be instrumented for *nothing*) // Its address is in FS:[0xC0] on Windows 7 ADDRINT wow64stub = __readfsdword(0xC0); modules_blacklisted.insert( std::make_pair( std::string("wow64stub"), std::make_pair( wow64stub, wow64stub ) ) ); /// FIRE IN THE HOLE // Start the program, never returns PIN_StartProgram(); return 0; }