The principle and actual combat of dynamic binary instrumentation

Others 2021-03-31 02:02:35 views: null

Binary instrumentation~

Say something

Although it is not the main thing to do, the knowledge of safety engineers is too large.
Learning knowledge of other subjects will help to train your thinking, so remember the learning processInsert picture description here

What is instrumentation

Dynamic binary instrumentation (DBI) technology is a method of analyzing the behavior of a binary application at runtime by injecting instrumentation code.

The dynamic binary instrumentation technology can insert specific analysis codes in the program execution process according to the user's analysis requirements without affecting the program's dynamic execution results, so as to realize the monitoring and analysis of the program's dynamic execution process.

Why do you need to insert piles

Source code instrumentation

You must have tried this way to debug your program:

。。。。。
printf("牛奶颜色:%s\n", milk_color);
。。。。

This is the source code instrumentation, which is convenient and quick. If the milk color is black, the program will go wrong .

Binary instrumentation

Inject the instrumentation code into the running process, and you can debug the program...

mov esp, ebp
我插,我看~
pop ebp

For example, you can see ebp in this way, but the process is more cumbersome than source code instrumentation and needs to be disassembled.

How to insert piles

Two main ways and three execution modes

Way 1:

The program is executed from beginning to end under the control of the dynamic binary system.
系统
控制
程序

Way 2:

The dynamic binary system can be attached to an already running program
系统
附加到
程序

The first mode:

The JIT mode is the most common implementation method, and also the most commonly used mode:
copy a file, modify, and then execute
复制文件
修改
执行

The second mode:

Interpretation mode

The third mode:

Detection mode, by using new instructions to overwrite the old instructions, the file is not copied

Instrumentation example

Pin dynamic binary instrumentation

Pin is a dynamic binary instrumentation framework developed by Intel. You can insert various functions during the running of the binary program to monitor the execution of each step of the program.
Link: Download the official website .
Pin is a closed-source framework composed of Pin and Pintool. Pin provides an API internally, and users use the API to write a plug-in in the form of a dynamic link library that can be called by Pin, called Pintool.
Insert picture description here

Generally, the two components required for instrumentation are in Pintool:

插桩代码(Instrumentation code)
    在什么位置插入插桩代码
分析代码(Analysis code)
    在选定的位置要执行的代码

Insert picture description here

Guess you like

Origin blog.csdn.net/qq_42882717/article/details/115140519
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com