Results 1 to 15 of 31

Thread: Runing PIN in IDA 6.4?

Hybrid View

  1. #1

    Runing PIN in IDA 6.4?

    Hello,

    I am trying to use PIN (from Intel) as the debugger, so that I can get instruction traces.

    The first step, of course, is to download the source code for IDADBG.DLL from hex-rays site and compile it. The compilation was done in VS2010 and successful (not even a single warning).

    Now then, I disassembled notepad.exe (remember, everything here is 32bit --- I am using WinXP SP3, with IDA 6.4) and chanced the debugger to PIN.

    Name:  1.JPG
Views: 1037
Size:  206.8 KB

    Pressing OK, I move forward and select the debugging options to further configure my PIN debugger setup. And here it is.

    Name:  2.JPG
Views: 975
Size:  226.1 KB

    Perfect, no issues so far. Now I run the program in the debugger and here is the error I get:

    Name:  3.JPG
Views: 961
Size:  206.6 KB

    AND, a configuration box opens up for the PIN parameters. This is how they are filled.

    Name:  4.JPG
Views: 970
Size:  218.9 KB

    Unfortunately, after saying OK, I get the same error message as in Step 3. And it loops infinitely.

    My questions are:

    1. Do you think I am configuring PIN correctly?

    2. Are there any additional PARAMETERS that need to be given in the last dialog box?

    If anyone has successfully managed to get pin running in IDA, please give me a yell.

    On a side note, running pin seperately outside IDA, AND also running Dereko's pinlogger, everything is running perfect. But IDA does not seem to want to play.

    Any suggestions?

    Thank you in advance.

    Have Phun
    Blame Microsoft, get l337 !!

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Stupid suggestion: try loading a different .exe that loads at the conventional 0x00400000 memory address, instead of high memory 0x10000000, the way notepad does. Somewhere, someone may have assumed the usual 0x00400000 memory arrangement, and is fucking things up.

  3. #3
    Quote Originally Posted by naides View Post
    Stupid suggestion: try loading a different .exe that loads at the conventional 0x00400000 memory address, instead of high memory 0x10000000, the way notepad does. Somewhere, someone may have assumed the usual 0x00400000 memory arrangement, and is fucking things up.
    Thank you. I did. But it didn't work.

    Strangely, running PIN (on it's own, without IDA) works. Running Dereko's PINTOOL works. ONLY when combined with IDA, it does not seem to work.

    And yes, I did try with a simple EXE (built using cl.exe) and running in 4x range. Nope.

    Still waiting for something...

    Have Phun
    Blame Microsoft, get l337 !!

  4. #4
    Reversing Since '98 \o/ [yAtEs]'s Avatar
    Join Date
    Feb 2002
    Posts
    97
    Blog Entries
    2
    For me it works fine, i followed the instructions here https://www.hex-rays.com/products/ida/support/tutorials/pin/pin_tutorial.pdf

    i unpacked the pin zip to c:\pin

    my pin binary path then becomes: C:\pin\ia32\bin\pin.exe
    and my tool path becomes: C:\pin\source\tools\pin\Release

    I built the plugin using vc2010 - release/win32

  5. #5
    Quote Originally Posted by [yAtEs] View Post
    For me it works fine, i followed the instructions here https://www.hex-rays.com/products/ida/support/tutorials/pin/pin_tutorial.pdf

    i unpacked the pin zip to c:\pin

    my pin binary path then becomes: C:\pin\ia32\bin\pin.exe
    and my tool path becomes: C:\pin\source\tools\pin\Release

    I built the plugin using vc2010 - release/win32
    Bang on, yates. Bang on.

    But still...nada!

    And it's not just my OS (winXP 7)

    I did it on a variety of VMs (xp, vista, 7) but no avail.

    the only problem I think is, I just opened the solution in VC2010 and rebuilt the same. Mayhaps I should be specifying win32 somewhere?

    Let me try.

    Thanks for the heads up, though.

    Have Phun

    PS: Did you download the Apr 11 or Jan 20 version of pin? I am assuming here you went with vc10.
    Blame Microsoft, get l337 !!

  6. #6
    Reversing Since '98 \o/ [yAtEs]'s Avatar
    Join Date
    Feb 2002
    Posts
    97
    Blog Entries
    2
    I downloaded the april 11th vc10

    also after copying the pin folder directly from the idaSDK into the \pin\source\tools folder i loaded vc2010 express manually
    then did file/open project/solution on IDADBG.sln then at the top changed Debug to Release, i also had to add
    C:\pin\source\include\pin and C:\pin\source\include\pin\gen to my include folder in the studio properties for it to build.

    I'm going to eventually play around with editing the IDA plugin to enable and disable block tracing on a chosen function
    with a block execution counter for function internal profiling.

    Perhaps your IDAsdk does not match your IDA version in some minor way

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •