Timeline for Intel Pin memory operations tracking
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 7, 2016 at 14:57 | comment | added | aGGeRReS | Allright, thank you. But they all work with data stored in RAM (not taking CPU's cache into account, since pages are synchronized), am I right? And why there is no read operations after calls so far? | |
| Apr 7, 2016 at 14:47 | comment | added | Jason Geffner | Every instruction you printed above does indeed involve a memory read or write. pops and rets read from the stack memory, the movs write to memory, the calls read from memory, and the push writes to the stack memory. | |
| Apr 7, 2016 at 14:15 | comment | added | aGGeRReS | Well, comment formatting doesn't work well, but as you can see - there are still opcodes with no memory operations. Do you exactly know what kind of memory operations (to what kind of memory) Pin traces? | |
| Apr 7, 2016 at 14:14 | comment | added | aGGeRReS | This is an interesting suggestion. But when I tried I received the following: > [pop ebx] > > [pop edi] > > [pop esi] > > [pop ebp] > > [ret 0x10] > > RRRRR > > [mov byte ptr [ebp-0x19], al] > > [mov dword ptr [ebp-0x4], ebx] > > [call 0x7770c290] > > WWW > > [call 0x776f2165] > > W > > [push ebp] > > [mov eax, dword ptr fs:[0x18]] | |
| Apr 7, 2016 at 14:00 | history | answered | Jason Geffner | CC BY-SA 3.0 |