The PIN debugger is a remote debugger plugin used to record execution traces. It allows to record traces on Linux and Windows (x86 and x86_64) from any of the supported IDA platforms (Windows, Linux and MacOSX). Support for MacOSX targets is not yet available. Please see the section PIN support for MacOSX for more details on this subject.
To use the PIN debugger plugin the following steps must be carried out:
Download the appropriate version of PIN from http://www.pintool.org
- PIN Binary Path: Full path to the pin binary.
PIN Tool Path: Directory where the idadbg.so or .dll PIN tool resides.
Tracing options:
Instruction tracing: trace individual instructions
Basic block tracing: trace basic blocks
Function tracing: trace functions
Recording of register values: record register values or not. If this option is disabled, only EIP/RIP will be recorded.
PIN Tool options:
Autolaunch pin for "localhost": When this option is set and the host name specified in Debugger, Process Options is "localhost", the PIN tool will be executed by IDA. Otherwise IDA expects the PIN tool to be already running and listening. Please refer to Connecting a remote PIN tool instance from IDA for more details.
Debug mode: This flag allows one to see what's happening in the PIN tool side. It prints out some debugging information.
Extra-arguments: Additional command line arguments to be used when constructing the command line to launch PIN locally. The extra arguments can be added before the PIN tool specification (before '-t /path/to/pin/tool) or after the PIN tool (after '-t /path/to/pin/tool' but before '-- application'). Please consult the section "Command Line Switches" of the Intel PIN manual for more details. Optionally you can launch PIN yourself and connect to it from IDA. See Connecting a remote PIN tool instance from IDA for more details.
Recording traces on MacOSX target is not supported yet. Versions equal or prior to 2.12-55942 does not have support for the API PIN_SpawnInternalThread, which is needed by IDA to communicate with the PIN tool.
However, it's possible to record traces from a Linux or Windows target using the MacOSX version of IDA.
For local debugging the PIN tool can be automatically launched by IDA. For remote debugging it must be launched manually, as in the following example:
Where PORT is the port that the PIN tool will listen for incoming connections from IDA. APPLICATION is the target application to be traced and the optional parameter ARGUMENTS are the arguments to be passed to the target application. Please note that on Win64 it may be required to specify the path to specific x64 binary instead to the pin.bat batch file.
To attach to an already running process instead of starting a new one a command like the following one must be executed:
Where PID is the pid of the running process to attach and PORT the port that the PIN tool will listen for incoming connections.
The hostname and port where the PIN tool is listening for incoming connections should be specified in IDA. See the Debugger, Process options dialog.
After successfully launching the PIN tool the IDA debugger can be launched by pressing F9 or selecting Debugger, Start Process.
PIN accepts the following optional environment variables and command line arguments:
Before using the PIN tracer the PIN tool module (distributed only in source code form) must be built as the Intel PIN license disallows redistributing PIN tools in binary form.
Please refer to
to learn how to build our PIN tool.