PIN (of Intel) is a great platform for dynamic binary instrumentation. I use it on daily for tracing and deobfuscating malware, and I often recommend it to others. Unfortunately, figuring out how to set it up is not so straight-forward. If you want to compile the default projects that are distributed in the package, you may get multiple errors.
I never saw the full process of fixing them documented. I struggled with this myself, and from time to time people approach me asking for help. That’s why, I decided to make a walk-through, describing all the steps I did in order to get a tool compiled.
- Used PIN package:
- pin-3.7-97619-g0d0c92f4f-msvc-windows (link)
- Microsoft Visual Studio Community 2017 (Version 15.6.5)
- Windows 8.1 64bit
- Used PIN package:
Step 0 – I downloaded the PIN package and unpacked it into C:\pin\
I will be compiling MyPinTool, that is a part of the PIN Package:
Step 1 – I opened the single tool in Visual Studio and tried to compile it.
I got an error:
So, I searched the pin main directory, and I found where this file is. It was in “C:\pin\extras\xed-ia32\include\xed” (we need to pick a 32 bit version for a 32 bit build).
So, I included that folder:Step 2 – I tried to compile it again and got another error:
So, I went to disable SAFESEH. From:I switched to: Step 3 – Another attempt of compilation, and another set of errors. This time at linking level:
I googled for those errors and I found this blog. Following the advice, I solved it by adding “crtbeginS.obj” to additional dependencies:And finally! It compiled:
I can only say that it was the nastiest part of PIN, and now it should go much easier. There are various sample projects included in the package, very helpful in learning the functionality.
To make working with it even easier, I made some scripts that are adding PIN along with my favorite tracer to the context menu. Thanks to them, I can start tracing any EXE just by one click. You can find them here.
- Dynamic Binary Instrumentation Primer – more about Pin, and the technique of Dynamic Binary Instrumentation (DBI)
- [VIDEO] Tracing executables with a Pin Tool (tiny_tracer)