Intel Pin Get Function Argument Number

Question

I am trying to write a function call tracer using Pin. It could print each function call as well as the value of each argument.

A difficulty is to get all arguments of a function. Using RTN_InsertCall, you can pass function arguments to your instrumentation code:

intel pin RTN_InsertCall multiple function arguments

However, you need to know the number of arguments of the current routine. Is there a way to do that?

Thanks!

Answer 1

You should provide the crucial info on whether you have debug symbols for the binary in question or not. If you do have the debug symbols available, then it's a breeze. There are standard libraries for parsing those.

If you don't have debug symbols, then it can be really tough and you're basically better off with a visual exploratory tool like IDA Pro. There has been some research on automatically finding function signatures for stripped binaries (e.g. ftp://ftp.cs.wisc.edu/paradyn/papers/Jacobson11Unstrip.pdf), but the topic is still bleeding edge and whatever tool you use, expect it to fail at some point, because the problem is ultimately undecidable and all tools just resort to heuristics for reconstructing this info. The freely available chapter 12 of Chris Eagle's book (http://www.tinker.tv/download/idaPro_ch12.pdf) covers the way IDA does this.

Answer 2

In C, type information isn't kept in the binary.

In C++, you could try to use the function's mangled name to figure out what the types of the arguments are. However, name mangling is not standard, and usually incompatible between different compilers. Obviously, there are no guarantees here.

See also:

Is it possible to get the signature of a function in a shared library programatically?

Getting function argument types