On Fri, March 2, 2012 07:55, H. Peter Anvin wrote:

On 03/01/2012 10:43 PM, Indan Zupancic wrote:
Ok, fail on my part - I misread the above to refer to @arch, not
@instruction_pointer.

Ah, that explains a lot.

quoted

quoted

-- Pin is a great example.

Is that http://www.pintool.org/?

Can you explain how knowing the IP is useful for Pin?

All I am asking for is just one use case for providing the IP. Is that
asking for too much?

However, it still applies.  For something like Pin, Pin may want to trap
on all or a subset from the instrumented program, while the
instrumentation code -- which lives in the same address space -- needs
to execute those same instructions.

Yes, it's useless for *security* (unless perhaps if you keep very strict
tabs on the flow of control by using debug registers, dynamic
translation or whatnot), but it can be highly useful for
*instrumentation*, where you want to analyze the behavior of a
non-malicious program.

That is a good use case indeed, I'm convinced.

Thanks,

Indan