alternative pintools

[xSanx]

advise an alternative PinTools? VMProtect-devirtualization

[JonathanSalwan]

Maybe:

• https://github.com/QBDI/QBDI
• https://dynamorio.org/

[xSanx]

Maybe:

• https://github.com/QBDI/QBDI
• https://dynamorio.org/

if driver windows/linux? and how necessary is "mr" (memory read) for optimization in triton?

[JonathanSalwan]

For driver/kernel you can use Qemu or an hypervisor (dump pages and emulate them offline)

[xSanx]

when intel pine is running, memory read (mr) is logged... this necessary for the effect of raising the code in llvm?

[JonathanSalwan]

I think all DBI provide such callbacks.

[xSanx]

debuggers? example windbg script?

[JonathanSalwan]

I've never used windbg, however with gdb/lldb you can put breakpoints wherever you want, then dump memory and registers and start emulating code with Triton from the dump. You can also use debugger as tracer using ptrace but that's quite slow. There are infinite ways to analyse binaries :)

[xSanx]

I do not know how to implement a dump "mr instruction" in the debugger ))))

[xSanx]

is there a command for gdb for memory read callback?

[JonathanSalwan]

I don't think there are memory callbacks in gdb. However, you can ptrace and directly read memory. Within gdb it's like doing si + x/x addr