Development technologies evolve rapidly – code becomes more complex (virtual function, jit-code etc.). Such code is extremely difficult for static analisys. Various techniques of code instrumentation assist us. Instrumentation libraries (PIN, Valgrind, DynamoRIO, DynInst) are the most up-to-date essential tools in a security researcher’s kit. The most important research cannot be done without code instrumentation nowadays. I will tell you about the existing methods of instrumentation (Source Code instrumentation, Bytecode Instrumentation, Binary Code Instrumentation), from the simplest to the most complex ones, and about their pros and cons when the question is about solving various problems of the security researchers.

Author: Dmitriy Evdokimov.

Presentation “Light and Dark side of Code Instrumentation” from CONFidence Krakow 2012