Dynamic binary instrumentation (DBI) techniques suffer from heterogeneous implementation mechanisms and a lack of unified evaluation frameworks, making it difficult to balance applicability and performance in practice. Method: This paper proposes the first cross-layer DBI taxonomy, systematically unifying process-level and full-system-level approaches. It decomposes DBI into core building blocks—such as instruction rewriting and transparent instrumentation—and characterizes their capabilities for instrumenting critical runtime events (e.g., function calls, exceptions, memory accesses). A standardized performance evaluation model is developed to empirically benchmark mainstream DBI tools across multiple scenarios, measuring overhead, coverage, and compatibility. Contribution/Results: Empirical analysis reveals clear performance trade-offs among DBI paradigms, with no universally optimal solution. The study establishes a theoretical foundation and empirical benchmark for informed DBI tool selection, enabling precise deployment in security analysis, performance debugging, and related domains.

Dynamic Binary Instrumentation (DBI) is the set of techniques that enable instrumentation of programs at run-time, making it possible to monitor and modify the execution of compiled binaries or entire systems. DBI is used for countless security applications and analyses, and is extensively used across many fields in both industry and academia. Over the years, several DBI approaches have been proposed based on different technologies and implementing diverse techniques. Every solution tries to overcome certain limitations, but they sometimes bring other shortcomings. Some are specialized for one particular domain or task, while others have a wider scope. In this paper, we shed light into the labyrinth of DBI, bringing together process-level and whole-system approaches. We depict their building blocks and analyze the underlying instrumentation techniques, comparing their ability to instrument different primitives and run-time events. Then, we evaluate their performance when implementing each primitive, and highlight relevant observations. Our results show that no single technique is better than the rest in all circumstances.