Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.

Slides:



Advertisements
Similar presentations
Project Proposal Anton Tkacik, Lukas Sedlak
Advertisements

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
University of Maryland Smarter Code Generation for Dyninst Nick Rutar.
Carnegie Mellon 1 Dynamic Memory Allocation: Basic Concepts / : Introduction to Computer Systems 18 th Lecture, March 24, 2015 Instructors:
Chris Riesbeck, Fall 2007 Dynamic Memory Allocation Today Dynamic memory allocation – mechanisms & policies Memory bugs.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Paradyn. Paradyn Goals Performance measurement tool that –scales to long-running programs on large parallel and distributed systems –automates much of.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Self-propelled Instrumentation Wenbin Fang.
© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.
B. Childers, M. L. Soffa, J. Beaver, L. Ber, K. Cammarata, J. Litman, J. Misurda Presented by: Priyanka Puri SOFTTEST: A FRAMEWORK FOR SOFTWARE.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Cpeg421-08S/final-review1 Course Review Tom St. John.
CS 536 Spring Run-time organization Lecture 19.
3/17/2008Prof. Hilfinger CS 164 Lecture 231 Run-time organization Lecture 23.
Precision Going back to constant prop, in what cases would we lose precision?
Automated Tracing and Visualization of Software Security Structure and Properties Symposium on Visualization for Cyber Security 2012 (VizSec’12) Seattle,
Zhonghua Qu and Ovidiu Daescu December 24, 2009 University of Texas at Dallas.
Paradyn Project Dyninst/MRNet Users’ Meeting Madison, Wisconsin August 7, 2014 The Evolution of Dyninst in Support of Cyber Security Emily Gember-Jacobson.
University of Maryland parseThat: A Robust Arbitrary-Binary Tester for Dyninst Ray Chen.
OPERATING SYSTEM OVERVIEW. Contents Basic hardware elements.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
University of Maryland The New Dyninst Event Model James Waskiewicz.
University of Maryland The DPCL Hybrid Project James Waskiewicz.
Programming Language C++ Xulong Peng CSC415 Programming Languages.
Analysis Of Stripped Binary Code Laune Harris University of Wisconsin – Madison
Andrew Bernat, Bill Williams Paradyn / Dyninst Week Madison, Wisconsin April 29-May 1, 2013 New Features in Dyninst
1 Malware Analysis and Instrumentation Andrew Bernat and Kevin Roundy Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011.
The Deconstruction of Dyninst: Experiences and Future Directions Drew Bernat, Madhavi Krishnan, Bill Williams, Bart Miller Paradyn Project 1.
Dataflow Analysis Topic today Data flow analysis: Section 3 of Representation and Analysis Paper (Section 3) NOTE we finished through slide 30 on Friday.
CS412/413 Introduction to Compilers and Translators Spring ’99 Lecture 8: Semantic Analysis and Symbol Tables.
University of Maryland New APIs from P/D Separation James Waskiewicz.
Environment Selection Application  Firefox 1.0 or 2.0  Apache Operating System  Linux  Windows XP Instrumentation Package  JIT (DynamoRio,
University of Maryland Using Dyninst to Measure Floating-point Error Mike Lam, Jeff Hollingsworth and Pete Stewart.
Connect. Communicate. Collaborate PerfsonarUI plug-in tutorial Nina Jeliazkova ISTF, Bulgaria.
CS536 Semantic Analysis Introduction with Emphasis on Name Analysis 1.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
© 2001 Barton P. MillerParadyn/Condor Week (12 March 2001, Madison/WI) The Paradyn Port Report Barton P. Miller Computer Sciences Department.
November 2005 New Features in Paradyn and Dyninst Matthew LeGendre Ray Chen
University of Maryland Paradyn as a Strict Dyninst Client James Waskiewicz.
Formal Verification of Synchronization Issues of SpecC Description with Automatic Abstraction Thanyapat Sakunkonchak Masahiro Fujita Department of Electronics.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 12-14, 2010 Binary Rewriting with Dyninst Madhavi Krishnan and Dan McNulty.
Dynamic Instrumentation of Loops in Paradyn & Dyninst Eli Collins Computer Sciences Department University of Wisconsin-Madison Madison,
Javascript Static Code Analyzer
Paradyn Week Monday 8:45-9:15am - The Deconstruction of Dyninst: Lessons Learned and Best Practices The Deconstruction of Dyninst: Lessons Learned.
April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin,
© 2006 Andrew R. BernatMarch 2006Generalized Code Relocation Generalized Code Relocation for Instrumentation and Efficiency Andrew R. Bernat University.
13/July/1999Third USENIX Windows NT Symposium1 Detours: Binary Interception of Win32 Functions Galen Hunt and Doug Brubacher Systems and Networking Group.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29-May 1, 2013 Detecting Code Reuse Attacks Using Dyninst Components Emily Jacobson, Drew.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 Paradyn Project Deconstruction of Dyninst: Best Practices and Lessons Learned Bill.
1 ROGUE Dynamic Optimization Framework Using Pin Vijay Janapa Reddi PhD. Candidate - Electrical And Computer Engineering University of Colorado at Boulder.
Correct RelocationMarch 20, 2016 Correct Relocation: Do You Trust a Mutated Binary? Drew Bernat
Recent and Upcoming Advances in the Dyninst Toolkits
Efficient Instrumentation for Code Coverage Testing
New Features in Dyninst 5.1
Adaptive Android Kernel Live Patching
Semantic Analysis with Emphasis on Name Analysis
CompSci 725 Presentation by Siu Cho Jun, William.
A configurable binary instrumenter
New Features in Dyninst 6.1 and 6.2
Dynamic Memory A whole heap of fun….
Optimizing Your Dyninst Program
Dynamic Memory A whole heap of fun….
Efficient x86 Instrumentation:
Control Flow Analysis (Chapter 7)
Interrupts and System Calls
Presentation transcript:

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat

Motivation: a confluence of two tools 2 Introduction to the PatchAPI User Mutator DyninstAPI Code Patching find point insert snippet delete snippet Process void foo () { } void bar () { } void baz () { } Snippet Process void foo () { bar() } void bar () { baz() } void baz () { } Instrumenter.so Code Patching Snippet Dyninst (3 rd party instrumentation) Self-propelled instrumentation (1 st party instrumentation) PatchAPI

3 Introduction to the PatchAPI AST Binary Process Stackwalker API Stackwalker API Symtab API Symtab API DataFlow API DataFlow API Instruction API Parse API Parse API Code Gen Code Gen ProcControl API Binary = Existing Component = New Component = Proposed Dyninst and the Components Stackwalker API Stackwalker API ProcControl API Patch API Patch API

4 Introduction to the PatchAPI Binary Code Binary Process Symtab API Symtab API Instruction API Parse API Parse API Binary = Existing Component = New Component Self-propelled and the Components … Patch API Patch API

Outline o Overview o Point + Snippet abstractions o Design o Challenges o Public + Plugin interfaces o Applications of PatchAPI o Dyninst Reintegration o Self-propelled instrumentation 5 Introduction to the PatchAPI

Abstraction in DyninstAPI 6 BPatch_addressSpace* app = BPatch_function* foo = BPatch_snippet* snippet = BPatch_Vector * points = NULL;... points = foo->findPoint(BPatch_entry); BPatchSnippetHandle* handle1 = app->insertSnippet(snippet, points, BPatch_callBefore); points = foo->findPoint(BPatch_exit); BPatchSnippetHandle* handle2 = app->insertSnippet(snippet, points, BPatch_callAfter);... Introduction to the PatchAPI FuncEntry Snippet FuncExit Snippet Basic Block CFG of function foo Point Snippet Function Exit Block Entry Before Function Call Before Instruction Function Entry During Edge Dyninst AST DynC Binary Code User-defined

Refined Interfaces in PatchAPI 7 PatchMgrPtr patchMgr = PatchFunction* foo = SnippetPtr snippet = vector points; FilterFunc myfilter; patchMgr->findPoints(foo, FuncEntry | FuncExit | EdgeDuring | BlockExit, myfilter, back_inserter(points)); patchMgr->batchStart(); for (int i = 0; i < points.size(); i++) points[i]->push_back(snippet); patchMgr->batchFinish(); … Introduction to the PatchAPI Basic Block FuncEntry Snippet FuncExit Snippet EdgeDuring CFG of function foo Snippet BlockExit Snippet Filter-based point query Transactional semantics

Design Challenge 1: Backward Compatibility o PatchAPI has refined interfaces for code patching. o Integrating PatchAPI back to dyninst should keep dyninst interfaces unchanged. 8 Introduction to the PatchAPI Dyninst PatchAPI Code Patching Functionality Code Patching Functionality PatchAPI Compatibility Layer

Design Challenge 2: Flexibility 9 Introduction to the PatchAPI Address Space Snippet CFG Parsing Instrumentation Engine 1 st Party 3 rd Party Binary Rewriter AST DynC User-defined Online Parsing Stored CFG In-line Out-of-line 1 st Party User-defined Stored CFG Out-of-line

Plugin Interface Internal Snippet instance at point Opaque handle Location + Container PatchMgr Point Snippet Instance PatchAPI Public Interface 10 Introduction to the PatchAPI Binary Patching Tools Register plugins + Accept requests Public Interface PatchAPI

Patch Manager o Register plugins o Filter-based point query o Enforce transactional semantics for patching o batchStart / batchFinish o Improve instrumentation performance o Reduce # of IPCs for 3 rd party instrumentation. 11 Introduction to the PatchAPI

Patch Manager (Cont.) o Filter-based point query o Scope o function, block, edge, or instruction o Point type o FuncEntry, BlockExit, BeforeCall, BeforeInsn … o Filter function o User-implemented o Fine grained control o e.g., Function calls with function name MPI_* o e.g., “push” instructions o…o… 12 Introduction to the PatchAPI

Example 13 // Find Points at Function Exits and Block Exits of // those having two outgoing edges class MyFilterFunc { bool operator() (PointPtr pt) { if (pt->type() == FuncExit) return true; PatchBlock* block = If (block->targets().size() == 2) return true; return false; } }; vector output; MyFilterFunc myfilter; PatchFunction* foo = patchMgr->findPoints (foo, BlockExit | FuncExit, myfilter, back_inserter(output)); Introduction to the PatchAPI Basic Block CFG of function foo BlockExit FuncExit BlockExit

Point, Snippet, and Instance o Snippet insertion o Instance iterator o Snippet removal 14 Introduction to the PatchAPI foo () { } Point Snippet Instance Instance push_back(Snippet); Instance push_front(Snippet); instance_iterator begin(); instance_iterator end(); bool remove(Instance);

Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface PatchAPI Plugin Interface 15 Introduction to the PatchAPI Binary Patching Tools Internal PatchAPI In-line, out-of-line Online parsing, reuse stored CFG AST, DynC, user-defined code … 1 st party, 3 rd party, binary rewriter

Address Space o Memory management primitives o malloc / realloc / free o write / read o Example o 3 rd party instrumentation uses ptrace o 1 st party instrumentation uses libc 16 Introduction to the PatchAPI

Snippet 17 Introduction to the PatchAPI DynC if (x == 0) { inf ‘printf("x == 0\n"); } else if (x > 3) { inf ‘printf("x > 3\n"); } else { inf ‘printf("x < 3 but x != 0\n"); } AST Binary Code e ec ec eb 39 b e8 a8 f5 df ff … User-defined: Provided by us:

CFG Parsing 18 Introduction to the PatchAPI User Mutator PatchAPI Process On demand parsing Process Reuse Parse CFG info Stored CFG info User Mutator PatchAPI Reuse CFG info Offlne Parser Patching

Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface Dyninst Reintegration 19 Introduction to the PatchAPI DyninstInternal PatchAPI Dyninst Address Space ParseAPI In-line AST Relocate a group of code, embed snippet Parse CFG during the runtime of instrumentation Will support DynC in the future 3 rd party, binary rewriter

Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface Self-propelled instrumentation 20 Introduction to the PatchAPI Self- propelled Internal PatchAPI libc Stored CFG Hybrid Binary code Out-of-line + In-line Reuse stored CFG information A small set of instructions 1 st party instrumentation

Status 21 Introduction to the PatchAPI Conception Interface Design Dyninst Reintegration Code Refactoring Build Self- propelled instrumentation

Summary o PatchAPI from/back to Dyninst o Point and Snippet o Design of PatchAPI o Public Interface o Filter-based Point Query o Transactional Semantics o Plugin Interface o Customizing Instrumentation o To be released with Dyninst Introduction to the PatchAPI

23 Introduction to the PatchAPI Question?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.