Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin,

Published byMabel Simpson Modified over 8 years ago

Similar presentations

Presentation on theme: "April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin,"— Presentation transcript:

1 April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin, Madison

2 – 2 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Motivation  Binary tools are increasingly common  Two categories of operation Analysis : Derive semantic meaning from the binary code –Symbol tables (if present) –Decode (disassemble) instructions –Control-flow information: basic blocks, loops, functions –Data-flow information: from basic register information to highly sophisticated (and expensive) analyses. Modification –Insert, remove, or change the binary code, producing a new binary.

3 – 3 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Wide Use of Binary Tools Binary Modification –Eel, Vulcan, Etch, Atom, Diablo, Diota Binary Matching –BMT Forensics –Fenris Reverse engineering –IDA Pro Binary Translation –Objcopy, UQBT Program tracing –QPT Program debugging –Total view, gdb, STAT Program testing –Eraser Performance modeling –METRIC Performance profiling –Paradyn, Valgrind, TAU, OSS  Analysis and Modification are used in a wide variety of applications

4 – 4 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Lack of Code Sharing  Some tools do analysis and some tools do modification Only a few do both  Tools usually depend on Similar analysis Similar modification techniques  Too many different interfaces Usually too low level  Developers are forced to reinvent the wheel rather than use existing code

5 – 5 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Lack of Portability  Myriad number of differences between File formats Architectures Operating systems Compilers …  Building a portable binary tool is highly expensive Many platforms in common use

6 – 6 – The Deconstruction of Dyninst: Part 1- the SymtabAPI High-level goals  To build a toolkit that Has components for analysis Has components for modification Is portable & extensible Has an abstract interfaces Encourage sharing of functionality  Deconstruct Dyninst into a toolkit that can achieve these goals

7 – 7 – The Deconstruction of Dyninst: Part 1- the SymtabAPI DyninstAPI  Library that provides a platform-independent interface to dynamic binary analysis and modification  Goal Simplify binary tool development  Why is Dyninst successful? Analysis and modification capabilities Portability Abstract interface

8 – 8 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Drawbacks of Dyninst  Dyninst is complex  Dyninst internal components are portable but not sharable  Sometimes Dyninst is not a perfect match for user requirements  Dyninst is feature-rich in some cases Provides unnecessary extra functionality

9 – 9 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Example Scenarios  Hidden functionality Statically parse and analyze a binary without executing it Just perform stackwalking on a binary compiled without frame pointer information  Build new tools Static binary rewriter Tool to add a symbol table to stripped binaries

10 – 10 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Our Approach  Deconstruct the monolithic Dyninst into a suite of components  Each component provides a platform- independent interface to a core piece of Dyninst functionality

11 April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI AST Binary Code Instrumentation Requests Monolithic Dyninst

12 April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI Binary Code Code Gen Stack Walker Process Control SymtabAPI Code Parser Idiom Detector Instrumentation Requests Instruction Decoder Instrumenter AST

13 April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI Instruction Decoder AST Binary Code Parser Idiom Detector IA32 AMD64 POWER IA64 SPARC Instrumentation Requests Process Control Instrumenter IA32 AMD64 POWER IA64 SPARC Code Gen IA32 AMD64 POWER IA64 SPARC Stack Walker Linux AIX Solaris Windows PE ELF XCOFF IA32 AMD64 POWER IA64 SPARC

14 April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI PE Instruction Decoder AST Binary Code ELF XCOFF Code Parser Idiom Detector IA32 AMD64 POWER IA64 SPARC Symbol Table Disassembly Function Objects Call Graph Intra Proc CFGs Idiom Signatures Instrumentation Requests Process Control Instrumenter IA32 AMD64 POWER IA64 SPARC Code Gen IA32 AMD64 POWER IA64 SPARC Stack Walker Linux AIX Solaris Windows IA32 AMD64 POWER IA64 SPARC

15 – 15 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Goals of Deconstruction  Separate the key capabilities of Dyninst  Each Component Is responsible for a specific functionality Provides a general solution  Encourage sharing Share our functionality when building new tools Share functionality of other tools

16 – 16 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Benefits of Deconstruction  Access to the hidden features of Dyninst  Interoperability with other tools Standardized interfaces and sharing of components  Finer grain testing of Dyninst

17 – 17 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Benefits of Deconstruction [contd.]  Code reuse among the tool community  Make tools more portable  Unexpected benefits with new application of components

18 – 18 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Our Plan 1.Identify the key functionality 2.Refine and generalize the abstract interfaces to these components 3.Extract and separate the functionality from Dyninst 4.Rebuild Dyninst on top of these components 5.Create new tools Multi-platform static binary rewriter

19 – 19 – The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI  The first component of the deconstructed Dyninst  Multi platform library for parsing symbol table information from object files  Leverages the experience and implementation gained from building the DyninstAPI

20 – 20 – The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI Goals  Abstraction Be file format-independent  Interactivity Update data incrementally  Extensibility User-extensible data structures  Generality Parse ELF/XCOFF/PE object files On-Disk/In-Memory parsing

21 – 21 – The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI Abstractions  Represents an object file in a canonical format  Hides the multi-platform dependences Header Modules Symbols Relocations Excp Blocks Archive Debug Info Header Modules Symbols Relocations Excp Blocks Debug Info

22 – 22 – The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI Extensibility  Abstractions are designed to be extensible  Can annotate particular abstractions with tool specific data e.g. : Store type information for every symbol in the symbol table

23 – 23 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Interactivity/Extensibility SymbolAddress func1 func20x0804cd1d variable1 0x0804cc84 0x0804cd00 RegisterIs Live? R1Yes R2No R3Yes R4Yes... Type Information int Size 100 4 050

24 – 24 – The Deconstruction of Dyninst: Part 1- the SymtabAPI SymtabAPI Interface  Information from a parsed-binary is kept in run time data structures  Intuitive query-based interface e.g. findSymbolByType(name,type) Returns matching symbols  Data can then be updated by the user  Modifications available for future queries

25 – 25 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Query/Update/Export/Emit SymtabAPI Parse Binary Tool Query Response UpdateExport/Emit Binary Code XML New Binary

26 – 26 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Summary of Operations  Parse the symbols in a binary  Query for symbols  Update existing symbol information  Add new symbols  Export/Emit symbols  More details/operations in the SymtabAPI programmer’s guide

27 – 27 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Current Status  Released the initial version of SymtabAPI with the 5.1 release of Dyninst  Dyninst on top of SymtabAPI  XML export  Emit on Linux and AIX

28 – 28 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Ongoing & Future Work  Import XML  Emit a new binary on windows  Debugging information for symbols  Interfaces for the remaining components  Multi-platform static binary rewriter

29 – 29 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Demo  Please stop by and see our demo of stripped binary parsing with the SymtabAPI’s emit functionality on Linux Tuesday, May 1, 2007 Room No – 206 2:00 PM – 3:00 PM

30 – 30 – The Deconstruction of Dyninst: Part 1- the SymtabAPI Downloads  SymtabAPI http://www.paradyn.org/html/downloads.html  SymtabAPI Programmer’s guide http://www.paradyn.org/html/symtabAPI.html  Ravipati, G., Bernat, A., Miller, B.P. and Hollingsworth, J.K., "Toward the Deconstruction of Dyninst", Technical Report

Download ppt "April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin,"

Similar presentations

Extending Eclipse CDT for Remote Target Debugging Thomas Fletcher Director, Automotive Engineering Services QNX Software Systems.

Extending Eclipse CDT for Remote Target Debugging Thomas Fletcher Director, Automotive Engineering Services QNX Software Systems.
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.
Lots of content, the hope is that they will be used as reference material after the presentation.

Lots of content, the hope is that they will be used as reference material after the presentation.
1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++

1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan

® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.

Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.
Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.

Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.
© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.

© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.
Sameer Shende Department of Computer and Information Science Neuro Informatics Center University of Oregon Tool Interoperability.

Sameer Shende Department of Computer and Information Science Neuro Informatics Center University of Oregon Tool Interoperability.
The Design of a Resourceable and Retargetable Binary Translator Cristina Cifuentes Sixth Working Conference on Reverse Engineering On page(s): 280 - 291.

The Design of a Resourceable and Retargetable Binary Translator Cristina Cifuentes Sixth Working Conference on Reverse Engineering On page(s):
Compiler Summary Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Compiler Summary Mooly Sagiv html://
Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.

Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.
Dr. Kalpakis CMSC 461, Database Management Systems Introduction.

Dr. Kalpakis CMSC 461, Database Management Systems Introduction.
JCE A Java-based Commissioning Environment tool Hiroyuki Sako, JAEA Hiroshi Ikeda, Visible Information Center Inc. SAD Workshop.

JCE A Java-based Commissioning Environment tool Hiroyuki Sako, JAEA Hiroshi Ikeda, Visible Information Center Inc. SAD Workshop.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.

Similar presentations

Ads by Google