1 / 30

The Deconstruction of Dyninst Part 1: The SymtabAPI

The Deconstruction of Dyninst Part 1: The SymtabAPI. Giridhar Ravipati University of Wisconsin, Madison. Motivation. Binary tools are increasingly common Two categories of operation Analysis : Derive semantic meaning from the binary code Symbol tables (if present)

marlie
Télécharger la présentation

The Deconstruction of Dyninst Part 1: The SymtabAPI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Deconstruction of DyninstPart 1: The SymtabAPI Giridhar Ravipati University of Wisconsin, Madison The Deconstruction of Dyninst: Part 1- the SymtabAPI

  2. Motivation • Binary tools are increasingly common • Two categories of operation • Analysis : Derive semantic meaning from the binary code • Symbol tables (if present) • Decode (disassemble) instructions • Control-flow information: basic blocks, loops, functions • Data-flow information: from basic register information to highly sophisticated (and expensive) analyses. • Modification • Insert, remove, or change the binary code, producing a new binary. The Deconstruction of Dyninst: Part 1- the SymtabAPI

  3. Binary Modification Eel, Vulcan, Etch, Atom, Diablo, Diota Binary Matching BMT Forensics Fenris Reverse engineering IDA Pro Binary Translation Objcopy, UQBT Program tracing QPT Program debugging Total view, gdb, STAT Program testing Eraser Performance modeling METRIC Performance profiling Paradyn, Valgrind, TAU, OSS Wide Use of Binary Tools • Analysis and Modification are used in a wide variety of applications The Deconstruction of Dyninst: Part 1- the SymtabAPI

  4. Lack of Code Sharing • Some tools do analysis and some tools do modification • Only a few do both • Tools usually depend on • Similar analysis • Similar modification techniques • Too many different interfaces • Usually too low level • Developers are forced to reinvent the wheel rather than use existing code The Deconstruction of Dyninst: Part 1- the SymtabAPI

  5. Lack of Portability • Myriad number of differences between • File formats • Architectures • Operating systems • Compilers • … • Building a portable binary tool is highly expensive • Many platforms in common use The Deconstruction of Dyninst: Part 1- the SymtabAPI

  6. High-level goals • To build a toolkit that • Has components for analysis • Has components for modification • Is portable & extensible • Has an abstract interfaces • Encourage sharing of functionality • Deconstruct Dyninst into a toolkit that can achieve these goals The Deconstruction of Dyninst: Part 1- the SymtabAPI

  7. DyninstAPI • Library that provides a platform-independent interface to dynamic binary analysis and modification • Goal • Simplify binary tool development • Why is Dyninst successful? • Analysis and modification capabilities • Portability • Abstract interface The Deconstruction of Dyninst: Part 1- the SymtabAPI

  8. Drawbacks of Dyninst • Dyninst is complex • Dyninst internal components are portable but not sharable • Sometimes Dyninst is not a perfect match for user requirements • Dyninst is feature-rich in some cases • Provides unnecessary extra functionality The Deconstruction of Dyninst: Part 1- the SymtabAPI

  9. Example Scenarios • Hidden functionality • Statically parse and analyze a binary without executing it • Just perform stackwalking on a binary compiled without frame pointer information • Build new tools • Static binary rewriter • Tool to add a symbol table to stripped binaries The Deconstruction of Dyninst: Part 1- the SymtabAPI

  10. Our Approach • Deconstruct the monolithic Dyninst into a suite of components • Each component provides a platform-independent interface to a core piece of Dyninst functionality The Deconstruction of Dyninst: Part 1- the SymtabAPI

  11. AST Monolithic Dyninst Binary Code Instrumentation Requests The Deconstruction of Dyninst: Part 1- the SymtabAPI

  12. AST Code Gen SymtabAPI Stack Walker Code Parser Binary Code IdiomDetector Process Control Instrumenter Instruction Decoder Instrumentation Requests The Deconstruction of Dyninst: Part 1- the SymtabAPI

  13. SymtabAPI Code Gen AST Stack Walker IA32 IA32 PE AMD64 AMD64 ELF Code Parser POWER POWER XCOFF IA64 IA64 Binary Code SPARC SPARC IA32 IA32 Linux IdiomDetector AMD64 AMD64 AIX POWER POWER Solaris IA64 IA64 Windows SPARC Instrumentation Requests SPARC Instruction Decoder Process Control The Deconstruction of Dyninst: Part 1- the SymtabAPI Instrumenter

  14. SymtabAPI Code Gen AST Stack Walker Symbol Table IA32 IA32 PE AMD64 AMD64 Function Objects ELF Code Parser POWER POWER XCOFF IA64 Call Graph IA64 Binary Code SPARC SPARC Intra Proc CFGs IA32 IA32 Linux IdiomDetector AMD64 AMD64 AIX POWER Idiom Signatures POWER Solaris IA64 IA64 Disassembly Windows SPARC Instrumentation Requests SPARC Instruction Decoder Process Control The Deconstruction of Dyninst: Part 1- the SymtabAPI Instrumenter

  15. Goals of Deconstruction • Separate the key capabilities of Dyninst • Each Component • Is responsible for a specific functionality • Provides a general solution • Encourage sharing • Share our functionality when building new tools • Share functionality of other tools The Deconstruction of Dyninst: Part 1- the SymtabAPI

  16. Benefits of Deconstruction • Access to the hidden features of Dyninst • Interoperability with other tools • Standardized interfaces and sharing of components • Finer grain testing of Dyninst The Deconstruction of Dyninst: Part 1- the SymtabAPI

  17. Benefits of Deconstruction [contd.] • Code reuse among the tool community • Make tools more portable • Unexpected benefits with new application of components The Deconstruction of Dyninst: Part 1- the SymtabAPI

  18. Our Plan • Identify the key functionality • Refine and generalize the abstract interfaces to these components • Extract and separate the functionality from Dyninst • Rebuild Dyninst on top of these components • Create new tools • Multi-platform static binary rewriter The Deconstruction of Dyninst: Part 1- the SymtabAPI

  19. SymtabAPI • The first component of the deconstructed Dyninst • Multi platform library for parsing symbol table information from object files • Leverages the experience and implementation gained from building the DyninstAPI The Deconstruction of Dyninst: Part 1- the SymtabAPI

  20. SymtabAPI Goals • Abstraction • Be file format-independent • Interactivity • Update data incrementally • Extensibility • User-extensible data structures • Generality • Parse ELF/XCOFF/PE object files • On-Disk/In-Memory parsing The Deconstruction of Dyninst: Part 1- the SymtabAPI

  21. SymtabAPI Abstractions • Represents an object file in a canonical format • Hides the multi-platform dependences Header Header Modules Modules Symbols Archive Symbols Relocations Relocations Excp Blocks Excp Blocks Debug Info Debug Info The Deconstruction of Dyninst: Part 1- the SymtabAPI

  22. SymtabAPI Extensibility • Abstractions are designed to be extensible • Can annotate particular abstractions with tool specific data • e.g. : Store type information for every symbol in the symbol table The Deconstruction of Dyninst: Part 1- the SymtabAPI

  23. Interactivity/Extensibility Symbol Address Size Type Information int func1 0x0804cc84 100 variable1 0x0804cd00 4 func2 0x0804cd1d 50 0 ... ... The Deconstruction of Dyninst: Part 1- the SymtabAPI

  24. SymtabAPI Interface • Information from a parsed-binary is kept in run time data structures • Intuitive query-based interface • e.g. findSymbolByType(name,type) • Returns matching symbols • Data can then be updated by the user • Modifications available for future queries The Deconstruction of Dyninst: Part 1- the SymtabAPI

  25. Query/Update/Export/Emit Binary Tool Parse Query Update Export/Emit Response XML Binary Code SymtabAPI New Binary The Deconstruction of Dyninst: Part 1- the SymtabAPI

  26. Summary of Operations • Parse the symbols in a binary • Query for symbols • Update existing symbol information • Add new symbols • Export/Emit symbols • More details/operations in the SymtabAPI programmer’s guide The Deconstruction of Dyninst: Part 1- the SymtabAPI

  27. Current Status • Released the initial version of SymtabAPI with the 5.1 release of Dyninst • Dyninst on top of SymtabAPI • XML export • Emit on Linux and AIX The Deconstruction of Dyninst: Part 1- the SymtabAPI

  28. Ongoing & Future Work • Import XML • Emit a new binary on windows • Debugging information for symbols • Interfaces for the remaining components • Multi-platform static binary rewriter The Deconstruction of Dyninst: Part 1- the SymtabAPI

  29. Demo • Please stop by and see our demo of stripped binary parsing with the SymtabAPI’s emit functionality on Linux Tuesday, May 1, 2007 Room No – 206 2:00 PM – 3:00 PM The Deconstruction of Dyninst: Part 1- the SymtabAPI

  30. Downloads • SymtabAPI • http://www.paradyn.org/html/downloads.html • SymtabAPI Programmer’s guide • http://www.paradyn.org/html/symtabAPI.html • Ravipati, G., Bernat, A., Miller, B.P. and Hollingsworth, J.K., "Toward the Deconstruction of Dyninst", Technical Report The Deconstruction of Dyninst: Part 1- the SymtabAPI

More Related