Date post: | 18-Jan-2016 |
Category: |
Documents |
Upload: | kellie-dean |
View: | 219 times |
Download: | 2 times |
Paradyn Project
Paradyn / Dyninst WeekMadison, WisconsinApril 12-14, 2010
Binary Rewriting with Dyninst
Madhavi Krishnan and Dan McNulty
Talk Outline
• Binary Rewriter Review• Implementation Challenges• New Features• Rewriting Statically Linked Binaries• Conclusion
2Binary Rewriting with Dyninst
Binary Rewriting
3Binary Rewriting with Dyninst
libclibc
DyninstBinary
Rewriter
DyninstBinary
Rewriter
a.out.rewritten
a.out.rewritten
libprofilelibprofile
• Rewrite executables• Rewrite libraries• Add new libraries to binaries
a.outa.out
libc.rewritten
libc.rewritten
Binary Rewriter Capabilities
• Instrument once, run many • Support more systems (BlueGene, FreeBSD, …)• Operate on unmodified binaries
• No debug information required• No linker relocations required• No symbols required
• Rewritten binary need not be compiled or linked
4Binary Rewriting with Dyninst
Dynamic instrumentation and binary rewriting use the same abstractions and interfaces
/* Setup */BPatch_addressSpace *addr_space; if (use_bin_edit)
addr_space = BPatch.openFile(“a.out”);else
addr_space = BPatch.createProcess(“a.out”);
/* Instrumentation */addr_space->loadLibrary(“libInstrumentation.so”);addr_space->getImage()->findFunction(“func”, funcs);…addr_space->insertSnippet(callExpr, point);
/* Finalize */if (use_bin_edit) {
app_bin->writeFile(a.rewritten.out);} else {
app_proc->continueExecution();}
Binary Rewriter Example
6Binary Rewriting with Dyninst
Challenges• Complex Standards
• Executable and Linkable Format(ELF)• System V Standard• Linux Standard Base (LSB)
• Accessing information in the original binary file• Redundant information • Inconsistent! • E.g., Section size stored in headers and dynamic
section• Writing a new binary file
• Updating sections with new information• Not precisely defined by standards!• E.g., Adding new symbol to hash section
7Binary Rewriting with Dyninst
Challenges
• Implementation of the standards• Libraries and tools• OS
• Assigning meaning to undefined behavior• Symbols with no name and no type
• Stringent requirements by libelf• Section alignment
• Unexpected restrictions by the OS• Program header must be on first page• Loader assumes relocation sections are
adjacent
8Binary Rewriting with Dyninst
What is New in the Binary Rewriter?
• Linux/PowerPC32 port
• Handling run time events with the binary rewriter
• Support for rewriting static binaries
9Binary Rewriting with Dyninst
• Dealing with Position Independent Code (PIC)
• What is PIC?• Why deal with PIC?• PowerPC specific challenges
• Identifying PIC idiom• Determining current PC
Linux/PowerPC32 Port
10Binary Rewriting with Dyninst
0x1000
0x2000
0x3000
Code
Data
Shared library
Address space
PC relative referenc
es
Initialize and finalize instrumentation
Handling Run Time Events
11Binary Rewriting with Dyninst
Dyninst MutatorMutatee Process
process load
…
Events
OneTimeCodeCallback
Initialize and finalize instrumentation
Handling Run Time Events
12Binary Rewriting with Dyninst
Mutatee Binary
process load
…
Events
?Snippet to handle the event
init/fini section
A general framework to handle run time events
libnew.solibnew.a
Rewriting Static Binaries
13Binary Rewriting with Dyninst
Dynamic Binary Static Binary
Headers
Dynamic Linker
Code
libm.so
libc.so
libnew.so
Shared Libraries
?
Static Library
Code
Data
Headers
Code
Data
Adding New Libraries to Static Binaries• Link code and data from the
new libraries into the binary• Can we use use an existing
linker?• Dyninst must become a
linker
14Binary Rewriting with Dyninst
Static Binary
Headers
Code
Data
libnew.a
Rewriting a Static Binary
15Binary Rewriting with Dyninst
Headers
Code
Data
Let’s start with this simple picture of a binary
Code
Data
libdyninstRT.a
Code
Data
libprofile.a
Code
Data
libc.a
Rewriting a Static Binary
16Binary Rewriting with Dyninst
First, load new libraries Headers
Code
Data
Rewriting a Static Binary
17Binary Rewriting with Dyninst
Second, generate instrumentation toreference new libraries
References
Headers
Code
Data
Instrumentation
Code
Data
libdyninstRT.a
Code
Data
libprofile.a
Code
Data
libc.a
Rewriting a Static Binary
18Binary Rewriting with Dyninst
Third, link code and data from the newlibraries into the binary
Headers
Code
Data
InstrumentationlibdyninstRT.a
Codelibprofile.a Code
libc.a CodelibdyninstRT.a
Datalibprofile.a Data
libc.a Data
Code
Data
libdyninstRT.a
Code
Data
libprofile.a
Code
Data
libc.a
References
Rewriting a Static Binary
19Binary Rewriting with Dyninst
Finally, update the headers Old Headers
Code
Data
InstrumentationlibdyninstRT.a
Codelibprofile.a Code
libc.a CodelibdyninstRT.a
Datalibprofile.a Data
libc.a Data
New Headers
Challenges in Rewriting Static BinariesDyninst must become a linker
20Binary Rewriting with Dyninst
Object File
Object File
Static Library
Linker
Not Finalized
Static Binary
Finalized
relinker
Dyninst Binary
Rewriter
New Library
Challenges in Rewriting Static Binaries• Relinking is harder than linking
• Thread Local Storage (TLS)• Constructor and destructor tables
• Supporting TLS• Need to link together multiple TLS sections • TLS sections must be adjacent• Move existing TLS section to the end and
append new TLS sections• Update program header
21Binary Rewriting with Dyninst
Challenges in Rewriting Static Binaries
Unexpected interactions within the tool chain
22Binary Rewriting with Dyninst
gcc ldStandard Format
Unpublished conventions
DyninstBinary
Rewriter
New Library Linked Binary
/* Setup */BPatch_addressSpace *addr_space; if (use_bin_edit)
addr_space = BPatch.openFile(“a.out”);else
addr_space = BPatch.createProcess(“a.out”);
/* Instrumentation */if( addr_space->isStaticExecutable() ) { addr_space->loadLibrary(“libprofile.a”); addr_space->loadLibrary(“libc.a”);} else { addr_space->loadLibrary(“libprofile.so”);}
…/* Finalize */if (use_bin_edit) {
app_bin->writeFile(a.rewritten.out);} else {
app_proc->continueExecution();}
Binary Rewriter Example
Binary Rewriter Status
• Rewriting dynamic binaries• Linux/x86• Linux/x86_64• Linux/PowerPC32
• Rewriting static binaries • Linux/x86• Linux/x86_64
24Binary Rewriting with Dyninst
Future Directions
• Rewriting dynamically linked binaries • PowerPC64
• Rewriting statically linked binaries• PowerPC Family
• Ports to new platforms and object formats• FreeBSD (ELF)• Windows (PE, PDB)• AIX (XCOFF)
• Update debug information (DWARF) in rewritten binaries
25Binary Rewriting with Dyninst
Demo on Tuesday: Scalasca, TAU, Paraver
Questions?
26Binary Rewriting with Dyninst