Abstract
Dynamic binary analysis is difficult and burdensome. In practice, analysts always develop dynamic binary analyzers (DBAs) based on binary instrumentation tools (BITs), which are responsible for extracting information from a binary, monitoring or altering the execution of the binary. However, existing BITs either expose machine instructions to analysts or lack user-friendly APIs. Such problems result in a steep learning curve to grasp BITs and difficulties in eliminating bugs in DBAs. This work designs DBAF, a dynamic binary analysis framework that instruments binaries dynamically, conducts an online translation from machine code into an easy-to-handle intermediate representation (IR) and provides tens of APIs for IR processing. With DBAF, analysts can process binaries in the level of IR without the troubles to interpret machine instructions. Then, we develop five DBAs on top of DBAF, which are a division-by-zero protector, an IR counter, a memory tracer, a taint analyzer and a concolic executor. It demonstrates that DBAF can reduce the development effort for DBAs, especially the ones requiring semantic interpretation of instructions. Experiments show that DBAF brings about reasonable overhead in online translation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bernat, A., Miller, B.: Anywhere, any-time binary instrumentation. In: PASTE (2011)
Bruening, D., Duesterwald, E., Amarasinghe, S.: Design and implementation of a dynamic optimization framework for windows. In: FDDO (2001)
Bruening, D., Zhao, Q., Amarasinghe, S.: Transparent dynamic instrumentation. In: VEE (2012)
Bungale, P.P., Luk, C.K.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: VEE (2007)
Chen, T., Xu, Y., Zhang, X.: A program manipulation middleware and its applications on system security. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 606–626. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_31
Chen, T., Zhang, X., Guo, S., Li, H., Wu, Y.: State of the art: dynamic symbolic execution for automated test generation. Future Gener. Comput. Syst. 29(7), 1758–1773 (2013)
Chung, J., Dalton, M., Kannan, H., Kozyrakis, C.: Thread-safe dynamic binary translation using transactional memory. In: HPCA (2008)
CVE: Cve-2010-0001 (2011). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001
CVE: Cve-2010-4051 (2011). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051
Dinaburg, A., Adve, V.: McSema: static translation of x86 instructions to LLVM. In: ReCon (2014)
Edwards, A., Vo, H., Srivastava, A.: Vulcan binary transformation in a distributed environment (2001). https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-2001-50.pdf
Feiner, P., Brown, A.D., Goel, A.: Comprehensive kernel instrumentation via dynamic binary translation. In: ASPLOS (2012)
Feng, Y.: Fixed potential LLVM value type dismatch in llvm::constantint::get. (#241) #242 (2017). https://github.com/trailofbits/mcsema/pull/2421
Guillon, C.: Program instrumentation with QEMU. In: International QEMU Users’ Forum (2011)
Hao, S., Li, D., Halfond, W.G., Govindan, R.: SIF: a selective instrumentation framework for mobile applications. In: Mobisys (2013)
Hazelwood, K., Klauser, A.: A dynamic binary instrumentation engine for the arm architecture. In: CASES (2006)
Jimborean, A., Mastrangelo, L., Loechner, V., Clauss, P.: VMAD: an advanced dynamic program analysis and instrumentation framework. In: O’Boyle, M. (ed.) CC 2012. LNCS, vol. 7210, pp. 220–239. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28652-0_12
Larus, J.R., Schnarr, E.: EEL: machine-independent executable editing. In: PLDI (1995)
Lattner, C.: The design of LLVMS (2012). http://www.drdobbs.com/architecture-and-design/the-design-of-llvm/240001128?pgno=1
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: CGO (2004)
Laurenzano, M.A., Tikir, M.M., Carrington, L., Snavely, A.: PEBIL: efficient static binary instrumentation for Linux. In: ISPASS (2010)
Lee, G.L., et al.: Dynamic binary instrumentation and data aggregation on large scale systems. Int. J. Parallel Program. 35(3), 207–232 (2007)
LLVM: LLVM language reference manual (2018). https://llvm.org/docs/LangRef.html
Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: PLDI (2005)
Maebe, J., Ronsse, M., Bosschere, K.D.: Diota: dynamic instrumentation, optimization and transformation of applications. In: WBT (2002)
Moura, L.D., Bjørner, N.: Z3: an efficient SMT solver. In: TACAS (2008)
Nanda, S., Li, W., Lam, L.C., Chiueh, T.C.: Bird: binary interpretation using runtime disassembly. In: CGO (2006)
Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI (2007)
Pellegrini, A.: Hijacker: efficient static software instrumentation with applications in high performance computing: poster paper. In: HPCS (2013)
Pin: API reference (2017). https://software.intel.com/sites/landingpage/pintool/docs/81205/Pin/html/group__API__REF.html
Prasad, M.: Disassembly challenges (2003). http://static.usenix.org/event/usenix03/tech/full_papers/prasad/prasad_html/node5.html
Put, L.V., Chanet, D., Bus, B.D., Sutter, B.D., Bosschere, K.D.: DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In: ISSPIT (2005)
Salwan, J.: Triton source code (2018). https://github.com/JonathanSalwan/Triton/tree/master/src/libtriton/arch/x86
Saudel, F., Salwan, J.: Triton: concolic execution framework (2015). http://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf
Schulz, M., et al.: Scalable dynamic binary instrumentation for blue gene/l. In: WBIA (2005)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: S&P (2010)
Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: CGO (2003)
Smithson, M., Anand, K., Kotha, A., Elwazeer, K., Giles, N., Barua, R.: Binary rewriting without relocation information (2010). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.463.3748&rep=rep1&type=pdf
Sridhar, S., Shapiro, J.S., Northup, E., Bungale, P.P.: HDTrans: an open source, low-level dynamic instrumentation system. In: VEE (2006)
Sun, E., Kaeli, D.: A binary instrumentation tool for the blackfin processor. In: WBIA (2009)
Tikir, M.M., Laurenzano, M., Carrington, L., Snavely, A.: PMAC binary instrumentation library for powerpc/aix. In: WBIA (2006)
Upton, D., Hazelwood, K., Cohn, R., Lueck, G.: Improving instrumentation speed via buffering. In: WBIA (2009)
Wallace, S., Hazelwood, K.: Superpin: parallelizing dynamic instrumentation for real-time performance. In: CGO (2007)
Yang, J., Zhou, S., Soffa, M.L.: Dimension: an instrumentation tool for virtual execution environments. In: VEE (2006)
Zhang, M., Qiao, R., Hasabnis, N., Sekar, R.: A platform for secure static binary instrumentation. In: VEE (2014)
Acknowledgment
This work is supported in part by National Key R&D Program of China (2017YF-B0802903), Project 2117H14243A and Sichuan Province Research and Technology Supporting Plan, China.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, T., Feng, Y., Lin, X., Li, Z., Zhang, X. (2018). DBAF: Dynamic Binary Analysis Framework and Its Applications. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)