Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and.

Slides:



Advertisements
Similar presentations
Introduction to C++ An object-oriented language Unit - 01.
Advertisements

1 Storage Duration and Scope –Local and global variables Storage classes –automatic, static, external, register Todays Material.
CPSC 441 TUTORIAL – JANUARY 16, 2012 TA: MARYAM ELAHI INTRODUCTION TO C.
The University of Adelaide, School of Computer Science
Chapter 7 Process Environment Chien-Chung Shen CIS, UD
C++ Programming: Program Design Including Data Structures, Third Edition Chapter 7: User-Defined Functions II.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 7: User-Defined Functions II.
Chapter 7: User-Defined Functions II
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.
Memory Image of Running Programs Executable file on disk, running program in memory, activation record, C-style and Pascal-style parameter passing.
Chapter 11-12, Appendix D C Programs Higher Level languages Compilers C programming Converting C to Machine Code C Compiler for LC-3.
Java Programming: From Problem Analysis to Program Design, 4e Chapter 7 User-Defined Methods.
Chapter 7: User-Defined Methods
Advanced Programming in the UNIX Environment Hop Lee.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
University of Maryland parseThat: A Robust Arbitrary-Binary Tester for Dyninst Ray Chen.
chap13 Chapter 13 Programming in the Large.
PRINCIPLES OF OPERATING SYSTEMS Lecture 6: Processes CPSC 457, Spring 2015 May 21, 2015 M. Reza Zakerinasab Department of Computer Science, University.
Introduction to Threads CS240 Programming in C. Introduction to Threads A thread is a path execution By default, a C/C++ program has one thread called.
18-2 Understand “Scope” of an Identifier Know the Storage Classes of variables and functions Related Chapter: ABC 5.10, 5.11.
Runtime Environments Compiler Construction Chapter 7.
Andrew Bernat, Bill Williams Paradyn / Dyninst Week Madison, Wisconsin April 29-May 1, 2013 New Features in Dyninst
10/16/ Realizing Concurrency using the thread model B. Ramamurthy.
C++ Programming: From Problem Analysis to Program Design, Fifth Edition, Fifth Edition Chapter 7: User-Defined Functions II.
B. RAMAMURTHY 10/24/ Realizing Concurrency using the thread model.
CS333 Intro to Operating Systems Jonathan Walpole.
CPS4200 Unix Systems Programming Chapter 2. Programs, Processes and Threads A program is a prepared sequence of instructions to accomplish a defined task.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Dale Roberts CSCI 230 Functions Scope, Parameter Passing, Storage Specifiers Department of Computer and Information Science, School of Science, IUPUI Dale.
Operating Systems Process Creation
12/22/ Thread Model for Realizing Concurrency B. Ramamurthy.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 12-14, 2010 Binary Rewriting with Dyninst Madhavi Krishnan and Dan McNulty.
Functions Math library functions Function definition Function invocation Argument passing Scope of an variable Programming 1 DCT 1033.
Buffer Overflow Attack- proofing of Code Binaries Ramya Reguramalingam Gopal Gupta Gopal Gupta Department of Computer Science University of Texas at Dallas.
Dynamic Tuning of Parallel Programs with DynInst Anna Morajko, Tomàs Margalef, Emilio Luque Universitat Autònoma de Barcelona Paradyn/Condor Week, March.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Revisiting building. Preprocessing + Compiling 2 Creates an object file for each code file (.c ->.o) Each.o file contains code of the functions and structs.
Chapter 7 Process Environment Chien-Chung Shen CIS/UD
1 Intro to the Shell with Fork, Exec, Wait Sarah Diesburg Operating Systems CS 3430.
B. RAMAMURTHY 5/10/2013 Amrita-UB-MSES Realizing Concurrency using the thread model.
7/9/ Realizing Concurrency using Posix Threads (pthreads) B. Ramamurthy.
Realizing Concurrency using the thread model
Test 2 Review Outline.
Chapter 7 User-Defined Methods.
Java Programming: From Problem Analysis to Program Design, 3e Chapter 7 User-Defined Methods.
Chapter 7: User-Defined Functions II
New Features in Dyninst 5.1
Realizing Concurrency using the thread model
Functions and Structured Programming
CS399 New Beginnings Jonathan Walpole.
CSC 253 Lecture 8.
Scope, Parameter Passing, Storage Specifiers
Realizing Concurrency using Posix Threads (pthreads)
CSC 253 Lecture 8.
Realizing Concurrency using the thread model
Realizing Concurrency using the thread model
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
Chapter 7: User-Defined Functions II
Realizing Concurrency using the thread model
Realizing Concurrency using Posix Threads (pthreads)
Realizing Concurrency using the thread model
Realizing Concurrency using Posix Threads (pthreads)
Introduction to Computing Lecture 09: Functions (Part II)
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Presentation transcript:

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and DynC API

int main(int argc, char *argv[]) { BPatch_process * proc = bpatch.processCreate(“myMutatee”); BPatch_image *image = proc->getImage(); bpatch.registerExitCallback( readMaxArg ); //Create level variable BPatch_variableExpr *globalLevel = process->malloc(image- >findType("int")); // Entry Snippet BPatch_variableExpr *globalVar = image- >findVariable("a_global_var"); BPatch_paramExpr *paramVar = new BPatch_paramExpr(0); BPatch_localVar *localVar = NULL; // Cannot be built independantly BPatch_retExpr *ret = new BPatch_retExpr(); BPatch_variableExpr *entryCounter = NULL; BPatch_variableExpr *exitCounter = NULL; std::vector *funcs; BPatch_function *printfFunc = image->findFunction("printf", funcs); std::vector allFunctions; image->getProcedures(allFunctions); for (FuncVector::iterator iter = funcs.begin(); iter != funcs.end(); ++iter) { // Assign our local variable entryCounter = process->malloc(image->findType("int")); local = (*iter)->findLocalVar("a_local_var"); // Allocate a counter entryCounter = proc->malloc(image->findType("int")); exitCounter = proc->malloc(image->findType("int")); std::vector args; args.push_back(BPatch_constExpr("(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n")); args.push_back(globalLevel); char fname[512]; args.push_back((iter*)->getName(fName, 512)); args.push_back(new BPatch_originalAddressExpr()); args.push_back(entryCounter); args.push_back(paramVar); args.push_back(localVar); args.push_back(globalVar); //build printf BPatch_funcCallExpr *printfExprEntry = new BPatch_funcCallExpr(printfFunc, args); args = std::vector(); args.push_back(BPatch_constExpr("(level %d) Exiting %s: returning = %d, global = %d.\n")); args.push_back(globalLevel); char fname[512]; args.push_back((iter*)->getName(fName, 512)); args.push_back(BPatch_retExpr()); args.push_back(globalVar); BPatch_funcCallExpr *printfExprExit = new BPatch_funcCallExpr(exitFunc, args); // Now that we have the snippets, get points and instrument std::vector *entryPs = (*iter)->findPoint(BPatch_locEntry); std::vector *exitPs = (*iter)->findPoint(BPatch_locExit); proc->insertSnippet(*entry, *entryPs); proc->insertSnippet(*exit, *exitPs); } } Motivation: Dyninst vs. DynC Dyninst API DynC API int main(int argc, char *argv[]) { BPatch_process * proc = bpatch.processCreate(“myMutatee”); BPatch_image *image = proc->getImage(); bpatch.registerExitCallback( readMaxArg ); proc->malloc(*image->findType("int"), “mallocCounter”); FILE *dynCEntryFile = fopen( “entryDynC.txt”, “r”); FILE *dynCExitFile = fopen( “exitDynC.txt”, “r”); std::vector allFunctions; image->getProcedures(allFunctions); for (FuncVector::iterator iter = funcs.begin(); iter != funcs.end(); ++iter) { PointVector *entryPts = (*iter)->findPoint(Bpatch_Entry); PointVector *exitPts = (*iter)->findPoint(BPatch_locExit); BPatch_snippet *entrySnippet = DynC_API::createSnippet(dynCEntryFile, (iter*)->entryPts[0]); BPatch_snippet *exitSnippet = DynC_API::createSnippet(dynCExitFile, (iter*)->exitPts[0]); proc->insertSnippet(*entrySnippet, *entryPts); proc->insertSnippet(*exitSnippet, *exitPts); } proc->continueExecution(); while (!proc->isTerminated()) bpatch.waitForStatusChange(); return 0; } 2 DynC and DynC API

Dyninst API Evolution of DynC 3 DynC and DynC API Interactive Shell Dyner C CodeGenDynC API User Code Mutator

int i = 0 inf`foo += 5 Runtime Compilation 4 DynC and DynC API if(inf`foo > i++){ } inf`printf(“Done”); DynC Snippet Dyninst API DynC API

if(inf`foo > i++){ inf`printf(“Done”); DynC Snippet int i = 0 inf`foo += 5 } Runtime Compilation 5 DynC and DynC API Dyninst API DynC API

DynC Snippet Runtime Compilation 6 DynC and DynC API Dyninst API DynC API

DynC Snippet Runtime Compilation 7 DynC and DynC API Dyninst API DynC API incl %eax mov %eax,.. addis r1,.. stw r1,... BPatch Snippet

DynC API BPatch_Snippet *createSnippet(, ) 8 DynC and DynC API char * std::string FILE * BPatch_Point BPatch_AddressSpace

9 static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, globalLevel, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); Running Example int globalLevel = inf`global_level--; int globalVar = global`a_global_var; int returnValue = dyninst`return_value; char *funcName = dyninst`function_name; inf`printf("(level %d) Exiting %s: returning = %d, global = %d.\n", inf`global_level++, funcName, returnValue, globalVar); /// Sample Output //// (level 1) Entering funcFoo[at 0x010] for the 1 time: parameter = "message", local = 10, global = 3. (level 1) Exiting funcFoo: returning = 1000, global = 13.

Tracing Execution with DynC o Print out: o Globals: tick_count o Locals: local_iter o Parameters and return values o Function names, addresses, and execution counts o Call stack depth 10 DynC and DynC API... (level 1) Entering funcFoo[0x010], count 1: param = “sim”, str_length = 3, tick_count = 3. (level 2) Entering funcBar[0x080], count 3: param = “emul”, str_length = 4, tick_count = 42. (level 2) Exiting funcBar: returning 320, tick_count = 80. (level 1) Exiting funcFoo: returning 1000, tick_count =

Naming Functions and Variables 11 DynC and DynC API Mutatee // Global variables int tick_count = 0; // Functions int foo(char *str) { int str_length = strlen(str); int hash = 0; for (int i = 0; i < str_length; ++i) { bar(...); } return hash; } int bar(char *str) {... } // Library functions int printf(char *format,...); o DynC uses naming rather than lookup o Domains specify naming scope o Global domain o Local domain o Parameter domain o Inferior domain o Dyninst domain

Example: DynC Entry Instrumentation 12 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access information about the instrumented point o Function name o Original address o Effective address of a memory operation o Thread ID or index o Target of indirect control flow

Example: DynC Entry Instrumentation 13 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Declare and access variables

Example: DynC Entry Instrumentation 14 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access parameters o By number or name

Example: DynC Entry Instrumentation 15 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access local and global variables

Summary and Status o C-style instrumentation interface o Domains identify functions and variables o Beta in Dyninst 7 o Interface feedback welcomed o Demo: 2:00 – 3:00, Room 1170 o Tutorial: Tomorrow 9:00 – 12:00, Room DynC and DynC API

Example: Declaring a Variable in DynC 17 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); static int entryCounter = 0;

You say, “Give me x.” 18 DynC and DynC API Dyninst Provided Mutatee Declared DynC Declared Address of Point Name of Function Global Variable Local Variable Parameter Snippet Variables “Where do I look for x?” DynC responds, x could be: (examples) Solution: Domains

You say, “Give me x.” 19 DynC and DynC API Dyninst Provided Mutatee Declared DynC Declared “Where do I look for x?” DynC responds, x could be: Solution: Domains

Example: Inferior Domain 20 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); int globalLevel = inf`global_level++;

Domain: Global and Local 21 DynC and DynC API Mutatee Local Global Inferior global`global_variable local`local_variable

Example: Global and Local Domains 22 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); int globalVar = global`a_global_var; int localVar = local`a_local_var;

Domain: Param 23 DynC and DynC API Mutatee Local Global Inferior param`2 param`p_var

Example: Inferior Domain 24 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); char *paramVar = param`0;

Example: Inferior Domain 25 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); dyninst`original_address; dyninst`function_name;

Example: Inferior Domain 26 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, globalLevel, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); inf`printf(...);

Example: Domains 27 DynC and DynC API Mutatee Local Global Inferior inf`printf() inf`allocated_variable global`global_variable local`local_variable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.