Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and.

Published byIan Seeger Modified over 9 years ago

Similar presentations

Presentation on theme: "Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and."— Presentation transcript:

1 Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and DynC API

2 int main(int argc, char *argv[]) { BPatch_process * proc = bpatch.processCreate(“myMutatee”); BPatch_image *image = proc->getImage(); bpatch.registerExitCallback( readMaxArg ); //Create level variable BPatch_variableExpr *globalLevel = process->malloc(image- >findType("int")); // Entry Snippet BPatch_variableExpr *globalVar = image- >findVariable("a_global_var"); BPatch_paramExpr *paramVar = new BPatch_paramExpr(0); BPatch_localVar *localVar = NULL; // Cannot be built independantly BPatch_retExpr *ret = new BPatch_retExpr(); BPatch_variableExpr *entryCounter = NULL; BPatch_variableExpr *exitCounter = NULL; std::vector *funcs; BPatch_function *printfFunc = image->findFunction("printf", funcs); std::vector allFunctions; image->getProcedures(allFunctions); for (FuncVector::iterator iter = funcs.begin(); iter != funcs.end(); ++iter) { // Assign our local variable entryCounter = process->malloc(image->findType("int")); local = (*iter)->findLocalVar("a_local_var"); // Allocate a counter entryCounter = proc->malloc(image->findType("int")); exitCounter = proc->malloc(image->findType("int")); std::vector args; args.push_back(BPatch_constExpr("(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n")); args.push_back(globalLevel); char fname[512]; args.push_back((iter*)->getName(fName, 512)); args.push_back(new BPatch_originalAddressExpr()); args.push_back(entryCounter); args.push_back(paramVar); args.push_back(localVar); args.push_back(globalVar); //build printf BPatch_funcCallExpr *printfExprEntry = new BPatch_funcCallExpr(printfFunc, args); args = std::vector(); args.push_back(BPatch_constExpr("(level %d) Exiting %s: returning = %d, global = %d.\n")); args.push_back(globalLevel); char fname[512]; args.push_back((iter*)->getName(fName, 512)); args.push_back(BPatch_retExpr()); args.push_back(globalVar); BPatch_funcCallExpr *printfExprExit = new BPatch_funcCallExpr(exitFunc, args); // Now that we have the snippets, get points and instrument std::vector *entryPs = (*iter)->findPoint(BPatch_locEntry); std::vector *exitPs = (*iter)->findPoint(BPatch_locExit); proc->insertSnippet(*entry, *entryPs); proc->insertSnippet(*exit, *exitPs); } } Motivation: Dyninst vs. DynC Dyninst API DynC API int main(int argc, char *argv[]) { BPatch_process * proc = bpatch.processCreate(“myMutatee”); BPatch_image *image = proc->getImage(); bpatch.registerExitCallback( readMaxArg ); proc->malloc(*image->findType("int"), “mallocCounter”); FILE *dynCEntryFile = fopen( “entryDynC.txt”, “r”); FILE *dynCExitFile = fopen( “exitDynC.txt”, “r”); std::vector allFunctions; image->getProcedures(allFunctions); for (FuncVector::iterator iter = funcs.begin(); iter != funcs.end(); ++iter) { PointVector *entryPts = (*iter)->findPoint(Bpatch_Entry); PointVector *exitPts = (*iter)->findPoint(BPatch_locExit); BPatch_snippet *entrySnippet = DynC_API::createSnippet(dynCEntryFile, (iter*)->entryPts[0]); BPatch_snippet *exitSnippet = DynC_API::createSnippet(dynCExitFile, (iter*)->exitPts[0]); proc->insertSnippet(*entrySnippet, *entryPts); proc->insertSnippet(*exitSnippet, *exitPts); } proc->continueExecution(); while (!proc->isTerminated()) bpatch.waitForStatusChange(); return 0; } 2 DynC and DynC API

3 Dyninst API Evolution of DynC 3 DynC and DynC API Interactive Shell Dyner C CodeGenDynC API User Code Mutator

4 int i = 0 inf`foo += 5 Runtime Compilation 4 DynC and DynC API if(inf`foo > i++){ } inf`printf(“Done”); DynC Snippet Dyninst API DynC API

5 if(inf`foo > i++){ inf`printf(“Done”); DynC Snippet int i = 0 inf`foo += 5 } Runtime Compilation 5 DynC and DynC API Dyninst API DynC API

6 DynC Snippet Runtime Compilation 6 DynC and DynC API Dyninst API DynC API

7 DynC Snippet Runtime Compilation 7 DynC and DynC API Dyninst API DynC API incl %eax mov %eax,.. addis r1,.. stw r1,... BPatch Snippet

8 DynC API BPatch_Snippet *createSnippet(, ) 8 DynC and DynC API char * std::string FILE * BPatch_Point BPatch_AddressSpace

9 9 static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, globalLevel, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); Running Example int globalLevel = inf`global_level--; int globalVar = global`a_global_var; int returnValue = dyninst`return_value; char *funcName = dyninst`function_name; inf`printf("(level %d) Exiting %s: returning = %d, global = %d.\n", inf`global_level++, funcName, returnValue, globalVar); /// Sample Output //// (level 1) Entering funcFoo[at 0x010] for the 1 time: parameter = "message", local = 10, global = 3. (level 1) Exiting funcFoo: returning = 1000, global = 13.

10 Tracing Execution with DynC o Print out: o Globals: tick_count o Locals: local_iter o Parameters and return values o Function names, addresses, and execution counts o Call stack depth 10 DynC and DynC API... (level 1) Entering funcFoo[0x010], count 1: param = “sim”, str_length = 3, tick_count = 3. (level 2) Entering funcBar[0x080], count 3: param = “emul”, str_length = 4, tick_count = 42. (level 2) Exiting funcBar: returning 320, tick_count = 80. (level 1) Exiting funcFoo: returning 1000, tick_count = 110....

11 Naming Functions and Variables 11 DynC and DynC API Mutatee // Global variables int tick_count = 0; // Functions int foo(char *str) { int str_length = strlen(str); int hash = 0; for (int i = 0; i < str_length; ++i) { bar(...); } return hash; } int bar(char *str) {... } // Library functions int printf(char *format,...); o DynC uses naming rather than lookup o Domains specify naming scope o Global domain o Local domain o Parameter domain o Inferior domain o Dyninst domain

12 Example: DynC Entry Instrumentation 12 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access information about the instrumented point o Function name o Original address o Effective address of a memory operation o Thread ID or index o Target of indirect control flow

13 Example: DynC Entry Instrumentation 13 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Declare and access variables

14 Example: DynC Entry Instrumentation 14 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access parameters o By number or name

15 Example: DynC Entry Instrumentation 15 DynC and DynC API // global_level is a variable we allocated char *funcName = dyninst`function_name; void *funcAddr = dyninst`original_address; inf`printf(“(level %d) Entering %s[%p]”, global`global_level++, funcName, funcAddrs); static int entryCounter = 0; inf`printf(“count = %d”, entryCounter++); char *funcParam = param`0; inf`printf(“param = \”%s\””, funcParam); int localVar = local`str_length; inf`printf(“local_iter = %d”, str_length); int globalVar = global`tick_count; inf`printf(“tick_count = %d\n”, globalVar); o Access local and global variables

16 Summary and Status o C-style instrumentation interface o Domains identify functions and variables o Beta in Dyninst 7 o Interface feedback welcomed o Demo: 2:00 – 3:00, Room 1170 o Tutorial: Tomorrow 9:00 – 12:00, Room 1260 16 DynC and DynC API

17 Example: Declaring a Variable in DynC 17 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); static int entryCounter = 0;

18 You say, “Give me x.” 18 DynC and DynC API Dyninst Provided Mutatee Declared DynC Declared Address of Point Name of Function Global Variable Local Variable Parameter Snippet Variables “Where do I look for x?” DynC responds, x could be: (examples) Solution: Domains

19 You say, “Give me x.” 19 DynC and DynC API Dyninst Provided Mutatee Declared DynC Declared “Where do I look for x?” DynC responds, x could be: Solution: Domains

20 Example: Inferior Domain 20 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); int globalLevel = inf`global_level++;

21 Domain: Global and Local 21 DynC and DynC API Mutatee Local Global Inferior global`global_variable local`local_variable

22 Example: Global and Local Domains 22 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); int globalVar = global`a_global_var; int localVar = local`a_local_var;

23 Domain: Param 23 DynC and DynC API Mutatee Local Global Inferior param`2 param`p_var

24 Example: Inferior Domain 24 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); char *paramVar = param`0;

25 Example: Inferior Domain 25 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, inf`global_level++, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); dyninst`original_address; dyninst`function_name;

26 Example: Inferior Domain 26 DynC and DynC API static int entryCounter = 0; int globalLevel = inf`global_level++; int globalVar = global`a_global_var; int localVar = local`a_local_var; char *paramVar = param`0; void *origAddr = dyninst`original_address; char *funcName = dyninst`function_name; char *fmat = "(level %d) Entering %s[at %p] for the %d time: parameter = %s, local = %d, global = %d.\n”; inf`printf(fmat, globalLevel, funcName, origAddr, ++entryCounter, paramVar, localVar, globalVar); inf`printf(...);

27 Example: Domains 27 DynC and DynC API Mutatee Local Global Inferior inf`printf() inf`allocated_variable global`global_variable local`local_variable

Download ppt "Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 DynC: High Level Instrumentation With Dyninst Emily Jacobson DynC and."

Similar presentations

Introduction to C++ An object-oriented language Unit - 01.

Introduction to C++ An object-oriented language Unit - 01.
1 Storage Duration and Scope –Local and global variables Storage classes –automatic, static, external, register Todays Material.

1 Storage Duration and Scope –Local and global variables Storage classes –automatic, static, external, register Todays Material.
CPSC 441 TUTORIAL – JANUARY 16, 2012 TA: MARYAM ELAHI INTRODUCTION TO C.

CPSC 441 TUTORIAL – JANUARY 16, 2012 TA: MARYAM ELAHI INTRODUCTION TO C.
The University of Adelaide, School of Computer Science

The University of Adelaide, School of Computer Science
Chapter 7 Process Environment Chien-Chung Shen CIS, UD

Chapter 7 Process Environment Chien-Chung Shen CIS, UD
C++ Programming: Program Design Including Data Structures, Third Edition Chapter 7: User-Defined Functions II.

C++ Programming: Program Design Including Data Structures, Third Edition Chapter 7: User-Defined Functions II.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 7: User-Defined Functions II.

C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 7: User-Defined Functions II.
Chapter 7: User-Defined Functions II

Chapter 7: User-Defined Functions II
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.

Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.

Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.
Memory Image of Running Programs Executable file on disk, running program in memory, activation record, C-style and Pascal-style parameter passing.

Memory Image of Running Programs Executable file on disk, running program in memory, activation record, C-style and Pascal-style parameter passing.
Chapter 11-12, Appendix D C Programs Higher Level languages Compilers C programming Converting C to Machine Code C Compiler for LC-3.

Chapter 11-12, Appendix D C Programs Higher Level languages Compilers C programming Converting C to Machine Code C Compiler for LC-3.
Java Programming: From Problem Analysis to Program Design, 4e Chapter 7 User-Defined Methods.

Java Programming: From Problem Analysis to Program Design, 4e Chapter 7 User-Defined Methods.
Chapter 7: User-Defined Methods

Chapter 7: User-Defined Methods
Advanced Programming in the UNIX Environment Hop Lee.

Advanced Programming in the UNIX Environment Hop Lee.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
University of Maryland parseThat: A Robust Arbitrary-Binary Tester for Dyninst Ray Chen.

University of Maryland parseThat: A Robust Arbitrary-Binary Tester for Dyninst Ray Chen.
20070110 chap13 Chapter 13 Programming in the Large.

chap13 Chapter 13 Programming in the Large.

Similar presentations

Ads by Google