A Machine-Independent Debugger--Revisited

Most debuggers are notoriously machine-dependent, but some recent research prototypes achieve varying degrees of machine-independence with novel designs. Cdb, a simple source-level debugger for C, is completely independent of its target architecture. This independence is achieved by embedding symbol tables and debugging code in the target program, which costs both time and space. This paper describes a revised design and implementation of cdb that reduces the space cost by nearly one-half and the time cost by 13% by storing symbol tables in external files. A symbol table is defined by a 31-line grammar in the Abstract Syntax Description Language (ASDL). ASDL is a domain-specific language for specifying tree data structures. The ASDL tools accept an ASDL grammar and generate code to construct, read, and write these data structures. Using ASDL automates implementing parts of the debugger, and the grammar documents the symbol table concisely. Using ASDL also suggested simplifications to the interface between the debugger and the target program. Perhaps most important, ASDL emphasizes that symbol tables are data structures, not file formats. Many of the pitfalls of working with low-level file formats can be avoided by focusing instead on high-level data structures and automating the implementation details.Comment: 12 pages; 6 figures; 3 table

Enhancement of Decompilation Results

V rámci projektu Lissom je vyvíjen rekonfigurovatelný zpětný překladač, jehož cílem je umožnit zpětný překlad programů, určených pro libovolnou platformu, do libovolného vyššího programovacího jazyka. V době počátku řešení této práce nejsou jeho výsledky ideální, neboť v něm, mimo jiné, nejsou implementovány techniky využívající dodatečné informace o programu. V rámci této práce je popsáno zpětné inženýrství a zpětný překladač projektu Lissom. Jsou zde navrženy techniky využití dodatečných informací ke zlepšení a optimalizaci jeho výsledků, konkrétně se jedná o analýzu datových sekcí a získávání ladicích informací z formátu PDB. Součástí práce je zkoumání struktury a obsahu formátu PDB. Implementace analýzy datových sekcí a použití ladicích informací je zde dále popsána a na závěr jsou zhodnoceny výsledky zpětného překladu při využití těchto technik.As a part of the Lissom project, a retargetable decompiler is being developed. Its main purpose is to decompile programs for any particular microprocessor architecture into any high-level programming language. At this thesis's beginning time, its results are not optimal because the decompiler doesn't utilize all program's additional information during decompilation that can improve the results. In this thesis, reverse engineering and Lissom decompiler is described. Techniques of using additional information to enhance decompilation results are proposed. These are data section content analysis and debug information analysis (specifically the debug information in PDB format which is proprietary format). Exploration of internal PDB structure and its content is a part of this thesis. The implementation of data section analysis and debug information utilizing is described and in the end, final decompilation results are discussed.

Developing a Generic Debugger for Advanced-Dispatching Languages

Programming-language research has introduced a considerable number of advanced-dispatching mechanisms in order to improve modularity. Advanced-dispatching mechanisms allow changing the behavior of a function without modifying their call sites and thus make the local behavior of code less comprehensible. Debuggers are tools, thus needed, which can help a developer to comprehend program behavior but current debuggers do not provide inspection of advanced-\ud dispatching-related language constructs. In this paper, we present a debugger which extends a traditional Java debugger with the ability of debugging an advanced-dispatching language constructs and a user interface for inspecting this

C Language Source Files Similarity Detection

Tato práce se zabývá návrhem, implementací a testováním nástroje csim, sloužícího pro porovnávání podobnosti dvou souborů v jazyce C. Primárním účelem vzniku tohoto nástroje je testování zpětného překladače vyvíjeného společností AVG Technologies s.r.o. Testování je prováděno na základě podobnosti abstraktního syntaktického stromu původního a dekompilovaného souboru. Čtenář je tedy seznámen se základy problematiky zpětného inženýrství, zejména zpětným překladem binárního kódu do vyšší úrovně reprezentace. Dále je popsán koloběh, kterým kód prochází od jeho vytvoření až po zpětný překlad, a jeho vliv na tento proces. Čtenáři je také poskytnut přehled o projektu LLVM a překladači Clang, který je základním stavebním kamenem nástroje csim.This thesis deals with design, implementation and testing of the csim tool, which compares two C source files by their similarity. The primary purpose of this tool is testing of a decompiler developed by AVG Technologies s.r.o. Testing is based on comparing abstract syntax trees of the original and decompiled source files. The reader is introduced to the basics of reverse engineering, especially reverse engineering of a binary file into a high-level programming language source file. The process of compiling followed by decompiling of a file is described along with its effect on reverse engineering. The LLVM project and the Clang compiler is introduced to the reader, since its libraries are the foundation upon which the csim tool is built.

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Program comprehension and reverse engineering are two large domains of computer science that have one common goal – analysis of existing programs and understanding their behaviour. In present, methods of source code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable code analysis are rare because of their complexity. In this paper, we present a complex platform independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain, developed within the Lissom project, exploits several previously designed methods and it can be used for debugging user’s applications as well as malware analysis, etc. The main contribution of this paper is to interconnect the existing methods and illustrate their usage on the real world scenarios. Furthermore, we introduce a concept of a new retargetable method – the hybrid analysis. It can eliminate the shortcomings of the static and dynamic analysis in future

Implementation of KRoC on analog devices' "SHARC" DSP

This paper summarises the experiences gained at the Control Laboratory of the University of Twente in porting the Kent Retargetable occam Compiler -KroC -to the Analog Devices' ADSP21060 SHARC Digital Signal Processor. The choice of porting the KRoC to the DSP processor was in our view both a challenge and an absolute necessity because DSP processors are an important ingredient in modern day control systems. Currently, our implementation contains the most important occam primitives such as channel communication, PAR, ALT, and most of the integer arithmatic. Furthermore, a basic kernel was realised, providing channel-communication based scheduling only. This porting process, using quite straight-forward modifications of the SPARC KRoC-translator, was done within six weeks. A representative benchmark was constructed, showing that the 33Mhz SHARC-KRoC implementation is 40% faster than the the 25Mhz T800 using the INMOS D7205 Toolset

Geração automática de ferramentas de inspeção de código para processadores especificados em ADL

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Um sistema embarcado pode ter todos os seus componentes eletrônicos implementados em um único circuito integrado, dando origem ao assim chamado System-on-a-Chip (SoC). Um SoC é composto de uma ou mais CPUs e por componentes não programáveis, tais como memória(s), barramento(s) e periférico(s). A CPU escolhida pode ser um processador dedicado, denominado Application-Specific Instruction-Set Processor (ASIP). O projeto de SoCs requer ferramentas para a inspeção de código, a fim de se explorar a corretude do software embarcado a ser executado em cada CPU. Isto pode ser feito através da geração automática de ferramentas a partir de um modelo formal de CPU, cujas características podem ser descritas através do uso de Linguagens de Descrição de Arquiteturas (Architecture Description Language - ADLs). Como o redirecionamento manual das ferramentas para cada CPU explorada seria inviável devido à pressão do time-to-market, o redirecionamento automático é mandatório. Esta dissertação contribui com a expansão do módulo de geração de ferramentas de manipulação de código binário associado à ADL ArchC, através da geração automática de desmontadores e depuradores de código. As ferramentas de desmontagem e depuração de código foram validadas por meio de comparação com ferramentas nativas congêneres para modelos de arquiteturas RISC e CISC (i8051, MIPS, SPARC e PowerPC). Para fins de experimentação, foram usados os benchmarks MiBench e Dalton, evidenciando a corretude e a robustez das ferramentas. Além disso, mostra-se a integração do gerador de desmontadores no âmbito de um tradutor binário, proposto como resultado de trabalho cooperativo (também reportado em outras duas dissertações correlatas)

Transparent dynamic instrumentation

Process virtualization provides a virtual execution environment within which an unmodified application can be monitored and controlled while it executes. The provided layer of control can be used for purposes ranging from sandboxing to compatibility to profiling. The additional operations required for this layer are performed clandestinely alongside regular program execution. Software dynamic instrumentation is one method for implementing process virtualization which dynamically instruments an application such that the application's code and the inserted code are interleaved together. DynamoRIO is a process virtualization system implemented using software code cache techniques that allows users to build customized dynamic instrumentation tools. There are many challenges to building such a runtime system. One major obstacle is transparency. In order to support executing arbitrary applications, DynamoRIO must be fully transparent so that an application cannot distinguish between running inside the virtual environment and native execution. In addition, any desired extra operations for a particular tool must avoid interfering with the behavior of the application. Transparency has historically been provided on an ad-hoc basis, as a reaction to observed problems in target applications. This paper identifies a necessary set of transparency requirements for running mainstream Windows and Linux applications. We discuss possible solutions to each transparency issue, evaluate tradeoffs between different choices, and identify cases where maintaining transparency is not practically solvable. We believe this will provide a guideline for better design and implementation of transparent dynamic instrumentation, as well as other similar process virtualization systems using software code caches