2 research outputs found
Recommended from our members
Repeatable Reverse Engineering for the Greater Good with PANDA
We present PANDA, an open-source tool that has
been purpose-built to support whole system reverse engineering.
It is built upon the QEMU whole system emulator, and so analyses
have access to all code executing in the guest and all data.
PANDA adds the ability to record and replay executions, enabling
iterative, deep, whole system analyses. Further, the replay log files
are compact and shareable, allowing for repeatable experiments.
A nine billion instruction boot of FreeBSD, e.g., is represented
by only a few hundred MB. Further, PANDA leverages QEMU's
support of thirteen different CPU architectures to make analyses
of those diverse instruction sets possible within the LLVM IR. In
this way, PANDA can have a single dynamic taint analysis, for
example, that precisely supports many CPUs. PANDA analyses
are written in a simple plugin architecture which includes a
mechanism to share functionality between plugins, increasing
analysis code re-use and simplifying complex analysis development.
We demonstrate PANDA's effectiveness via a number of
use cases, including enabling an old but legitimate version of
Starcraft to run despite a lost CD key, in-depth diagnosis of an
Internet Explorer crash, and uncovering the censorship activities
and mechanisms of a Chinese IM client
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers