ABSTRACT
The Dyninst binary instrumentation and analysis framework distinguishes itself from other binary instrumentation tools through its abstract, machine independent interface; its emphasis on anywhere, any-time binary instrumentation; and its low overhead that is proportional to the number of instrumented locations. Dyninst represents the program in terms of familiar control flow structures such as functions, loops, and basic blocks, and users manipulate these representations to insert instrumentation anywhere in the binary. We use graph transformation techniques to insure that this instrumentation executes when desired even when instrumenting highly optimized (or malicious) code that other instrumenters cannot correctly instrument. Unlike other binary instrumenters, Dyninst can instrument at any time in the execution continuum, from static instrumentation (binary rewriting) to instrumenting actively executing code (dynamic instrumentation). Furthermore, we allow users to modify or remove instrumentation at any time, with such modifications taking immediate effect. Our analysis techniques allow us to insert new code without modifying uninstrumented code; as a result, all uninstrumented code executes at native speed. We demonstrate that our techniques provide this collection of capabilities while imposing similar or lower overhead than other widely used instrumenters.
- A. R. Bernat, K. Roundy, and B. P. Miller. Efficient, sensitivity resistant binary instrumentation. In International Symposium on Software Testing and Analysis (ISSTA), Toronto, CA, July 2011. Google ScholarDigital Library
- D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Symposium on Code Generation and Optimization (CGO), San Francisco, CA, March 2003. Google ScholarDigital Library
- B. Buck and J. Hollingsworth. An API for runtime code patching. Journal of High Performance Computing Applications, 14(4):317--329, Winter 2000. Google ScholarDigital Library
- B. De Bus, B. De Sutter, L. Van Put, D. Chanet, and K. De Bosschere. Link-time optimization of arm binaries. In 2004 ACM SIGPLAN/SIGBED conference on Languages, Compilers, and Tools, pages 211--220, Jun 2004. Google ScholarDigital Library
- W. Drewry and T. Ormandy. Flayer: exposing application internals. In Workshop on Offensive Technologies (WOOT), Boston, MA, USA, August 2007. Google ScholarDigital Library
- A. Eustace and A. Srivastava. ATOM: A flexible interface for building high performance program analysis tools. In USENIX Technical Conference, New Orleans, LA, January 1995. Google ScholarDigital Library
- R. Heckel. Graph transformation in a nutshell. In Electr. Notes Theor. Comput. Sci., pages 187--198. Elsevier, 2006. Google Scholar
- M. Laurenzano, M. Tikir, L. Carrington, and A. Snavely. PEBIL: Efficient static binary instrumentation for linux. In International Symposium for Performance Analysis of Systems and Software (ISPASS), White Plains, NY, 2010.Google ScholarCross Ref
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation (PLDI), pages 190--200, Chicago, IL, USA, June 2005. Google ScholarDigital Library
- A. Moser, C. Kruegel, and E. Kirda. Exploring multiple execution paths for malware analysis. In Security and Privacy (SP), Oakland,CA, USA, May 2007. Google ScholarDigital Library
- S. Nanda, W. Li, L.-C. Lam, and T. cker Chiueh. Bird: Binary interpretation using runtime disassembly. In International Symposium on Code Generation and Optimization (CGO 2006), pages 358--370, New York, NY, 2006. Google ScholarDigital Library
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Programming Language Design and Implementation (PLDI), San Diego, CA, USA, June 2007. Google ScholarDigital Library
- J. Newsome, D. Brumley, D. Song, J. Chamcham, and X. Kovah. Vulnerability-specific execution filtering for exploit prevention on commodity software. In Network and Distributed Systems Security Symposium (NDSS), San Diego, CA, USA, February 2006.Google Scholar
- M. Olszewski, J. Cutler, and J. Steffan. Judostm: A dynamic binary-rewriting approach to software transactional memory. In Parallel Architecture and Compilation Techniques, pages 365--375, Brasov, Romania, 2007. Google ScholarDigital Library
- Open Speedshop. Open speedshop performance tool. February 2011.Google Scholar
- K. A. Roundy and B. Miller. Hybrid analysis and control of malware binaries. In Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010. Google ScholarDigital Library
- S. Shende and A. D. Malony. The TAU parallel performance system. Journal of High Performance Computing Applications, 20(2):287--311, Summer 2006. Google ScholarDigital Library
Index Terms
- Anywhere, any-time binary instrumentation
Recommendations
A platform for secure static binary instrumentation
VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsProgram instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement. As compared to source-code instrumentation, binary instrumentation is easier to use ...
Efficient, sensitivity resistant binary instrumentation
ISSTA '11: Proceedings of the 2011 International Symposium on Software Testing and AnalysisBinary instrumentation allows users to inject new code into programs without requiring source code, symbols, or debugging information. Instrumenting a binary requires structural modifications such as moving code, adding new code, and overwriting ...
Hybrid binary rewriting for memory access instrumentation
VEE '11: Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsMemory access instrumentation is fundamental to many applications such as software transactional memory systems, profiling tools and race detectors. We examine the problem of efficiently instrumenting memory accesses in x86 machine code to support ...
Comments