Re: [DynInst_API:] Cross-Platform Binary Analysis

[Stefan Stattelmann <stefan.stattelmann@xxxxxxxxxx>]

> Glad to hear it. What are you defining
as bare-metal PowerPC code? File 
> full of assembled instructions,
no headers etc?

I meant a binary executable created
with a gcc for the PowerPC EABI.
Here's the output of powerpc-eabi-gcc
-v:

Using built-in specs.
COLLECT_GCC=CodeSourcery/Sourcery_G++_Lite/bin/powerpc-eabi-gcc
COLLECT_LTO_WRAPPER=/home/stefan/CodeSourcery/Sourcery_G++_Lite/bin/../libexec/gcc/powerpc-eabi/4.5.2/lto-wrapper
Target: powerpc-eabi
Configured with: /scratch/froydnj/eabi-lite-release/src/gcc-4.5-2011.03/configure
--build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --target=powerpc-eabi
--enable-threads --disable-libmudflap --disable-libssp --disable-libstdcxx-pch
--enable-extra-sgxxlite-multilibs --disable-threads --with-cpu=603e --with-gnu-as
--with-gnu-ld --with-specs='%{save-temps: -fverbose-asm} -D__CS_SOURCERYGXX_MAJ__=2011
-D__CS_SOURCERYGXX_MIN__=3 -D__CS_SOURCERYGXX_REV__=39 %{O2:%{!fno-remove-local-statics:
-fremove-local-statics}} %{O*:%{O|O0|O1|O2|Os:;:%{!fno-remove-local-statics:
-fremove-local-statics}}}' --enable-languages=c,c++ --disable-shared --enable-lto
--with-newlib --with-pkgversion='Sourcery G++ Lite 2011.03-39' --with-bugurl=https://support.codesourcery.com/GNUToolchain/
--disable-nls --prefix=/opt/freescale/usr/local/gcc-4.5.39-newlib-1.18.39/powerpc-eabi
--with-headers=yes --with-sysroot=/opt/freescale/usr/local/gcc-4.5.39-newlib-1.18.39/powerpc-eabi/powerpc-eabi
--with-build-sysroot=/scratch/froydnj/eabi-lite-release/install/powerpc-eabi
--with-gmp=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--with-mpfr=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--with-mpc=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--with-ppl=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--with-host-libstdcxx='-static-libgcc -Wl,-Bstatic,-lstdc++,-Bdynamic -lm'
--with-cloog=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--with-libelf=/scratch/froydnj/eabi-lite-release/obj/host-libs-2011.03-39-powerpc-eabi-i686-pc-linux-gnu/usr
--disable-libgomp --enable-poison-system-directories --with-build-time-tools=/scratch/froydnj/eabi-lite-release/install/powerpc-eabi/bin
--with-build-time-tools=/scratch/froydnj/eabi-lite-release/install/powerpc-eabi/bin
Thread model: single
gcc version 4.5.2 (Sourcery G++ Lite
2011.03-39)


The data section of the binaries created
with the above compiler could not be read by symtab. It could also be a
problem with the linker script I used (-TMPC8349E-mITX-uboot.ld), but I
didn't look at it in detail since my knowledge about the ELF file format
is very limited.

Using a different cross-compiling gcc
with the target powerpc-linux-gnu worked directly. So I'm good for now.





From:      
 Bill Williams <bill@xxxxxxxxxxx>
To:      
 dyninst-api@xxxxxxxxxxx,

Date:      
 30.09.2013 17:13
Subject:    
   Re: [DynInst_API:]
Cross-Platform Binary Analysis
Sent by:    
   "Dyninst-api"
<dyninst-api-bounces@xxxxxxxxxxx>

---

On 09/30/2013 07:55 AM, Stefan Stattelmann wrote:
> Hi Bill,
>
> compiling with $PLATFORM set to ppc32_linux did the trick.
>
> Another issue I ran into was that bare-metal PowerPC code does not
seem
> to work. As far as I could reconstruct the problem, loading the ELF
data
> section produces an error somewhere in Object-elf.C.
> No problem with PowerPC Linux binaries though.
>
Glad to hear it. What are you defining as bare-metal PowerPC code? File
full of assembled instructions, no headers etc?

I've puttered around in the past with a mmapped CodeSource 
implementation for ParseAPI that would bypass symtab/symlite and just 
treat a file/chunk of memory as a code source; it's pretty trivial but
I've never polished it up for public use. If you're looking for 
bare-metal analysis, that's the route I'd take...I can try to dig up 
some of my old code if you need pointers/a skeleton.

> Thanks for your help.
>
> Stefan
>
>
>
> From: Bill Williams <bill@xxxxxxxxxxx>
> To: dyninst-api@xxxxxxxxxxx,
> Date: 24.09.2013 17:28
> Subject: Re: [DynInst_API:] Cross-Platform Binary Analysis
> Sent by: "Dyninst-api" <dyninst-api-bounces@xxxxxxxxxxx>
> ------------------------------------------------------------------------
>
>
>
> On 09/24/2013 07:34 AM, Stefan Stattelmann wrote:
>  > Hi,
>  >
>  > I would like to use Dyninst for cross-platform binary analysis,
e.g.,
>  > analyzing PowerPC code on a x86 machine. Is this currently
supported and
>  > if so, how? From my experiments so far it seems like binaries
for a
>  > different CPU architectures are not recognized automatically
and thus
>  > cannot be decoded.
>  >
>  > Thanks and best regards,
>  > Stefan
>  >
> Stefan--
>
> The support for this is limited, but if you're looking for binary
> analysis and not instrumentation, it shouldn't be too hard to get
it
> working. I believe, as a first approximation, that if you build the
> analysis components (symtab, instructionapi, parseapi, dataflowapi)
with
> your $PLATFORM set to your target architecture, that should give you
> components that can analyze cross-architecture binaries (but not native
> ones). (Note: it is likely that there will be some kinks to work out
> there; if/when you run into trouble, please let us know.)
>
> Improving this support has long been on our TODO list; the right thing
> is to get rid of any lingering per-architecture conditional compilation
> and properly abstract the platform-specific bits into classes (with
> machinery to auto-detect, as you note). This could happen for 9.0
but
> almost certainly not for 8.2.
>
>  >
>  > _______________________________________________
>  > Dyninst-api mailing list
>  > Dyninst-api@xxxxxxxxxxx
>  > https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>  >
>
>
> --
> --bw
>
> Bill Williams
> Paradyn Project
> bill@xxxxxxxxxxx
> _______________________________________________
> Dyninst-api mailing list
> Dyninst-api@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>
>
>
> _______________________________________________
> Dyninst-api mailing list
> Dyninst-api@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>


-- 
--bw

Bill Williams
Paradyn Project
bill@xxxxxxxxxxx
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api