On 02/25/2015 05:31 AM, Aleksandar Nikolic wrote:
Hi list,
So I am slowly working through issues regarding binary rewriting on
windows. I made few patches so far and things are going in the right
direction, I'd say.
To document the patches more easily, I'm commiting them to github
with intention of submitting a complete patch directly to you
once it's finished.
First issue was that the mutator was crashing when loading the libraries
where getMemSize was used for allocating a piece of memory
but was later erroneously used as an argument to memcpy instead of
actuall size and lead to a crash due to memcpy trying to read past the
end of the source buffer.
https://github.com/ea/dyninst/commit/bd91b200e13ba1a212b24fdf34ad1a6e544359f2
With that change, the mutator finishes the job and produces a broken
binary. Firstly , every instruction including an immediate operand
was broken as the base was missing from the calculation.
This was tracked down to a nedless substraction and was patched like so:
https://github.com/ea/dyninst/commit/4badeb118d9a1fc7a285f25251521d5c46db2221
Next issue was that the imports in the produced binary were either
missing or destroyed. Turns out that RVAs were miscalculated
as the calculation were based on initial memory VAs before the
actual .dyninst section was fixed. Rearanging the code a bit
solves the issue.
https://github.com/ea/dyninst/commit/50870a586be7c3ec016d7670dbe70f9ec1aa43f4
https://github.com/ea/dyninst/commit/9495e6d056a7d34f626f3f22a8a66ea55a7eb517
This patch is a bit hacky and the proper one would need some refactoring
but it will do for now for my tests.
Now the produced binary looks good (new section is properly added,
imports are fixed) sans one thing.
Near jumps in the inserted trampolines have a wrong target.
For example (trampoline inserted at the beginning of main in my test
example):
0x00401010 E9 07 F0 0F 00 jmp near ptr 50001ch
Should really be:
0x00401010 E9 07 10 02 00 jmp near ptr 42201ch
Which seems to be a constant error of 0xde000.
We are currently debugging this issue and I am mentioning
it in case somebody knows where the issue might be.
I'll take a look at the patches over the next couple of days, but this
all sounds very promising.
I don't have a definite answer for the trampoline issue, but I'd look at
whether there's a similar issue to the one with the imports where we
generated branches before .dyninst was fixed and didn't recalculate
them. The springboard code is very good at doing what it's told, so I'd
strongly suspect that we moved the section of relocated code after we
generated springboards.
Cheers,
Alex
On 02/11/2015 06:20 PM, Matthew LeGendre wrote:
At one point, perhaps 6-7 years ago, a student had windows binary
rewriting working to the point where you could do basic binary rewriting
on notepad.exe. They left before finishing the project, and it was
never feature complete nor functional on complicated binaries. You're
likely seeing the remains of that effort. I don't know how much of that
code is still valid or useful.
-Matt
On Wed, 11 Feb 2015, Aleksandar Nikolic wrote:
Hi,
looking at the codebase, a lot of code seems to already be there.
I'll be getting to know the code in more details. Any directions
into what would need to be implemented or what parts are missing?
Thanks,
Alex
On 02/08/2015 10:59 PM, Barton Miller wrote:
BTW, if there are any individuals or groups that would like to work on
getting rewriting to work on Windows, we'd be happy to provide support.
Not a small effort but interesting and worthwhile.
--bart
On 2/6/2015 4:36 PM, Bill Williams wrote:
No, and not exactly. Windows binary rewriting is not supported, and is
documented as such. If it were to be supported, what you are doing
would work quite reasonably.
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
--
--bw
Bill Williams
Paradyn Project
bill@xxxxxxxxxxx
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}