Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[← Prev[Date]  [Next →] [← Prev[Thread]  [Next →]

Re: [DynInst_API:] Use DynInst to replace a branch with a NOP?

Date: Wed, 06 Jan 2016 10:57:57 -0600
From: Bill Williams <bill@xxxxxxxxxxx>
Subject: Re: [DynInst_API:] Use DynInst to replace a branch with a NOP?
On 01/06/2016 07:38 AM, Jonas Wagner wrote:

Hello,

Iâd like to dynamically modify a binary and change branches to NOPs and back. I wondered whether DynInst (in particular PatchAPI) would be a suitable tool for this. What do you think?

Hereâs what Iâd like to do in more detail: I have a program that contains branches like the one below.

... some code ...
21d0:   cmpb   $0x0, branch_flag
      â jne    2221
... some more code ...

These branches are usually not taken because the branch_flag is set to zero. Nevertheless, there is some cost for loading the flag and the non-taken branch. I would like to get rid of this cost as much as possible, by replacing that sequence of instructions with NOPs.

In a later stage, Iâd also like to undo some of these replacements, or even change the conditional branch into an unconditional branch.

PatchAPI is indeed a right tool for the job here out of the Dyninst toolkit, and the CRAFT tool is our best example of how to perform this type of instruction replacement (http://sourceforge.net/projects/crafthpc/)

The general idea is that you split the block containing the instructions you want to replace into those instructions and the remainder, replace the block with just the undesirable instructions with your desired code, and stitch things back together.

There are probably better ways to do this specific sort of manipulation, given that you can guarantee that you're either modifying whole instructions or opcode bytes one-for-one. It might be more efficient and natural to look at the ProcControl breakpoint mechanism and look at building something based on that infrastructure combined with ParseAPI's knowledge of instruction locations.

Hope this is helpful, and let us know how it works out.

--bw

Would PatchAPI be suitable for these kind of tasks? Do you have any hints for how I could use it, or what would be a better alternative?

Thanks a lot!
Jonas

â


_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api

[← Prev in Thread] Current Thread [Next in Thread→]
Previous by Date:  [DynInst_API:] Function Entry Point Recognition in Stripped Binaries, Shuai Wang
Next by Date:  Re: [DynInst_API:] Function Entry Point Recognition in Stripped Binaries, Bill Williams
Previous by Thread:  [DynInst_API:] Use DynInst to replace a branch with a NOP?, Jonas Wagner
Next by Thread:  Re: [DynInst_API:] Use DynInst to replace a branch with a NOP?, Jonas Wagner
Indexes:  [Date] [Thread]