Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[← Prev[Date]  [Next →] [← Prev[Thread]  [Next →]

Re: [DynInst_API:] Indirect Control Flow Target Deduction in CFG

Date: Sun, 03 Dec 2017 18:20:02 -0500
From: Buddhika Chamith Kahawitage Don <budkahaw@xxxxxxxxxxxx>
Subject: Re: [DynInst_API:] Indirect Control Flow Target Deduction in CFG
Hi Xiaozhu,

Thanks for the reply. I see DataFlow API supports certain kind of analyses like backward slices. Do you think they would be helpful with indirect calls etc? It would really help if these examples in the documentation are available in the Dyninst repository in the form of executable examples. I find it bit hard to piece together whole working code from the snippets in the documentation at some places.

Thanks
Buddhika


On Mon, Nov 13, 2017 at 9:37 AM, Xiaozhu Meng <mxz297@xxxxxxxxx> wrote:
Hi Buddhika,

I am sorry for the late response. In terms of how ParseAPI handle indirect control flows, ParseAPI will try to resolve indirect jumps and if these indirect jumps correspond to a switch statement in the source code, ParseAPI typically can finds the indirect jump targets. You can get these targets by traverse the control flow graph, as shown in the example of the ParseAPI manual and you can check the edge type of control flow edges to determine whether they are indirect or not. For indirect calls and indirect tail calls, ParseAPI has little support to resolve their targets.Â

For your purpose of implementing a control flow integrity prototype, you either allow indirect calls to call all functions (disallowing calling any non-function-entry address), or you will need to do other analysis on top of Dyninst to better estimate the possible call targets.Â

Hope this helps.Â

Thanks,

--Xiaozhu

On Fri, Nov 10, 2017 at 7:56 AM, Buddhika Chamith Kahawitage Don <budkahaw@xxxxxxxxxxxx> wrote:
Hi All,

I am thinking of implementing a control flow integrity prototype for which I require doing some static analysis to approximate control flow targets of indirect control flow instructions.Â

How does parseAPI handle indirect control flows when deriving the CFG? What facilities does the API provide me order to obtain such information? (e.g: which control flows are indirect and what are the possible targets given an indirect control flow instruction)

Regards
Buddhika

_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api


[← Prev in Thread] Current Thread [Next in Thread→]
Previous by Date:  Re: [DynInst_API:] Control Flow Graph example with parseAPI, Buddhika Chamith Kahawitage Don
Next by Date:  Re: [DynInst_API:] Control Flow Graph example with parseAPI, Thomas Dullien
Previous by Thread:  Re: [DynInst_API:] Indirect Control Flow Target Deduction in CFG, Xiaozhu Meng
Next by Thread:  Re: [DynInst_API:] Indirect Control Flow Target Deduction in CFG, Xiaozhu Meng
Indexes:  [Date] [Thread]