Re: [DynInst_API:] Add a new function

[Buddhika Chamith Kahawitage Don <budkahaw@xxxxxx>]

I am implementing a shadow stack with binary intstrumentation for use in a control flow integrity prototype. So I cannot introduce new stack frames as a part of the implementation since it would change the semantics and makes it hard to correct apply the protections.Â

On Thu, Jan 17, 2019, 7:32 PM Xiaozhu Meng <mxz297@xxxxxxxxx wrote:

On Wed, Jan 16, 2019 at 8:05 PM Buddhika Chamith Kahawitage Don <budkahaw@xxxxxx> wrote:

While a shared library approach looks good I realized I cannot afford to do a function call to get to the jump table instrumentation in my use case since it generates a new call stack frame . Is there a way to do a control transfer to the jump table without doing a function call? (i.e indirect jump etc.)

I am not aware of such indirect control transfer at DyninstAPI level.Â

Why did you say that you cannot afford a new call stack frame? Is a new call stack frame too expensive for you to set up?Â

I was thinking may be injecting the jump table as a global BPatch_variableExpr and somehow make the control flow transfer using an indirect jump to that may be something which might be feasible. Any thoughts? Incidentally I found [1] which seems to be quite exactly what I want though there is no satisfactory conclusion there.

Cheers

Buddhika

[1] https://stackoverflow.com/questions/9449845/how-to-link-object-file-to-executable-compiled-binary

On Wed, Jan 9, 2019 at 11:23 PM Buddhika Chamith Kahawitage Don <budkahaw@xxxxxx> wrote:

Thanks Xiaozhu. I will check it out.

On Wed, Jan 9, 2019 at 8:41 PM Xiaozhu Meng <mxz297@xxxxxxxxx> wrote:

It looks like you can create your own instrumentation library and use Dyninst to insert calls to the library into the mutatee. Dyninst will properly create linking dependency for the mutatee against the instrumentation library.

You can refer to our code coverage code example to see how to program in this way:Âhttps://github.com/dyninst/dyninst/tree/master/examples/codeCoverage.dir

On Tue, Jan 8, 2019 at 6:03 AM Buddhika Chamith Kahawitage Don <budkahaw@xxxxxx> wrote:

Actually I have two use cases.

1. Create a jump table and insert it to the binary and make the each function epilog instrumentation jump to it.

You can definitely instrument the exits of each function to call a common function. This common function can contain the jump table and resides in your instrumentation library. However, Dyninst does not provide the functionality of creating jump tables. So you will need to do your code generation to create a jump table.Â

Â

2. Introduce a new function which does some initialization and inject a call to it after the function main prolog.

You can write the new function in c/c++ and then compile it into your instrumentation library, and then use Dyninst to inject calls to it.

Â

Does it look doable?

Thanks

Buddhika

On Mon, Jan 7, 2019 at 8:53 PM Xiaozhu Meng <mxz297@xxxxxxxxx> wrote:

Hi,

Yes, you can add new functions. But depending on what exactly you want to do with the added function, there are different ways to do it.

For example, do you want to call this new function in your instrumentation? Do you want to add a new interface into a shared library?ÂÂ

Let me know the details so that we can find the best way to do it.

Thanks,

--Xiaozhu

On Sun, Jan 6, 2019 at 12:50 AM Buddhika Chamith Kahawitage Don <budkahaw@xxxxxx> wrote:

Hi All,

Is it possible to add new function to the binary using Dyninst APIs?

Cheers

Buddhika

_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api

_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api

_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api