[DynInst_API:] Reg. Dyninst Usage

[Deeban Babu <dbin25@xxxxxxxxx>]

Dear All,

I am Deeban, grad student from germany. I am interested to learn about disassembling binary and learn more on binary analysis. I am currently trying to see how Dyninst identifies and list jump-tables in a particular binary. I had earlier done it with angr. In that initially we need to build the CFG and cfg.jumptables() command gives a dict indexed by the first basic block address of the jump table (where the indirect jump is). Is there similar way to do in dyninst? I have few queries related:

Jumptable analysis:

1, From your github docs I understand we must use patchAPI for this case (static instrumentation). I have installed dyninst using spack and then I am trying to run the example in patchAPI src but I am not sure how to compile and run them. Is there any basic tutorial link/issue on how to run the examples in different API after installing dyninst using spack?

2, It would be great to know if there is a built in command for building cfg and getting the jumptables for a particular binary.

Noreturn analysis:

I am also interested in identifying no-return functions using dyninst. (i.e (1) does not have a return (instruction) AND (2) does not tail-call into a return function.)ÂÂÂ From this issue I assume that we need to use parseAPI in order to instrument a program to identify no return functions. If there is any built in command for this also please do let me know. Otherwise I will write some code for this.

I am not sure whether it is correct to ask this here or to ask in git platforms. Being amateur in this field I would highly appreciate any kind of inputs you guys would provide for usage of dyninst. Apologies if my questions are very naive. Getting started is the key and your reply will be really helpful for me to move forward and contribute.

Thank you very much for taking your time to read my mail. Feel free to share any comments you would like to provide on this.

Have a great day!

Thanks and Regards,

Deeban babu