- Сообщения
- 1 024
- Реакции
- 1 354
The LLDB Debugger - интересный проект, для вин вроде пока нет нормального Гуи, но можно уже отлаживать в Visual Studio Debugging programs with LLDB under Visual Studio
HQEMU is a retargetable and multi-threaded dynamic binary translator on multicores. It integrates QEMU and LLVM as its building blocks. The translator in the enhanced QEMU acts as a fast translator with low translation overhead. The optimization-intensive LLVM optimizer running on separate threads dynamically improves code for higher performance. With the hybrid QEMU+LLVM approach, HQEMU can achieve low translation overhead and good translated code quality.
HQEMU supports process-level emulation and full-system virtualization. It provides translation modes of running the QEMU translator and LLVM optimizer in one process, or running the LLVM optimizer as a stand-alone optimization server (version 0.13.0).
Сорсы на 30 метров
Дока к этим сорсам на 111 страниц ..
Efficient and Retargetable Dynamic Binary Translation
[x86asm intel syntax] `mov` with a symbol from a .set directive not handled c...
Why does this simple assembly program work in AT&T syntax but not Intel syntax?
[llvm-bugs] [Bug 32530] New: inline assembly incompatibility between gcc and clang - mov with offset in intel dialect
[X86][AsmParser] re-introduce 'offset' operator
[llvm-dev] LLVM IR to C++
llvm ir back to human-readable source language?
[llvm-dev] llvm IR to C/C++ conversion
the GNU Assembler, for GAS version 2.30
SATURN -- Software Deobfuscation Framework Based on LLVM
The strength of obfuscated software has increased over the recent years. Compiler based obfuscation has become the de facto standard in the industry and recent papers also show that injection of obfuscation techniques is done at the compiler level. In this paper we discuss a generic approach for deobfuscation and recompilation of obfuscated code based on the compiler framework LLVM. We show how binary code can be lifted back into the compiler intermediate language LLVM-IR and explain how we recover the control flow graph of an obfuscated binary function with an iterative control flow graph construction algorithm based on compiler optimizations and SMT solving. Our approach does not make any assumptions about the obfuscated code, but instead uses strong compiler optimizations available in LLVM and Souper Optimizer to simplify away the obfuscation. Our experimental results show that this approach can be effective to weaken or even remove the applied obfuscation techniques like constant unfolding, certain arithmetic-based opaque expressions, dead code insertions, bogus control flow or integer encoding found in public and commercial obfuscators. The recovered LLVM-IR can be further processed by custom deobfuscation passes that are now applied at the same level as the injected obfuscation techniques or recompiled with one of the available LLVM backends. The presented work is implemented in a deobfuscation tool called SATURN.
Comments: reverse engineering, llvm, code lifting, obfuscation, deobfuscation, static software analysis, binary recompilation, binary rewriting
Subjects: Cryptography and Security (cs.CR); Symbolic Computation (cs.SC)
Journal reference: 3rd International Workshop on Software PROtection, Nov 2019, London, United Kingdom
Info
Pdf
Tests
Creating an LLVM Backend for the Cpu0 Architecture, Release 3.9.1
Book example code:
The example code lbdex.tar.gz is available in http://jonathan2251.github.io/lbd/lbdex.tar.gz
LLVM Chris Lattner - https://www.aosabook.org/en/llvm.html
Build your first LLVM Obfuscator
Writing LLVM Pass in 2018 — Part I
Writing LLVM Pass in 2018 — Part II
Writing LLVM Pass in 2018 — Part III
Writing LLVM Pass in 2018 — Part IV
LLVM — Writing Pass Instrumentations for the New PassManager
LLVM internals, part 1: the bitcode format
LLVM internals, part 2: parsing the bitstream
LLVM internals, part 3: from bitcode to IR
Tickling VMProtect with LLVM: Part 1 + https://github.com/LLVMParty/TicklingVMProtect
Tickling VMProtect with LLVM: Part 2 + https://github.com/LLVMParty/TicklingVMProtect
Tickling VMProtect with LLVM: Part 3 + https://github.com/LLVMParty/TicklingVMProtect
Тема по VMProtect - VMProtect (Туторы, скрипты, плагины, ...)
Playing with the VMProtect software protection - Automatic deobfuscation of pure functions using symbolic execution and LLVM
Unsupported Instructions Lifting To LLVM - VM Template Handlers
VMProtect Devirtualization - An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x (Automatic deobfuscation of pure functions using symbolic execution and LLVM.)
HQEMU is a retargetable and multi-threaded dynamic binary translator on multicores. It integrates QEMU and LLVM as its building blocks. The translator in the enhanced QEMU acts as a fast translator with low translation overhead. The optimization-intensive LLVM optimizer running on separate threads dynamically improves code for higher performance. With the hybrid QEMU+LLVM approach, HQEMU can achieve low translation overhead and good translated code quality.
HQEMU supports process-level emulation and full-system virtualization. It provides translation modes of running the QEMU translator and LLVM optimizer in one process, or running the LLVM optimizer as a stand-alone optimization server (version 0.13.0).
Сорсы на 30 метров
Дока к этим сорсам на 111 страниц ..
Efficient and Retargetable Dynamic Binary Translation
- Ding-Yong Hong
April 2013
Computer Science
National Tsing Hua University
[x86asm intel syntax] `mov` with a symbol from a .set directive not handled c...
Why does this simple assembly program work in AT&T syntax but not Intel syntax?
[llvm-bugs] [Bug 32530] New: inline assembly incompatibility between gcc and clang - mov with offset in intel dialect
[X86][AsmParser] re-introduce 'offset' operator
[llvm-dev] LLVM IR to C++
llvm ir back to human-readable source language?
[llvm-dev] llvm IR to C/C++ conversion
the GNU Assembler, for GAS version 2.30
SATURN -- Software Deobfuscation Framework Based on LLVM
The strength of obfuscated software has increased over the recent years. Compiler based obfuscation has become the de facto standard in the industry and recent papers also show that injection of obfuscation techniques is done at the compiler level. In this paper we discuss a generic approach for deobfuscation and recompilation of obfuscated code based on the compiler framework LLVM. We show how binary code can be lifted back into the compiler intermediate language LLVM-IR and explain how we recover the control flow graph of an obfuscated binary function with an iterative control flow graph construction algorithm based on compiler optimizations and SMT solving. Our approach does not make any assumptions about the obfuscated code, but instead uses strong compiler optimizations available in LLVM and Souper Optimizer to simplify away the obfuscation. Our experimental results show that this approach can be effective to weaken or even remove the applied obfuscation techniques like constant unfolding, certain arithmetic-based opaque expressions, dead code insertions, bogus control flow or integer encoding found in public and commercial obfuscators. The recovered LLVM-IR can be further processed by custom deobfuscation passes that are now applied at the same level as the injected obfuscation techniques or recompiled with one of the available LLVM backends. The presented work is implemented in a deobfuscation tool called SATURN.
Comments: reverse engineering, llvm, code lifting, obfuscation, deobfuscation, static software analysis, binary recompilation, binary rewriting
Subjects: Cryptography and Security (cs.CR); Symbolic Computation (cs.SC)
Journal reference: 3rd International Workshop on Software PROtection, Nov 2019, London, United Kingdom
Info
Tests
Creating an LLVM Backend for the Cpu0 Architecture, Release 3.9.1
Book example code:
The example code lbdex.tar.gz is available in http://jonathan2251.github.io/lbd/lbdex.tar.gz
LLVM Chris Lattner - https://www.aosabook.org/en/llvm.html
Build your first LLVM Obfuscator
Writing LLVM Pass in 2018 — Part I
Writing LLVM Pass in 2018 — Part II
Writing LLVM Pass in 2018 — Part III
Writing LLVM Pass in 2018 — Part IV
LLVM — Writing Pass Instrumentations for the New PassManager
LLVM internals, part 1: the bitcode format
LLVM internals, part 2: parsing the bitstream
LLVM internals, part 3: from bitcode to IR
Tickling VMProtect with LLVM: Part 1 + https://github.com/LLVMParty/TicklingVMProtect
Tickling VMProtect with LLVM: Part 2 + https://github.com/LLVMParty/TicklingVMProtect
Tickling VMProtect with LLVM: Part 3 + https://github.com/LLVMParty/TicklingVMProtect
Тема по VMProtect - VMProtect (Туторы, скрипты, плагины, ...)
Playing with the VMProtect software protection - Automatic deobfuscation of pure functions using symbolic execution and LLVM
Unsupported Instructions Lifting To LLVM - VM Template Handlers
VMProtect Devirtualization - An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x (Automatic deobfuscation of pure functions using symbolic execution and LLVM.)
Последнее редактирование:
