Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds support for mode events #24

Merged
merged 2 commits into from
Mar 22, 2022
Merged

adds support for mode events #24

merged 2 commits into from
Mar 22, 2022

Conversation

thestr4ng3r
Copy link
Contributor

@thestr4ng3r thestr4ng3r commented Feb 17, 2022
edited
Loading

Depends on BinaryAnalysisPlatform/bap-frames#17
which depends on BinaryAnalysisPlatform/bap#1433
and for tracing: BinaryAnalysisPlatform/qemu#17

Mode events from bap-frames traces, indicating for example whether an
instruction is executed in thumb mode or not, are now taken into account
for disassembly and lifting. This enables chcecking traces from qemu
running arm code with interworking.

As a consequence of possibly requiring different disassemblers per
frame and respecting the mode, the code has been refactored to locally
use the KB to derive target and encoding for Dis.lookup instead of
running everything in Dis.with_disasm.

Here is an example trace:
emulateme.arm32.frames.gz
Results:

|-------------------------------|
|             | rel    | abs    |
|-------------+--------+--------|
| overloaded  | 0.00%  | 0      |
| undisasmed  | 0.00%  | 0      |
| misexecuted | 3.76%  | 4685   |
| mislifted   | 0.00%  | 0      |
| damaged     | 0.00%  | 0      |
| successed   | 96.24% | 120053 |
|-------------------------------|

notice how nothing was undisasmed

@thestr4ng3r
Copy link
Contributor Author

thestr4ng3r commented Feb 17, 2022
edited
Loading

There are still a few things here that are just dirty hacks.
Before, the disas was created using Dis.with_disasm ~backend:"llvm" (Arch.to_string arch), but I wasn't able to figure out (yet) how to shoehorn the encoding in there correctly. From what I can tell, this will internally almost directly pass the given triple to llvm.
So instead, I now use Dis.lookup and try to somehow derive the core theory target and language from my given arch and encoding string, but this is still hardcoded/partially broken and I don't really know how to do it right yet.

@thestr4ng3r
adds support for mode events
4ed82e6 
Mode events from bap-frames traces, indicating for example whether an
instruction is executed in thumb mode or not, are now taken into account
for disassembly and lifting. This enables chcecking traces from qemu
running arm code with interworking.

As a consequence of possibly requiring different disassemblers per
frame and respecting the mode, the code has been refactored to locally
use the KB to derive target and encoding for `Dis.lookup` instead of
running everything in `Dis.with_disasm`.
@thestr4ng3r thestr4ng3r changed the title adds support for encoding events adds support for mode events Mar 19, 2022
@thestr4ng3r thestr4ng3r marked this pull request as ready for review March 19, 2022 17:45
@thestr4ng3r
fixes desugaring of var aliases
023dac9 
We need to promise a unit for newly created labels during lifting,
otherwise the `Desugar` pass will not be able to infer the target,
making it fail. This would be reflected in aarch64 BIL having the
X0/SP/... aliases instead of the R0/R31/... we need.
@ivg ivg merged commit 3fef370 into BinaryAnalysisPlatform:master Mar 22, 2022
@thestr4ng3r thestr4ng3r deleted the encoding branch March 22, 2022 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivg ivg ivg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thestr4ng3r @ivg