Skip to content

GitLab

Open
Created by Ondrej Vysocky@vys0053Maintainer1 of 2 tasks completed1/2 tasks

Binary instrumentation

TODOs

  • A main region must be inserted otherwise it may happen that we will not have data for the whole (missing static tuning)
  • MPI Fortran

Tools overview

http://deniable.org/reversing/binary-instrumentation http://2011.zeronights.org/files/dmitriyd1g1evdokimov-dbiintro-111202045015-phpapp01.pdf

DBI Pin tool

  • easy to instrument all the functions and then filter them in JIT mode
  • probed mode can catch function start but for stop Pin requires function's prototype
  • Linux Pin tools cannot use the pthreads
  • TODO test - application must be compiled with -g flag

DBI Valgrind

  • massive overhead

DBI DynamoRIO

  • massive overhead and memory consumption for all functions profiling
  • Linux DynamoRIO tools cannot use the pthreads
  • If an executable is built with the -rdynamic flag to gcc, its global symbols will be present in .dynsym and dr_get_proc_address() will locate them. Otherwise, the drsyms Extension (see Symbol Access Library) must be used to locate the symbols. drsyms searches the debug symbol table (.symtab) in addition to .dynsym.

DBI Frida

  • almost no documentation for C API
  • hard to compile from source files

DBI+SBI DinInst

  • used by Score-P

Instalation

  • requires zlib and Boost, from Dyninst-10.0.0 also m4
  • the Dyninst compilation can download the Boost and compile the necessary parts, but it does not work very well
# boost minimum required installation 
./bootstrap.sh --with-libraries=date_time,system,thread
./b2

#Zlib
export ZLIB_ROOT=/PATH/TO/ZLIB
export LD_LIBRARY_PATH=$ZLIB_ROOT/build:$LD_LIBRARY_PATH
export LIBRARY_PATH=$ZLIB_ROOT/build:$LIBRARY_PATH
	#zlib.h : zconf.h
export CPATH=$ZLIB_ROOT:$ZLIB_ROOT/build:$CPATH

#Boost
export BOOST_ROOT=/PATH/TO/BOOST
export LD_LIBRARY_PATH=$BOOST_ROOT/stage/lib/:$LD_LIBRARY_PATH
export CPATH=$BOOST_ROOT:$CPATH
  • install Dyninst
mkdir build
cd build
cmake ..
# in case of missing paths to Boost
vim ../cmake/packages.cmake
# set(PATH_BOOST /PATH/TO/BOOST/)
# set(Boost_INCLUDE_DIR /PATH/TO/BOOST/)
# set(Boost_LIBRARY_DIR /PATH/TO/BOOST/stage/lib)

make
make install

export DINST_HOME=/PATH/TO/DYNINST/DIRECTORY
export DYNINSTAPI_RT_LIB=$DINST_HOME/build/dyninstAPI_RT/libdyninstAPI_RT.so
export LD_LIBRARY_PATH+=:$DINST_HOME/build/dyninstAPI_RT/

Intro

The DyninstAPI library provides an interface for instrumenting and working with binaries and processes. 
The user writes a mutator, which uses the DyninstAPI library to operate on the application. 
The process that contains the mutator and DyninstAPI library is known as the mutator process. 
The mutator process operates on other processes or on-disk binaries, which are known as mutatees. 

The two primary abstractions in the API are points and snippets. 
A point is a location in a program where instrumentation can be inserted. 
A snippet is a representation of some executable code to be inserted into a program at a point.
Edited by Ondrej Vysocky