StarDBT: An Efficient Multi-platform Dynamic Binary Translation System

Wang, Cheng; Hu, Shiliang; Kim, Ho-seop; Nair, Sreekumar R.; Breternitz, Maurício; Ying, Zhiwei; Wu, Youfeng

doi:10.1007/978-3-540-74309-5_3

Cited by 36 publications

(35 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…StarDBT [25] and memTrace [22] are two DBTs which translate from x86 to x86-64 for the purpose of performing dynamic program instrumentation. These take advantage of the larger address space to lower the overhead of instrumentation code.…”

Section: Related Workmentioning

confidence: 99%

Low overhead dynamic binary translation on ARM

d'Antras

Gorgovan

Garside

et al. 2017

Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

The ARMv8 architecture introduced AArch64, a 64-bit execution mode with a new instruction set, while retaining binary compatibility with previous versions of the ARM architecture through AArch32, a 32-bit execution mode. Most hardware implementations of ARMv8 processors support both AArch32 and AArch64, which comes at a cost in hardware complexity.We present MAMBO-X64, a dynamic binary translator for Linux which executes 32-bit ARM binaries using only the AArch64 instruction set. We have evaluated the performance of MAMBO-X64 on three existing ARMv8 processors which support both AArch32 and AArch64 instruction sets. The performance was measured by comparing the running time of 32-bit benchmarks running under MAMBO-X64 with the same benchmark running natively. On SPEC CPU2006, we achieve a geometric mean overhead of less than 7.5 % on in-order Cortex-A53 processors and a performance improvement of 1 % on out-of-order X-Gene 1 processors.MAMBO-X64 achieves such low overhead by novel optimizations to map AArch32 floating-point registers to AArch64 registers dynamically, handle overflowing address calculations efficiently, generate traces that harness hardware return address prediction, and handle operating system signals accurately.

show abstract

Section: Related Workmentioning

confidence: 99%

Low overhead dynamic binary translation on ARM

d'Antras

Gorgovan

Garside

et al. 2017

Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

show abstract

“…The implementation of a DTA tool can be realized with two different view points: (1) whole-system approach [16,18] based on virtual machine monitors [5] or system emulators [6,7], and (2) process-oriented approach [13,14] based on dynamic binary instrumentation (DBI) frameworks [2,3,4]. Our implementation is based on PIN, a DBI framework developed by Intel [2], targeting processbased analysis.…”

Section: Design and Implementationmentioning

confidence: 99%

“…If a process is launched with SeeC to participate in an information tracking session, SeeC registers its process id 4 to the local flow manager, establishing an IPC channel with it. When a TCP communication channel is established with a corresponding process, SeeC queries the peer manager as to the membership status of the peer, so as to decide whether to further perform concatenated DTA processing for the given channel.…”

Section: Membership and Session Managementmentioning

confidence: 99%

See 1 more Smart Citation

Capturing Information Flow with Concatenated Dynamic Taint Analysis

Kim

Keromytis

Covington

et al. 2009

2009 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Among them, virtual machine monitors (VMM) (e.g., VMware [3], Xen [4], and KVM [5]) and whole system emulators (e.g., Bochs [6] and QEMU [7]) provide system-wide view inspection. Meanwhile, some dynamic binary instrumentation (DBI) frameworks (e.g., PIN [8], Valgrind [9], DynamoRIO [10], StarDBT [11], and DynInst [12]) support ways to instrument with process-wide view.…”

Section: Introductionmentioning

confidence: 99%

An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation

Kim

Orii

Yoshioka

et al. 2011

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYMany malicious programs we encounter these days are armed with their own custom encoding methods (i.e., they are packed) to deter static binary analysis. Thus, the initial step to deal with unknown (possibly malicious) binary samples obtained from malware collecting systems ordinarily involves the unpacking step. In this paper, we focus on empirical experimental evaluations on a generic unpacking method built on a dynamic binary instrumentation (DBI) framework to figure out the applicability of the DBI-based approach. First, we present yet another method of generic binary unpacking extending a conventional unpacking heuristic. Our architecture includes managing shadow states to measure code exposure according to a simple byte state model. Among available platforms, we built an unpacking implementation on PIN DBI framework. Second, we describe evaluation experiments, conducted on wild malware collections, to discuss workability as well as limitations of our tool. Without the prior knowledge of 6029 samples in the collections, we have identified at around 64% of those were analyzable with our DBI-based generic unpacking tool which is configured to operate in fully automatic batch processing. Purging corrupted and unworkable samples in native systems, it was 72%.

show abstract

StarDBT: An Efficient Multi-platform Dynamic Binary Translation System

Cited by 36 publications

References 8 publications

Low overhead dynamic binary translation on ARM

Low overhead dynamic binary translation on ARM

Capturing Information Flow with Concatenated Dynamic Taint Analysis

An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation

Contact Info

Product

Resources

About