Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software

doi:10.3969/j.issn.1671-1122.2021.04.010

Abstract

Abstract:

Binary instrumentation is a key technology in the fields of software performance analysis, vulnerability mining, and quality evaluation. When working on the embedded environment, traditional dynamic instrumentation algorithms are facing limitations like lacking operating system, complex CPU architecture, and tight memory resources. Those limitations make binary instrumentation on embedding software extremely difficult. Therefore, this paper studies the lightweight binary dynamic instrumentation technology, and realizes the acquisition of software runtime information through static feature analysis and dynamic tracking algorithms. Graph-based algorithms and embedded-oriented remote debugging protocol are introduced as well. Compared with the traditional solution, the solution in this article solves the dependence on source code, operating system or CPU architecture, while significantly reducing the occupancy rate of memory and computing resources. Therefore dynamic binary instrumentation work can be effectively solved.

Key words: software instrumentation, binary instrumentation, software debugging, binary analysis

CLC Number:

TP309

LIANG Xiaobing, KONG Lingda, LIU Yan, YE Xin. Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software[J]. Netinfo Security, 2021, 21(4): 89-95.

Figures/Tables 6

References 20

[1]	YAN Lijing, SHAN Zheng, JIA Xun, et al. Software Dynamic Trusted Measurement Based on Behavior Trace[J]. Application Research of Computers, 2017,34(2):539-542.
	闫丽景, 单征, 贾珣, 等. 基于行为轨迹的软件动态可信度量[J]. 计算机应用研究, 2017,34(2):539-542.
[2]	LIN Liangcheng, GUO Tao, FENG Baozhan. Fuzz Test Vulnerability Mining Method Based on Execution Path[J]. China New Telecommunications, 2020,22(1):43-44.
	林亮成, 国涛, 封保占. 基于执行路径的模糊测试漏洞挖掘方法[J]. 中国新通信, 2020,22(1):43-44.
[3]	MOMENI B, KHARRAZI M. LDMBL: An Architecture for Reducing Code Duplication in Heavyweight Binary Instrumentations[J]. Software: Practice and Experience, 2018,48(9):1642-1659. doi: 10.1002/spe.v48.9 URL
[4]	LU Shuaibing, ZHANG Ming, LIN Zhechao, et al. Dynamic Binary Translation and Instrumentation Based Function Call Tracing[J]. Journal of Computer Research and Development, 2019,56(2):197-206.
	卢帅兵, 张明, 林哲超, 等. 基于动态二进制翻译和插桩的函数调用跟踪[J]. 计算机研究与发展, 2019,56(2):197-206.
[5]	KHAMPARIA A, BANU S J. Program Analysis with Dynamic Instrumentation Pin and Performance Tools[C]// IEEE. International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), March 25-26, 2013, Tirunelveli, India. New York: IEEE, 2013: 436-440.
[6]	EBCIOGLU K, ALTMAN E, GSCHWIND M, et al. Dynamic Binary Translation and Optimization[J]. IEEE Transactions on Computers, 2001,50(6):529-548. doi: 10.1109/12.931892 URL
[7]	BUCK B. An API for Runtime Code Patching[J]. International Journal of High Performance Computing Applications, 2000,14(4):317-329. doi: 10.1177/109434200001400404 URL
[8]	HORVATH F, GERGELY T, BESZEDES A, et al. Code Coverage Differences of Java Bytecode and Source Code Instrumentation Tools[J]. Software Quality Journal, 2019,27(1):79-123. doi: 10.1007/s11219-017-9389-z URL
[9]	GUO Wensheng, WANG Yong, YANG Xia, et al. Codecomb: Automated Test Case Generation and Defect Detecting for Embedded Software Based on Symbolic Execution[J]. Journal of Chinese Computer Systems, 2017,38(6):1250-1255.
	郭文生, 汪勇, 杨霞, 等. Codecomb:基于符号执行的嵌入式软件测试案例自动生成与缺陷检测[J]. 小型微型计算机系统, 2017,38(6):1250-1255.
[10]	ZOU Wei, GAO Feng, YAN Yunqiang. Dynamic Binary Instrumentation Based on QEMU[J]. Journal of Computer Research and Development, 2019,56(4):730-741.
	邹伟, 高峰, 颜运强. 基于QEMU的动态二进制插桩技术[J]. 计算机研究与发展, 2019,56(4):730-741.
[11]	YANG Guangxiang. Code Embedding Technology of ELF Executable Program[J]. Programmer, 2008,10(3):104-106.
	杨广翔. ELF格式可执行程序的代码嵌入技术[J]. 程序员, 2008,10(3):104-106.
[12]	HU S J, KO J, WEYAND L, et al. Assembly System Design and Operations for Product Variety[J]. CIRP Annals, 2011,60(2):715-733. doi: 10.1016/j.cirp.2011.05.004 URL
[13]	REN Yushuai. Design of Remote Debug Tool Based on Arm and T-kernel[J]. Microcontrollers & Embedded Systems, 2018,18(5):44-48.
	任玉帅. Arm和T-kernel系统的远程调试工具设计[J]. 单片机与嵌入式系统应用, 2018,18(5):44-48.
[14]	BAGHERZADEH M, KAHANI N, BEZEMER C P, et al. Analyzing A Decade of Linux System Calls[J]. Empirical Software Engineering, 2018,23(3):1519-1551. doi: 10.1007/s10664-017-9551-z URL
[15]	KENISTON J, MAVINAKAYANAHALLI A, PANCHAMUKHI P, et al. Ptrace, Utrace, Uprobes: Lightweight, Dynamic Tracing of User Apps[EB/OL]. https://www.researchgate.net/publication/228943171_Ptrace_utrace_uprobes_Lightweight_dynamic_tracing_of_user_apps, 2020-11-18.
[16]	MIKHAILOV A A. Control Flow Graph Analysis in Decompilation of Object Files[J]. Computer Science Technologies Series, 2016,12(2):74-79.
[17]	LU Wei, FANG Yanwei, CHEN Yaquan. The Solutions and Key Technologies for URLLC Ultra-Low Latency[J]. Mobile Communications, 2020,44(2):8-14.
	陆威, 方琰崴, 陈亚权. URLLC超低时延解决方案和关键技术[J]. 移动通信, 2020,44(2):8-14.
[18]	ZHANG Lei, CHEN Xingshu, REN Yi, et al. Kernel-level Rootkit Detection Technology Based on VMM[J]. Netinfo Security, 2015,15(4):56-61.
[19]	MCVOY L, STAELIN C. Lmbench: Portable Tools for Performance Analysis[EB/OL]. https://dl.acm.org/doi/10.5555/1268299.1268322, 2020-12-01.
[20]	LUO Lannan, MING Jiang, WU Dinghao, et al. Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection[C]// FSE. ACM SIGSOFT International Symposium on Foundations of Software Engineering, November 16-21, 2014, Hong Kong, China. CHN: FSE, 2014: 389-400.

原语	含义
CONNECT	建立连接并开始监听
WAIT	等待断点触发
CONTINUE	从断点处继续执行
GET_REGS	读取寄存器
GET_MEMORY	读取内存
SET_MEMORY	写入内存
DISCONNECT	结束监听并断开连接

Hardware & Software	Version
Architecture	x86
Operating System	Linux
Linux core	4.4.238
C++ Compiler	g++
g++	9.3.0
binstub	1.0
Pin	3.16
Dyninst	9.3.2

程序类型描述	桩点数量	每桩点触发次数
Sync I/O intensive	1	100
Sync I/O intensive	100	1
Async I/O intensive	1	100
Async I/O intensive	100	1
CPU intensive	1	100
CPU intensive	100	1

插桩模式	调试协议
不插桩	无
启动时插桩	Ptrace
运行时插桩	Ptrace
运行时插桩	硬件断点