* Crispin Cowan ([EMAIL PROTECTED]) [990831 19:15]:
> How do you make room for the extra code in prolog & epilog without re-linking
> the entire program?
The translator needs to generate new code that has adapted jump
addresses to the new code locations. This is not hard as long as you
detect the whole program code and there are no jump tables. In fact,
there are such tables in most programs, therefore you need a runtime
environment which translates the jump addresses on the fly. This can
be done efficiently using a perfect hash table. The problem with this
approach is, that such dynamic jumps are even more costly. Then, there
are some other problems, because some programs mix code and data in
one segment, so the program needs to access the original text segment
in addition to the newly created one. After all, it is not easy, but
possible. The people who designed Etch even made Microsoft Word
running after translation. That seems to be a good proof of concept to
me, since Word is some really big application.
> That it's a lot of work to do binary translation is what motivated us to
> implement StackGuard in the compiler :-)
Yeah, of course. Compiler is easy ;-)
> A StackGuard-like tool that worked on binaries would in fact be a major
> advantage, especially if it could work on stripped binaries (the kind you get
> from closed-source vendors). It would also be a LOT of work.
That's the problem. I'm not sure whether I continue on this project,
since it is possibly too large for one person. If I get my hands on
some binary translator, I'll try to do it, anyway.
Ciao,
Tobias
BTW: Why hasn't my last post shown up in Bugtraq, yet? Am I making
some mistake?
--
Dipl. Inform. Tobias Haustein
Department of Computer Science IV, Aachen University of Technology
Ahornstr. 55, D-52056 Aachen
Phone +49 (241) 80-21417, Fax +49 (241) 8888-220
E-Mail [EMAIL PROTECTED]
Web http://www-i4.informatik.rwth-aachen.de/~haustein/
PGP signature
