On 02/25/2015 05:56 PM, Bill Williams wrote: > On 02/25/2015 05:31 AM, Aleksandar Nikolic wrote: >> Hi list, >> >> So I am slowly working through issues regarding binary rewriting on >> windows. I made few patches so far and things are going in the right >> direction, I'd say. >> >> >> To document the patches more easily, I'm commiting them to github >> with intention of submitting a complete patch directly to you >> once it's finished. >> >> First issue was that the mutator was crashing when loading the libraries >> where getMemSize was used for allocating a piece of memory >> but was later erroneously used as an argument to memcpy instead of >> actuall size and lead to a crash due to memcpy trying to read past the >> end of the source buffer. >> https://github.com/ea/dyninst/commit/bd91b200e13ba1a212b24fdf34ad1a6e544359f2 >> >> >> With that change, the mutator finishes the job and produces a broken >> binary. Firstly , every instruction including an immediate operand >> was broken as the base was missing from the calculation. >> This was tracked down to a nedless substraction and was patched like so: >> https://github.com/ea/dyninst/commit/4badeb118d9a1fc7a285f25251521d5c46db2221 >> >> >> Next issue was that the imports in the produced binary were either >> missing or destroyed. Turns out that RVAs were miscalculated >> as the calculation were based on initial memory VAs before the >> actual .dyninst section was fixed. Rearanging the code a bit >> solves the issue. >> https://github.com/ea/dyninst/commit/50870a586be7c3ec016d7670dbe70f9ec1aa43f4 >> >> https://github.com/ea/dyninst/commit/9495e6d056a7d34f626f3f22a8a66ea55a7eb517 >> >> This patch is a bit hacky and the proper one would need some refactoring >> but it will do for now for my tests. >> >> Now the produced binary looks good (new section is properly added, >> imports are fixed) sans one thing. >> Near jumps in the inserted trampolines have a wrong target. >> >> For example (trampoline inserted at the beginning of main in my test >> example): >> 0x00401010 E9 07 F0 0F 00 jmp near ptr 50001ch >> >> Should really be: >> 0x00401010 E9 07 10 02 00 jmp near ptr 42201ch >> >> Which seems to be a constant error of 0xde000. >> We are currently debugging this issue and I am mentioning >> it in case somebody knows where the issue might be. >> > I'll take a look at the patches over the next couple of days, but this > all sounds very promising. > > I don't have a definite answer for the trampoline issue, but I'd look at > whether there's a similar issue to the one with the imports where we > generated branches before .dyninst was fixed and didn't recalculate > them. The springboard code is very good at doing what it's told, so I'd > strongly suspect that we moved the section of relocated code after we > generated springboards. >
It would seem that that is the case. If if fix the base address "manually", it sort of works. As my patch for imports is hacky, is there a part of the API that does the recalculations or should I do them myself? >> Cheers, >> Alex >> >> On 02/11/2015 06:20 PM, Matthew LeGendre wrote: >>> >>> At one point, perhaps 6-7 years ago, a student had windows binary >>> rewriting working to the point where you could do basic binary rewriting >>> on notepad.exe. They left before finishing the project, and it was >>> never feature complete nor functional on complicated binaries. You're >>> likely seeing the remains of that effort. I don't know how much of that >>> code is still valid or useful. >>> >>> -Matt >>> >>> >>> On Wed, 11 Feb 2015, Aleksandar Nikolic wrote: >>>> Hi, >>>> >>>> looking at the codebase, a lot of code seems to already be there. >>>> I'll be getting to know the code in more details. Any directions >>>> into what would need to be implemented or what parts are missing? >>>> >>>> Thanks, >>>> Alex >>>> >>>> On 02/08/2015 10:59 PM, Barton Miller wrote: >>>>> BTW, if there are any individuals or groups that would like to work on >>>>> getting rewriting to work on Windows, we'd be happy to provide >>>>> support. >>>>> Not a small effort but interesting and worthwhile. >>>>> >>>>> --bart >>>>> >>>>> >>>>> On 2/6/2015 4:36 PM, Bill Williams wrote: >>>>>> No, and not exactly. Windows binary rewriting is not supported, >>>>>> and is >>>>>> documented as such. If it were to be supported, what you are doing >>>>>> would work quite reasonably. >>>>> _______________________________________________ >>>>> Dyninst-api mailing list >>>>> [email protected] >>>>> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api >>>> _______________________________________________ >>>> Dyninst-api mailing list >>>> [email protected] >>>> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api >>>> >> _______________________________________________ >> Dyninst-api mailing list >> [email protected] >> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api >> > > _______________________________________________ Dyninst-api mailing list [email protected] https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
