A Framework for Binary Code Analysis and Static and Dynamic Patching

                      Barton P. Miller
                Computer Sciences Department
                   University of Wisconsin
                     Madison,  WI 53706
                      bart@cs.wisc.edu


Tools that analyze and modify binary code are crucial to many areas
of computer science, including cyber forensics, program tracing,
debugging, testing, performance profiling, performance modeling, and
software engineering.  While there are many tools used to support these
activities, these tools have significant limitations in functionality,
efficiency, accuracy, portability, and availability.

To overcome these limitations, we are in the early stages of the design
and implementation of a new framework for binary code analysis and
modification. The goal of this framework is to provide a component
architecture to support tools that analyze binary code and modify it
both statically (binary rewriting) and dynamically (dynamic
instrumentation), and allow for interoperability of the static and
dynamic code modification.

Characteristics of this framework include:

  * multi-architecture, multi-format, and multi-operating system;
  * library-based, so that components can be used separately as
    needed;
  * open source, to allow both local control and auditing;
  * extensible data structures, so that new analyses and interfaces
    can be added easily;
  * exportable data structures, so that all analysis products will
    be stored in a format that can be readily used by other tools;
  * batch enabled, so that tools can operate effectively without
    interactive control;
  * testable, with each separate component provided with a
    detailed test suite;
  * accurate and efficient, using best-known current algorithms
    and the addition of new algorithms for code parsing;
  * up to date, handling modern binary code idioms like
    exceptions, and functions with non-contiguous and shared
    code.

The initial library components will be symbol table parsers, binary
code scanners (instruction decoders), binary code parsers (control
flow analysis), dynamic code generators, stack walkers, process
execution controllers, and a visual binary code editor.

The goal of this talk is to lay out the motivation, plans, and current
progress for this project. We also hope to solicit feedback on both the
design and functionality