Static binary rewriting has many important applications in software security and systems, such as hardening, repair, patching, instrumentation, and debugging. While many different static binary rewriting tools have been proposed, most rely on recovering control flow information from the input binary. The recovery step is necessary since the rewriting process may move instructions, meaning that the set of jump targets in the rewritten binary needs to be adjusted accordingly. Since the static recovery of control flow information is a hard problem in general, most tools rely on a set of simplifying heuristics or assumptions, such as specific compilers, specific source languages, or binary file meta information. However, the reliance on assumptions or heuristics tends to scale poorly in practice, and most state-of-the-art static binary rewriting tools cannot handle very large/complex programs such as web browsers.
In this paper we present E9Patch, a tool that can statically rewrite x86_64 binaries without any knowledge of control flow information. To do so, E9Patch develops a suite of binary rewriting methodologies—such as instruction punning, padding, and eviction—that can insert jumps to trampolines without the need to move other instructions. Since this preserves the set of jump targets, the need for control flow recovery and related heuristics is eliminated. As such, E9Patch is robust by design, and can scale to very large (>100MB) stripped binaries including the Google Chrome and FireFox web browsers. We also evaluate the effectiveness of E9Patch against realistic applications such as binary instrumentation, hardening and repair.
Wed 17 JunDisplayed time zone: Pacific Time (US & Canada) change
16:00 - 17:00 | SecurityPLDI Research Papers at PLDI Research Papers live stream Chair(s): Tony Hosking Australian National University / Data61 | ||
16:00 20mTalk | Towards a Verified Range Analysis for JavaScript JITs PLDI Research Papers Fraser Brown Stanford University, USA, John Renner University of California at San Diego, USA, Andres Nötzli Stanford University, USA, Sorin Lerner University of California at San Diego, USA, Hovav Shacham University of Texas at Austin, USA, Deian Stefan University of California at San Diego, USA | ||
16:20 20mTalk | Binary Rewriting without Control Flow Recovery PLDI Research Papers Gregory J. Duck National University of Singapore, Singapore, Xiang Gao National University of Singapore, Singapore, Abhik Roychoudhury National University of Singapore, Singapore | ||
16:40 20mTalk | BlankIt Library Debloating: Getting What You Want Instead of Cutting What You Don’t PLDI Research Papers Chris Porter Georgia Institute of Technology, USA, Girish Mururu Georgia Institute of Technology, USA, Prithayan Barua Georgia Institute of Technology, USA, Santosh Pande Georgia Institute of Technology, USA |