lifting-bits/codereason lifting-bits/codereason

  • This repository has been archived on 14/Nov/2017
  • Stars
    star
    123
  • Rank 290,145 (Top 6 %)
  • Language
    C++
  • License
    MIT License
  • Created almost 10 years ago
  • Updated about 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
lifting-bits/codereason
github

lifting-bits

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Semantic Binary Code Analysis Framework

CodeReason

Build Status Coverity Scan Build Status Slack Chat

CodeReason is a semantic binary code analysis framework and toolset. The tool RopTool discovers ROP gadgets in ARM, X86 and X86-64 binaries by providing pre- and post-conditions for the CPU and memory context using Lua scripts. Examples of other tools that can be created with CodeReason are available in the tools/ directory.

Building

CodeReason builds on Linux and OS X. Windows are builds currently broken. Help us fix them!

Requirements

Ubuntu

sudo ./install_deps.sh
./make.sh

OS X

brew update && brew install cmake boost protobuf git
./install_vex.sh
./make.sh

Several helper scripts are available: install_deps.sh installs Ubuntu dependencies, make.sh creates a full build, recompile.sh recompiles CodeReason, and package.sh creates a debian package. See our Travis-CI configuration for more details about building.

Usage

Lua scripting

The Lua script bindings are defined in libs/VEE/VEElua.cpp. These bindings provide a way of describing CPU register values and memory contents to the VEX Execution Engine (VEE) which analyzes binary code.

The most common functions are:

  • putreg - Writes value to a register vee.putreg(v, R1, 32, 80808080)
  • putmem - Writes a value at an address vee.putmem(v, 0x40000000, 32, 0x20202020)
  • getreg - Read value from a register vee.getreg(v, R15, 32)
  • getmem - Read a value from memory vee.getmem(v, 0x40000000, 32)

For additional examples, check the scripts/ directory.

RopTool

RopTool takes in a binary and a Lua script as input and will output results to stdout.

Example usage:

./build/bin/RopTool -a x64 -c ./scripts/x64/call_reg.lua -f ./tests/ELF/ls_x64

BlockExtract

BlockExtract reads in a binary and outputs a database file containing block information. This can be useful when analyzing large binaries that take a long time to extract code blocks. Currently only 64-bit block extraction is supported.

Example usage:

./build/bin/BlockExtract -f ./tests/ELF/ls_x64 -a x64  --blocks-out ./blockdbfile

BlockReader

BlockReader consumes the block database created by BlockExtract. It may be useful when debugging information stored inside of blocks. VEX output is printed to stdout.

Example usage:

./build/bin/BlockReader -d ./blockdbfile

ImgTool

ImgTool is a test program that prints information about executable code sections found in a binary.

Example usage:

./build/bin/ImgTool -a x64 -f ./tests/MachO/ls_FAT_x86_x64

Example output:

In file ./tests/MachO/ls_FAT_x86_x64
found 6 +X sections
------------------
Section of arch AMD64
beginning at 0x1778 of size 0x3635
------------------
Section of arch AMD64
beginning at 0x4dae of size 0x1bc
------------------
Section of arch AMD64
beginning at 0x4f6c of size 0x2f4
------------------
Section of arch AMD64
beginning at 0x5260 of size 0x568
------------------
Section of arch AMD64
beginning at 0x57c8 of size 0x a0
------------------
Section of arch AMD64
beginning at 0x5868 of size 0x798
------------------

References

Semantic Analysis of Native Programs, introducing CodeReason

Authors

Originally developed by Andrew Ruef under contract for DARPA Cyber Fast Track.

Contributions made by:

More Repositories

1

mcsema

Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
C++
2,648
star
2

remill

Library for lifting machine code to LLVM bitcode
C++
1,286
star
3

rellic

Rellic produces goto-free C output from LLVM bitcode
C++
534
star
4

anvill

anvill forges beautiful LLVM bitcode out of raw machine code
LLVM
340
star
5

grr

High-throughput fuzzer and emulator of DECREE binaries
C++
242
star
6

microx

Safely execute an arbitrary x86 instruction
C++
177
star
7

sleigh

Unofficial CMake build for Ghidra's C++ SLEIGH code
CMake
133
star
8

fennec

Rewriting functions in compiled binaries using McSema
LLVM
87
star
9

libvex

LibVEX with patches to support static analysis
C
35
star
10

dds

Dr. Disassembler
Python
35
star
11

cxx-common

Common dependency management for various Trail of Bits C++ codebases
CMake
31
star
12

vmill

C++
29
star
13

patchestry

Patchestry is a binary patching framework built with MLIR and Ghidra.
Java
15
star
14

gap

A utility library to bridge llvm and mlir gaps.
C++
9
star
15

pillar

Lift VAST's high-level MLIR dialect to Clang ASTs
C++
5
star
16

mcsema_blog_post

Lifting and Diversifying Binaries (blog post accompanying materials)
Shell
4
star
17

download-cxx-common

Download cxx-common github action
TypeScript
2
star
18

mcsema-legacy

Archive of the initial monolithic version of mcsema
C++
2
star
19

abigen

Generate McSema ABI libraries from Header Files
C++
2
star
20

lifting-tools-ci

Utilities to help with Continuous Integration & Testing for Binary Translation Tools
Python
2
star