Uroboros: Instrumenting stripped binaries with static reassembling

Shuai Wang, Pei Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Scopus citations

Abstract

Software instrumentation techniques are widely used in program analysis tasks such as program profiling, vulnerability discovering, and security-oriented transforming. In this paper, we present an instrumentation tool called UROBOROS, which supports static instrumentation on stripped binaries. Due to the lack of relocation and debug information, reverse engineering of stripped binaries is challenging. Compared with the previous work, UROBOROS can provide complete, easy-to-use, transparent, and efficient static instrumentation on stripped binaries. UROBOROS supports complete instrumentation by statically recovering the relocatable program (including both code and data sections) and the control flow structures from binary code. UROBOROS provides a rich API to access and manipulate different levels of the program structure. The instrumentation facilities of UROBOROS are easy-to-use, users with no binary rewriting and patching skills can directly manipulate stripped binaries to perform smooth program transformations. Distinguished from most instrumentation tools that need to patch the instrumentation code as new sections, UROBOROS can directly inline the instrumentation code into the disassembled program, which provides transparent instrumentation on stripped binaries. For efficiency, in the rewritten output of existing tools, frequent control transfers between the attached and original sections can incur a considerable performance penalty. However, the output from UROBOROS incurs no extra cost because the original and instrumentation code are connected by “fall-through” transfers. We perform comparative evaluations between UROBOROS and the state-of-the-art binary instrumentation tools, including DynInst and Pin. To demonstrate the versatility of UROBOROS, we also implement two real-world reengineering tasks which could be challenging for other instrumentation tools to accomplish. Our experimental results show that UROBOROS outperforms the existing binary instrumentation tools with better performance, lower labor cost, and a broader scope of applications.

Original languageEnglish (US)
Title of host publication2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages236-247
Number of pages12
ISBN (Electronic)9781509018550
DOIs
StatePublished - May 20 2016
Event23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016 - Suita, Osaka, Japan
Duration: Mar 14 2016Mar 18 2016

Publication series

Name2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016
Volume1

Conference

Conference23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016
Country/TerritoryJapan
CitySuita, Osaka
Period3/14/163/18/16

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint

Dive into the research topics of 'Uroboros: Instrumenting stripped binaries with static reassembling'. Together they form a unique fingerprint.

Cite this