A Framework for Binary Code Analysis and Static and Dynamic Patching

Monday, December 19, 2005 - 3:49pm

Barton Miller
Computer Sciences Department, University of Wisconsin
Date: Wednesday, January 25, 2006
Time: 1:00pm-2:00pm
Location: Engineering I, Room 2114

Tools that analyze and modify binary code are crucial to many areas
of computer science, including cyber forensics, program tracing,
debugging, testing, performance profiling, performance modeling, and
software engineering. While there are many tools used to support these
activities, these tools have significant limitations in functionality,
efficiency, accuracy, portability, and availability.

To overcome these limitations, we are in the early stages of the design
and implementation of a new framework for binary code analysis and
modification. The goal of this framework is to provide a component
architecture to support tools that analyze binary code and modify it
both statically (binary rewriting) and dynamically (dynamic
instrumentation), and allow for interoperability of the static and
dynamic code modification.

Characteristics of this framework include:

* multi-architecture, multi-format, and multi-operating system;
* library-based, so that components can be used separately as
* open source, to allow both local control and auditing;
* extensible data structures, so that new analyses and interfaces
can be added easily;
* exportable data structures, so that all analysis products will
be stored in a format that can be readily used by other tools;
* batch enabled, so that tools can operate effectively without
interactive control;
* testable, with each separate component provided with a
detailed test suite;
* accurate and efficient, using best-known current algorithms
and the addition of new algorithms for code parsing;
* up to date, handling modern binary code idioms like
exceptions, and functions with non-contiguous and shared

The initial library components will be symbol table parsers, binary
code scanners (instruction decoders), binary code parsers (control
flow analysis), dynamic code generators, stack walkers, process
execution controllers, and a visual binary code editor.

The goal of this talk is to lay out the motivation, plans, and current
progress for this project. We also hope to solicit feedback on both the
design and functionality.

Barton Miller is Professor of Computer Sciences at the University
of Wisconsin, Madison. He directs the Paradyn Parallel Performance Tool project,
which is investigating performance and instrumentation technologies for
parallel and distributed applications and systems. He also co-directs the WiSA
security project. His research interests include tools for high-performance
computing systems, binary code analysis and instrumentation, computer
security, and scalable distributed systems.

Miller co-chaired the SC2003 Technical Papers program, was Program
co-Chair of the 1998 ACM/SIGMETRICS Symposium on Parallel and Distributed
Tools, and General Chair of the 1996 ACM/SIGMETRICS Symposium on Parallel and
Distributed Tools. He also twice chaired the ACM/ONR Workshop on Parallel and
Distributed Debugging. Miller was on the editorial board of IEEE Transactions
on Parallel and Distributed Systems, and is currently on the Boards of
Concurrency and Computation Practice and Experience, Computing Systems, and the
Int’l Journal of Parallel Processing. Miller has chaired numerous workshops and
has been on numerous conference program committees. He is also a member of
the IEEE Technical Committee on Parallel Processing.

Miller is a member of the Los Alamos National Laboratory Computing,
Communications and Networking Division Review Committee, IDA Center
for Computing Sciences Program Review Committee, and has been on the
U.S. Secret Service Electronic Crimes Task Force (Chicago Area), the
Advisory Committee for Tuskegee University’s High Performance
Computing Program, and the Advisory Board for the International Summer Institute
on Parallel Computer Architectures, Languages, and Algorithms in
Prague. Miller is an active participant in the European Union APART
performance tools initiative.

Miller received his Ph.D. degree in Computer Science from the
University of California, Berkeley in 1984. He is a Fellow of the ACM.

Host: Giovanni Vigna