Dynamic Analysis of ARM ELF Shared Libraries Using Static Binary Instrumentation

Dynamic program analysis is a prominent approach towards software quality control allowing to perform automatic profiling, defect detection and other activities during software development. In this paper we focus on static binary code instrumentation – a technique to automatically modify program executable code in order to extract data necessary for dynamic analysis. We discuss the key features of this technique within context of dynamic analysis and propose a method to perform static binary code instrumentation for ELF executable and shared library files specifically targeting the ARM architecture.

We describe the main steps of the proposed method including the following: instrumentation specification and target code parsing, executable instrumentation code generation and finally target executable code file modification in order to insert instrumentation code and ensure that control transfer from original code to instrumentation code and vice versa will happen at runtime.

Executable code file modification is performed within bounds of ARM ELF specifications and is designed to minimize the changes introduced in actual executable code blocks. Instrumentation code is appended to target files as a set of separate sections; we implement control transfer to instrumentation code through unconditional jump instructions which replace small blocks of original instructions at instrumentation points. In order to preserve the original functionality we wrap instrumentation code blocks with instructions that save and restore program state; additionally, instructions replaced at instrumentation points are transferred to the instrumentation code blocks. We also describe a set of modifications performed in order to introduce instrumentation code external dependencies to the target executable files.

The proposed method was implemented in an instrumentation framework. We provide a brief overview of practical experiments using basic block counting and function entry/exit tracing as base instrumentation applications. The results show better performance in comparison to popular dynamic instrumentation framework Valgrind and low overhead for system-wide tracking of native Android libraries.

static binary instrumentation, dynamic analysis, ARM architecture, ELF format, Android.

1. Amitabh Srivastava, Alan Eustace. ATOM: A System for Building Customized Program Analysis Tools, WRL Research Report 94/2, Western Research Laboratory, Palo Alto, CA, USA (http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-94-2.pdf)

2. James R. Larus, Eric Scnharr. EEL: Machine-Independent Executable Editing. PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation, 1995. pp. 291-300.

3. Ted Romer, Geoff Voelker, Dennis Lee, Alec Wolman, Wayne Wong, Hank Levy, Brian Bershad, Brad Chen. Instrumentation and Optimization of Win32/Intel Executables Using Etch. Proceedings of the USENIX Windows NT Workshop, 1997.

4. Susanta Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh. BIRD: Binary Interpretation using Runtime Disassembly. International Symposium on Code Generation and Optimi-zation, 2006. doi:10.1109/CGO.2006.6

5. Michael A. Laurenzano, Mustafa M. Tikir, Laura Carrington, Allan Snavely. PEBIL: Ef-ficient static binary instrumentation for Linux. 2010 IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS), 2010. pp. 175-183. doi:10.1109/ISPASS.2010.5452024

6. Barton P. Miller and Andrew R. Bernat, Anywhere, Any Time Binary Instrumentation, ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and En-gineering (PASTE), Szeged, Hungary, 2011, pp. 9-16. doi: 10.1145/2024569.2024572

7. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, Kim Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, 2005. pp.190-200. doi:10.1145/1065010.1065034

8. Nicholas Nethercote and Julian Seward. Valgrind: A Framework for Heavyweight Dy-namic Binary Instrumentation. Proceedings of ACM SIGPLAN 2007 Conference on Pro-gramming Language Design and Implementation (PLDI 2007), San Diego, California, USA, 2007. pp. 89-100. doi:10.1145/1250734.1250746

9. Derek L. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipula-tion. Doctor of Philosophy Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA.

10. Kim Hazelwood, Artur Klauser. A Dynamic Binary Instrumentation Engine for the ARM Architecture . Proceedings of the 2006 international conference on Compilers, architecture and synthesis for embedded systems (CASES'06). New York, NY, USA, 2006. pp. 261-270