Application of software emulators for the binary code analysis

The article presents the experience of using software emulators as a tool for dynamic analysis of binary code: as a machine instruction tracer, and as a smart interactive debugger. We provide a description of deterministic replay implemented in the QEMU emulator to supply the stated functionalities.

emulator, dynamic analysis, deterministic replay, reverse debugging

1. Padaryan V.A., Get'man А. I., Solov'ev M. А. Programmnaya sreda dlya dinamicheskogo analiza binarnogo koda [Software environment for dynamic analysis of binary code]. Trudy ISP RАN [The Proceedings of ISP RAS], 2009, vol. 16, pp. 51-72 (in Russian).

2. Full System Simulation. http://www.windriver.com/products/simics/

3. SimNow™ Simulator. http://developer.amd.com/tools-and-sdks/cpudevelopment/simnow-simulator/

4. Cisco 7200 Simulator. http://www.ipflow.utc.fr/blog/

5. GNS3 / dynamips. https://github.com/GNS3/dynamips

6. ARM Software development tools. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0058d/Chdcdbib.html

7. QEMU – Open Source Processor Emulator. http://wiki.qemu.org/Main_Page

8. Dunlap, George W. and King, Samuel T. and Cinar, Sukru and Basrai, Murtaza A. and Chen, Peter M. ReVirt: enabling intrusion analysis through virtual-machine logging and replay. ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation, vol. 36, 2002, pp. 211-224.

9. Haikun Liu, Hai Jin, Xiaofei Liao, Zhengqiu Pan. XenLR: Xen-based Logging for Deterministic Replay. In proc. of Japan-China Joint Workshop on Frontier of Computer Science and Technology, 2008. pp. 149-154.

10. Amit Vasudevan, Ning Qu, Adrian Perrig. XTRec: Secure Real-time Execution Trace Recording on Commodity Platforms. In Proceedings of the 44th Hawaii International Conference on System Sciences (HICSS’11), 2011. pp. 1-10.

11. Daniela A. S. de Oliveira, Jedidiah R. Crandall, Gary Wassermann, S. Felix Wu, Zhendong Su, and Frederic T.Chong. ExecRecorder: VM-based full-system replay for attack analysis and system recovery. Proc. of the 1st workshop on Architectural and system support for improving software dependability (ASID '06), 2006. pp. 66-71

12. M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, and B. Weissman. Retrace: Collecting execution trace with virtual machine deterministic replay. In Proceedings of the 3rd Annual Workshop on Modeling, Benchmarking and Simulation, MoBS, San Diego, CA, June, volume 3, pages 4--2, 2007

13. Jim Chow, Tal Garfinkel, Peter M. Chen. Decoupling dynamic program analysis from execution in virtual environments. Proceedings ofthe 2008 Annual USENIX Technical Conference, June 2008. pp. 1-14

14. Oracle VM VirtualBox . https://www.virtualbox.org/

15. Chia-Wei Hsu, Shiuhpyng Shieh. FREE: A Fine-grain Replaying Executions by Using Emulation. The 20th Cryptology and Information Security Conference (CISC 2010), Taiwan, 2010.

16. GDB and Reverse Debugging. http://sourceware.org/gdb/news/reversible.html

17. Microprocessor Development Tools. http://www.lauterbach.com/frames.html?home.html

18. Omniscient Debugging. http://www.lambdacs.com/debugger/ODBDescription.html

19. How Does VS2010 Historical Debugging Work? http://www.wintellect.com/CS/blogs/jrobbins/archive/2009/06/16/how-does-vs2010-historical-debugging-work.aspx

20. Samuel T. King, George W. Dunlap, and Peter M. Chen. Debugging Operating Systems with Time-Traveling Virtual Machines. ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference, Berkeley, CA, USA, 2005, pp. 1-15

21. Toshihiko Koju, Shingo Takada, and Norihisa Doi. An efficient and generic reversible debugger using the virtual machine based approach. VEE '05 Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, New York, NY, USA, 2005, pp. 79-88