1

What I am trying to do seems simple comparing to complicated code static analysis work

  1. finding all the assign code, and insert a new code snippet based on the value used in the assign code to update certain memory
  2. finding all the basic control block, assign a unique id to each block, and insert a new code snippet based on the id to update certain memory

Currently I have the source code, so I don't need to deal with binary:)

But I am newly in this area and I am wondering if I need something like Perl script to analyse by hand..? Could any body give me some instructions about how to get this job done..?

Thanks a lot!

lllllllllllll
  • 8,519
  • 9
  • 45
  • 80
  • 1
    "What I am trying to do seems simple" - well, no. You'll need a complete C parser for that. And a compiler you can extend to inject code. – Mat Oct 26 '13 at 14:55
  • Hi Mat, thank you and sorry for my immature saying... But I think I can just insert certain code snippet to the source code to get a "new" source code and put it in the regular compiler...Does it look more feasible..? – lllllllllllll Oct 26 '13 at 15:00
  • 1
    You still need a complete C parser/analyzer, and in that case figure out a way to do a proper "textual" change for your needs. That might actually be more difficult in the general case than working inside the compiler that is built with modularity/extensibility in mind (look at clang/llvm). – Mat Oct 26 '13 at 15:03
  • Antler has some pretty nice language "pattern matching" abilities without having to do a full parser. It's primarily a java tool, they used to have a C backend but I think that went away with the new version though. http://www.antlr.org/ – Charlie Burns Oct 26 '13 at 15:22
  • What OP needs is a "program transformation tool". Perl will not do satisfactorily. I'd add a link to such tools, but SO zealots hate answers that mention tools. If you want more details, you can check my bio. – Ira Baxter Oct 26 '13 at 20:17
  • @Mat Hi Mat, thank you a lot and finally I use Clang to do a source 2 source transformation:) Have a good weekend! – lllllllllllll Nov 01 '13 at 20:59

1 Answers1

1

Maybe dynamic injection is easier in this case. Check pintool (http://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool). As far as I remember it allows tracing of memory operations (assignment is just on of the cases) and likely allows identification of basic blocks, but I am not sure, I have not done this kind of task with pin.

Andrew
  • 2,055
  • 2
  • 20
  • 27