How can i Lifting x86_64 assembly code to LLVM-IR?

Question

I'm researching of virus and I'm faced with the task of deobfuscating its virtual machine. I chose to do this through LLVM and I had a question, where can I see a simple example of lifting instructions to the LLVM-IR level? For example, where can I look at code that just translate one pop rsp instruction to LLVM-IR? Since I didn't find anything like that.

Maybe someone has articles where this is described or can someone suggest with an example?

You could check at what RetDec does (https://github.com/avast/retdec). It's a decompiler based on LLVM. It lifts assembly to LLVM-IR and then LLVM-IR to C. — jmmartinez, Jan 21 '23 at 14:48
Related: https://reverseengineering.stackexchange.com/questions/30475/lifting-x86-machine-code-to-llvm-ir — Ciro Santilli OurBigBook.com, Jul 17 '23 at 20:11

score 2 · Accepted Answer · answered Jan 27 '23 at 21:18

2

Here is a list of similar tools you could try:

MeSema relies on IDA Pro to disassemble a binary file and produce a control flow graph. Then it can convert the control flow graph into LLVM IR.
llvm-mctoll is easy to use, but SIMD instructions such as SSE, AVX, and Neon cannot be raised.
retdec is a retargetable machine-code decompiler
reopt is a general purpose decompilation and recompilation tool, support x86-64 Linux programs.

answered Jan 27 '23 at 21:18

西风逍遥游

94
7

Thanks! I'm currently trying to rewrite this under Windows: https://github.com/aengelke/rellume Maybe you know something like a library for translating code to LLVM-IR so that I can integrate this library into my code? – OSPFv3 Jan 28 '23 at 00:21

How can i Lifting x86_64 assembly code to LLVM-IR?

1 Answers1