Explaining the driver option for cfg_to_bc

[steven.raf...@gmail.com]

Hi there,

Can someone help me understand what the driver flag represents? The help for utility converting from CFG to LLVM describes the driver option as:

-driver=<<driver name>,<symbol | ep address>,<'raw' | argument count>,<'return' | 'noreturn'>,< calling convention: 'C', 'E', 'F'>> 

But I am not 100% sure what each of these arguments are doing all together. So it's hard to me read something like "-driver=demo1_entry,start,raw,return,C" .

Best,

Rafael  

   

[Artem D]

Hi Steven,

So there is some more documentation at: https://github.com/trailofbits/mcsema/blob/master/docs/TOOLS.md

Let me describe it in a bit more detail.

You start with an original file called translateme.obj file with an entry point named "orig_entry". The entry point has a cdecl calling convention and takes one argument. It will return (instead of say call ExitProcess()).

You translate it with bin_descend. Now you have a translateme.cfg file. 

When you translate the translateme.cfg file to bitcode, all functions are translated to a new function that takes a register context as input. If you want to re-link any original code that used translateme.obj, you will need to convert the original parameters to a register context. Luckily the -driver option of cfg_to_bc will do this for you!

so the option of -driver=new_entry,orig_entry,1,return,C means:

In the translated bitcode, create a function named new_entry, that takes one argument, has cdeclc alling convention and returns. Make the function new_entry create a register context and call the translated function orig_entry.

Artem

[steven.raf...@gmail.com]

Hi Artem,

Thanks for the help. Your response clears up a lot.