Problems using mc-sema
107 views
Skip to first unread message
Hui Peng
Feb 25, 2016, 1:45:14 PM2/25/16
to mcsema-dev
I am trying to use mc-sema to translate X86/X86_64 machine instructions
to LLVM IR.
In my machine code, function pointers are used, but it seems that mc-sema
is not able to handle this situation very well.
I tried to compile my c source code to X86 and X86_64 machine code,
in case of X86, it seems that the bitcode can be generated successfully,
but if I tried to link the bit code against some driver C code, although
the executable can be generated, but the generated executable can not
be run at all.
In case of X86_64, the process stops at converting the cfg file to bit code.
I have attached the source files, commands and map files that I used in
my test(you can just put the .tgz file under the root of mcsema and untar it there then the files
I used will be placed in mc-sema/tests and mc-sema/tests/x86_64, the commands are included in
demo_funcpointer.sh). I would be greatly appreciated if you can spare some time
to figure out what was wrong with it.
Thanks.
PS: my work is heavily dependent on mc-sema, some internal design
of bin_descend and cfg_to_bc will be greatly helpful to me.
to LLVM IR.
In my machine code, function pointers are used, but it seems that mc-sema
is not able to handle this situation very well.
I tried to compile my c source code to X86 and X86_64 machine code,
in case of X86, it seems that the bitcode can be generated successfully,
but if I tried to link the bit code against some driver C code, although
the executable can be generated, but the generated executable can not
be run at all.
In case of X86_64, the process stops at converting the cfg file to bit code.
I have attached the source files, commands and map files that I used in
my test(you can just put the .tgz file under the root of mcsema and untar it there then the files
I used will be placed in mc-sema/tests and mc-sema/tests/x86_64, the commands are included in
demo_funcpointer.sh). I would be greatly appreciated if you can spare some time
to figure out what was wrong with it.
Thanks.
PS: my work is heavily dependent on mc-sema, some internal design
of bin_descend and cfg_to_bc will be greatly helpful to me.
Artem Dinaburg
Feb 25, 2016, 1:49:42 PM2/25/16
to Hui Peng, mcsema-dev
Have you tried using IDA for cfg recovery? Its getting diffcult to maintain bin_descend. We are thinking of removing it outright since the IDA recovery is a lot better and we want to focus our dev time on fixing translation bugs.
Artem
--
You received this message because you are subscribed to the Google Groups "mcsema-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mcsema-dev+...@googlegroups.com.
To post to this group, send email to mcsem...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mcsema-dev/5c48d3e3-46cc-47bb-9061-738b87f15891%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<funcpointer_test.tgz>
Hui Peng
Feb 25, 2016, 2:03:16 PM2/25/16
to mcsema-dev, benq...@gmail.com
Hi, Artem:
Thanks for your response.
Thanks for your response.
On Thursday, February 25, 2016 at 1:49:42 PM UTC-5, Artem D wrote:
Have you tried using IDA for cfg recovery? Its getting diffcult to maintain bin_descend. We are thinking of removing it outright since the IDA recovery is a lot better and we want to focus our dev time on fixing translation bugs.
No, I did not try IDA. I could not use IDA. we are working in the opensource community.
Anyway, could you please do me a favor to have a look whether it is because of my misue of
the tools or some internal bugs of the tools.
If it is because of the internal bugs, could you please give me some hints on how to
fix them. If I fix it in the future, I can contribute my fix.
Thanks
Reply all
Reply to author
Forward
0 new messages