[llvm-dev] Binary to LLVM IR lifter?

[fee via llvm-dev]

Hi all,

I am looking for binary lifter/translater that are able to convert architecture specific code like x86, x86_64, ARM etc. to LLVM IR.

Do you know any working tools that can do something like this?

Regards,

Fredi

_______________________________________________
LLVM Developers mailing list
llvm...@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

[Sandeep Dasgupta via llvm-dev]

Hello Fredi,

This is my  experience with a publicly available tool called McSema (https://github.com/trailofbits/mcsema)   which can convert x86 machine code to functional LLVM IR.  McSema support translation of x86 machine code, including integer, floating point, and SSE instructions.

• Pluses of McSema
  
• Well documented
• Fully functional LLVM IR, i.e. the recovered LLVM IR can be re-written to binary and executed.
• Pluggable control flow graph recovery phase: The tool has 2 independent phases: In the first phase, it extracts control flow graph (cfg) information from the binary (using a tool bin_descend). Then it will write the recovered cfg into a Google Protocol Buffer serialized file. There is also an IDAPython script to recover cfg from within IDA Pro (which is a commercial solution ). In that sense, we can plug-in any solution to recover cfg. In the second phase McSema converts this cfg into LLVM IR. 
  
• Minuses of LLVM IR recovered from Mcsema:
  
• One of the downside of this recovered LLVM IR is that the variable (scalar/aggregate) and type information is not recovered in that LLVM IR. In our group, we are actively working on  recovering the variable and type information.
  

Thanks and Regards,
Sandeep Dasgupta
PhD Student, University of Illinois  Urbana Champaign

Date: Sat, 13 Aug 2016 15:57:14 +0200
From: fee via llvm-dev <llvm...@lists.llvm.org>
To: llvm...@lists.llvm.org
Subject: [llvm-dev] Binary to LLVM IR lifter?
Message-ID: <342a05bd-1375-6712...@web.de>
Content-Type: text/plain; charset=utf-8