skip to main content
article
Public Access

Instruction punning: lightweight instrumentation for x86-64

Published:14 June 2017Publication History
Skip Abstract Section

Abstract

Existing techniques for injecting probes into running applications are limited;

they either fail to support probing arbitrary locations, or to support scalable,

rapid toggling of probes. We introduce a new technique on x86-64, called

instruction punning, which allows scalable probes at any instruction. The key

idea is that when we inject a jump instruction, the relative address of the jump

serves simultaneously as data and as an instruction sequence. We show that this

approach achieves probe invocation overheads of only a few dozen cycles, and

probe activation/deactivation costs that are cheaper than a system call, even

when all threads in the system are both invoking probes and toggling them.

References

  1. J. Arnold and M. F. Kaashoek. Ksplice: Automatic rebootless kernel updates. In Proceedings of the 4th ACM European conference on Computer systems, pages 187–198. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. R. Bernat and B. P. Miller. Anywhere, any-time binary instrumentation. In Proceedings of the 10th ACM SIGPLANSIGSOFT workshop on Program analysis for software tools, pages 9–16. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. D. M. Berris, A. Veitch, N. Heintze, E. Anderson, and N. Wang. Xray: A function call tracing system. 2016.Google ScholarGoogle Scholar
  4. G. Bonfante, J. Fernandez, J.-Y. Marion, B. Rouxel, F. Sabatier, and A. Thierry. Codisasm: medium scale concatic disassembly of self-modifying binaries with overlapping instructions. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 745–756. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Code Generation and Optimization, 2003. CGO 2003. International Symposium on, pages 265–275. IEEE, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. B. Chamith, B. J. Svensson, L. Dalessandro, and R. R. Newton. Living on the edge: Rapid-toggling probes with crossmodification on x86. SIGPLAN Not., 51(6):16–26, June 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. F. B. Cohen. Operating system protection through program evolution. Computers & Security, 12(6):565–584, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. F. C. EIgler, V. Prasad, W. Cohen, H. Nguyen, M. Hunt, J. Keniston, and B. Chen. Architecture of systemtap: a linux trace/probe tool, 2005.Google ScholarGoogle Scholar
  9. B. Gregg and J. Mauro. DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X, and FreeBSD. Prentice Hall Professional, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. I. Intel. and ia-32 architectures software developer’s manual. Volume 3A: System Programming Guide, Part, 1, 64.Google ScholarGoogle Scholar
  11. M. Laurenzano, M. Tikir, L. Carrington, and A. Snavely. Pebil: Efficient static binary instrumentation for linux. In Performance Analysis of Systems Software (ISPASS), 2010 IEEE International Symposium on, pages 175–183, March 2010.Google ScholarGoogle ScholarCross RefCross Ref
  12. N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. SIGPLAN Not., 42(6):89–100, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Probst, A. Krall, and B. Scholz. Register liveness analysis for optimizing dynamic binary translation. In Reverse Engineering, 2002. Proceedings. Ninth Working Conference on, pages 35–44. IEEE, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Saleh, E. P. Ratazzi, and S. Xu. Instructions-based detection of sophisticated obfuscation and packing. In 2014 IEEE Military Communications Conference, pages 1–6. IEEE, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. X. Xie, F. Liu, B. Lu, and F. Xiang. Mixed obfuscation of overlapping instruction and self-modify code based on hyperchaotic opaque predicates. In Computational Intelligence and Security (CIS), 2014 Tenth International Conference on, pages 524–528, Nov 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Instruction punning: lightweight instrumentation for x86-64

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 52, Issue 6
        PLDI '17
        June 2017
        708 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/3140587
        Issue’s Table of Contents
        • cover image ACM Conferences
          PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation
          June 2017
          708 pages
          ISBN:9781450349888
          DOI:10.1145/3062341

        Copyright © 2017 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 14 June 2017

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!