Project Slot 4 - Binary Debugger Backend

Student: Cornelius Aschermann (DE)
Primary mentor: Mark Schloesser (DE)
Backup mentor: Tillmann Werner (DE)

Project Overview:

The goal of this project is to integrate the binary instrumentation tool pin
with a scripting interface in order to easily instrument applications.

This interface will come as an extension to the primitive gdb interface that pin already supports, as well as a standalone version that can be used without a frontend debugger in a batch mode. Scripting support for pin and the gdb protocoll will allow to perform rather complex operations (such as differential debugging) in few lines of lua. The extended gdb protocol for communication makes it easy for other tools to receive logging output and dynamically change the instrumentation hooks. Additionally a Ruby wrapper around the gdb protocol will be developed for having a completely scriptable debugger for non interactive debugging.

Deliverables :

  • A Pin Tool (The so/dll that pin uses for instrumentation are called "Pin Tools") that supports dynamically changing lua instrumentations for standalone instrumentation.
  • The same Pin tool will provide a way of dynamically adding/removing different instrumentations scripts at runtime via the GDB protocol.
  • A Ruby libary that provides an API to the GDB protocol yielding a completely scriptable non-interactive debugger (also usefull with normal GDB backends such as Qemu or gdbserver)
  • a set of plugins for the debugger frontend, yielding a complete interactive debugger

Project Plan:

  • Mid-Term
    • Basic lua scriptable pin tool running on both windows XP [optional] and linux [high] on x86-64
    • only most commonly used pin functions [high]
    • a few example scripts [high]
    • Document the lua API [low]
    • Document the where the lua API differs from the pin API [high]
    • Document the C wrapper [medium]
    • Document Build process of the lua Pin tools [high]
    • make it possible to define custom gdb commands in lua [medium]
    • wrap gdb MI to ruby [high] (this is of utmost importance since it is also part of the Project Slot 5 - Binary Debugger Frontend)
  • Final Milestone
    • Ruby scriptable debugger [high]
    • API for using gdb with PIN as backend (break points, run, memory read/write etc.)
    • Ability to insert arbitrary lua scripts as instrumentation at any point during execution
    • working integration in the Debugger Frontend (Plugins)
    • example analysis tools for:
      • jump destinations / vtable addresses for static analysis [high]
      • call graphs [high]
      • listings of self modifying code (exec after write) mem regions [high]
      • differential debugging [optional]
      • generate code listings [optional]
      • find used text strings. [high]
    • Basic lua scriptable pin tool running on windows XP [high], other windows versions [optional] and linux [done] on x86-64

    Project Source Code Repository:
    not yet online

    Student Weekly Blog:

    Project Useful Links
    hexgolems Will come online with the first usable version