DBAF: Dynamic Binary Analysis Framework and Its Applications

  • Ting ChenEmail author
  • Youzheng Feng
  • Xingwei Lin
  • Zihao Li
  • Xiaosong Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


Dynamic binary analysis is difficult and burdensome. In practice, analysts always develop dynamic binary analyzers (DBAs) based on binary instrumentation tools (BITs), which are responsible for extracting information from a binary, monitoring or altering the execution of the binary. However, existing BITs either expose machine instructions to analysts or lack user-friendly APIs. Such problems result in a steep learning curve to grasp BITs and difficulties in eliminating bugs in DBAs. This work designs DBAF, a dynamic binary analysis framework that instruments binaries dynamically, conducts an online translation from machine code into an easy-to-handle intermediate representation (IR) and provides tens of APIs for IR processing. With DBAF, analysts can process binaries in the level of IR without the troubles to interpret machine instructions. Then, we develop five DBAs on top of DBAF, which are a division-by-zero protector, an IR counter, a memory tracer, a taint analyzer and a concolic executor. It demonstrates that DBAF can reduce the development effort for DBAs, especially the ones requiring semantic interpretation of instructions. Experiments show that DBAF brings about reasonable overhead in online translation.



This work is supported in part by National Key R&D Program of China (2017YF-B0802903), Project 2117H14243A and Sichuan Province Research and Technology Supporting Plan, China.


  1. 1.
    Bernat, A., Miller, B.: Anywhere, any-time binary instrumentation. In: PASTE (2011)Google Scholar
  2. 2.
    Bruening, D., Duesterwald, E., Amarasinghe, S.: Design and implementation of a dynamic optimization framework for windows. In: FDDO (2001)Google Scholar
  3. 3.
    Bruening, D., Zhao, Q., Amarasinghe, S.: Transparent dynamic instrumentation. In: VEE (2012)Google Scholar
  4. 4.
    Bungale, P.P., Luk, C.K.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: VEE (2007)Google Scholar
  5. 5.
    Chen, T., Xu, Y., Zhang, X.: A program manipulation middleware and its applications on system security. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 606–626. Springer, Cham (2018). Scholar
  6. 6.
    Chen, T., Zhang, X., Guo, S., Li, H., Wu, Y.: State of the art: dynamic symbolic execution for automated test generation. Future Gener. Comput. Syst. 29(7), 1758–1773 (2013)CrossRefGoogle Scholar
  7. 7.
    Chung, J., Dalton, M., Kannan, H., Kozyrakis, C.: Thread-safe dynamic binary translation using transactional memory. In: HPCA (2008)Google Scholar
  8. 8.
  9. 9.
  10. 10.
    Dinaburg, A., Adve, V.: McSema: static translation of x86 instructions to LLVM. In: ReCon (2014)Google Scholar
  11. 11.
    Edwards, A., Vo, H., Srivastava, A.: Vulcan binary transformation in a distributed environment (2001).
  12. 12.
    Feiner, P., Brown, A.D., Goel, A.: Comprehensive kernel instrumentation via dynamic binary translation. In: ASPLOS (2012)Google Scholar
  13. 13.
    Feng, Y.: Fixed potential LLVM value type dismatch in llvm::constantint::get. (#241) #242 (2017).
  14. 14.
    Guillon, C.: Program instrumentation with QEMU. In: International QEMU Users’ Forum (2011)Google Scholar
  15. 15.
    Hao, S., Li, D., Halfond, W.G., Govindan, R.: SIF: a selective instrumentation framework for mobile applications. In: Mobisys (2013)Google Scholar
  16. 16.
    Hazelwood, K., Klauser, A.: A dynamic binary instrumentation engine for the arm architecture. In: CASES (2006)Google Scholar
  17. 17.
    Jimborean, A., Mastrangelo, L., Loechner, V., Clauss, P.: VMAD: an advanced dynamic program analysis and instrumentation framework. In: O’Boyle, M. (ed.) CC 2012. LNCS, vol. 7210, pp. 220–239. Springer, Heidelberg (2012). Scholar
  18. 18.
    Larus, J.R., Schnarr, E.: EEL: machine-independent executable editing. In: PLDI (1995)Google Scholar
  19. 19.
  20. 20.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: CGO (2004)Google Scholar
  21. 21.
    Laurenzano, M.A., Tikir, M.M., Carrington, L., Snavely, A.: PEBIL: efficient static binary instrumentation for Linux. In: ISPASS (2010)Google Scholar
  22. 22.
    Lee, G.L., et al.: Dynamic binary instrumentation and data aggregation on large scale systems. Int. J. Parallel Program. 35(3), 207–232 (2007)CrossRefGoogle Scholar
  23. 23.
    LLVM: LLVM language reference manual (2018).
  24. 24.
    Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: PLDI (2005)Google Scholar
  25. 25.
    Maebe, J., Ronsse, M., Bosschere, K.D.: Diota: dynamic instrumentation, optimization and transformation of applications. In: WBT (2002)Google Scholar
  26. 26.
    Moura, L.D., Bjørner, N.: Z3: an efficient SMT solver. In: TACAS (2008)Google Scholar
  27. 27.
    Nanda, S., Li, W., Lam, L.C., Chiueh, T.C.: Bird: binary interpretation using runtime disassembly. In: CGO (2006)Google Scholar
  28. 28.
    Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI (2007)Google Scholar
  29. 29.
    Pellegrini, A.: Hijacker: efficient static software instrumentation with applications in high performance computing: poster paper. In: HPCS (2013)Google Scholar
  30. 30.
  31. 31.
  32. 32.
    Put, L.V., Chanet, D., Bus, B.D., Sutter, B.D., Bosschere, K.D.: DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In: ISSPIT (2005)Google Scholar
  33. 33.
  34. 34.
  35. 35.
    Schulz, M., et al.: Scalable dynamic binary instrumentation for blue gene/l. In: WBIA (2005)Google Scholar
  36. 36.
    Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: S&P (2010)Google Scholar
  37. 37.
    Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: CGO (2003)Google Scholar
  38. 38.
    Smithson, M., Anand, K., Kotha, A., Elwazeer, K., Giles, N., Barua, R.: Binary rewriting without relocation information (2010).
  39. 39.
    Sridhar, S., Shapiro, J.S., Northup, E., Bungale, P.P.: HDTrans: an open source, low-level dynamic instrumentation system. In: VEE (2006)Google Scholar
  40. 40.
    Sun, E., Kaeli, D.: A binary instrumentation tool for the blackfin processor. In: WBIA (2009)Google Scholar
  41. 41.
    Tikir, M.M., Laurenzano, M., Carrington, L., Snavely, A.: PMAC binary instrumentation library for powerpc/aix. In: WBIA (2006)Google Scholar
  42. 42.
    Upton, D., Hazelwood, K., Cohn, R., Lueck, G.: Improving instrumentation speed via buffering. In: WBIA (2009)Google Scholar
  43. 43.
    Wallace, S., Hazelwood, K.: Superpin: parallelizing dynamic instrumentation for real-time performance. In: CGO (2007)Google Scholar
  44. 44.
    Yang, J., Zhou, S., Soffa, M.L.: Dimension: an instrumentation tool for virtual execution environments. In: VEE (2006)Google Scholar
  45. 45.
    Zhang, M., Qiao, R., Hasabnis, N., Sekar, R.: A platform for secure static binary instrumentation. In: VEE (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Ting Chen
    • 1
  • Youzheng Feng
    • 1
  • Xingwei Lin
    • 1
  • Zihao Li
    • 1
  • Xiaosong Zhang
    • 1
  1. 1.Research Center for CybersecurityUniversity of Electronic Science and Technology of ChinaChengduChina

Personalised recommendations