Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How does this compare to Remill and McSema? #1

Closed
pgoodman opened this issue Oct 12, 2018 · 5 comments
Closed

How does this compare to Remill and McSema? #1

pgoodman opened this issue Oct 12, 2018 · 5 comments

Comments

@pgoodman
Copy link

Remill lifts x86, amd64, and AArch64 instructions to LLVM bitcode: https://github.com/trailofbits/remill

McSema uses Remill and has plugins with IDA Pro, Binary Ninja, and DynInst to lift whole program binaries to LLVM bitcode: https://github.com/trailofbits/mcsema
@pgoodman
Copy link
Author

For example, this is what Remill-lifted bitcode looks like: https://github.com/trailofbits/remill/tree/master/tools/lift

And this is the approach taken by Remill to lift to bitcode:
http://www.petergoodman.me/docs/cppcon-poster1-2018.pdf
http://www.petergoodman.me/docs/cppcon-poster2-2018.pdf

As far as I ca tell, llvm-mctoll takes a superficially similar approach to McSema version 1, which disassembled bytes to llvm::MCInst, then manually generated bitcode via LLVM IR creation APIs.

@bharadwajy
Copy link
Contributor

bharadwajy commented Oct 12, 2018
edited by aaronsm

Thanks for taking a look at llvm-mctoll and for your comments, Peter.

This is an initial attempt to raise binaries solely using the LLVM infrastructure. My wildest dream is to be able build support/framework such that one can "just" run the traditional LLVM back-end compilation passes in the reverse order to raise/lift the binary of any architecture with an LLVM backend :-)

At this point llvm-mctoll may not even be close to the maturity level of McSema. We hope the continuing work on llvm-mctoll will make it a viable tool as well.

I consider this to be yet another attempt to address the problem at hand with minimal dependencies other than LLVM. We'd love to learn from your development experiences (with McSema) and insights so that this tool might be able to mature faster.

All feedback is welcome.

@dguido
Copy link

dguido commented Oct 12, 2018
edited

At this point llvm-mctoll may not even be close to the maturity level of McSema. We hope the continuing work on llvm-mctoll will make it a viable tool as well.

This seems like a lot of effort to eventually achieve a clone of mcsema, which itself is open-source and production-ready today. Is there something about mcsema that you need or want changed? You mentioned minimal dependencies. What dependencies are you specifically concerned about? It might make more sense to help us eliminate those dependencies rather than try to reinvent the entire framework.

@aaronsm
Copy link
Contributor

aaronsm commented Oct 18, 2018

There are a number of related projects leveraging llvm in interesting ways like mcsema, llbt, mambo, bolt, panda, revamb, retdec, fcd, gensim. It's a good topic for a bof at the next llvm developer meeting. Maybe we can discuss there.

@aaronsm aaronsm closed this as completed Oct 18, 2018
@dguido
Copy link

dguido commented Oct 20, 2018

We tried to summarize the current state of lifters in this table:
https://github.com/trailofbits/mcsema#comparison-with-other-machine-code-to-llvm-bitcode-lifters

@archerbroler archerbroler mentioned this issue Jan 29, 2019
Open
@testhound testhound mentioned this issue Apr 12, 2020
Open
@stephan-yichao-zhao stephan-yichao-zhao mentioned this issue Sep 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pgoodman @dguido @aaronsm @bharadwajy