Why is binary rewriting/instrumentation difficult? - Linux

This is a discussion on Why is binary rewriting/instrumentation difficult? - Linux ; Hi, I'm learning assembly along with ELF spec and linking/loading process. And I was told that binary rewriting is hard since memory references are all relative in x86. Yes, it sounds hard, but I don't quite get why it is ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Why is binary rewriting/instrumentation difficult?

  1. Why is binary rewriting/instrumentation difficult?

    Hi,

    I'm learning assembly along with ELF spec and linking/loading process.
    And I was told that binary rewriting is hard since memory references
    are all relative in x86. Yes, it sounds hard, but I don't quite get why
    it is that difficult? After all, isn't it that ELF files have all the
    information about how they are linked and loaded? Can someone enlighten
    and tell me about the inherent factors that make static/dynamic binary
    rewriting/instrumentation not such an easy job?

    Thanks.

    Pilsung


  2. Re: Why is binary rewriting/instrumentation difficult?

    "Pilsung" writes:

    > And I was told that binary rewriting is hard since memory references
    > are all relative in x86.


    Memory references are (or could be) relative on other architectures.

    What makes x86 binary rewriting particularly difficult is variable
    instruction length (even correct disassembly of x86 istruction
    stream is difficult, especially when assembly obfuscation techniques
    were used, such as jumps into the middle of instruction,
    self-modifying code, and so forth).

    > Yes, it sounds hard, but I don't quite get why it is that difficult?


    Try doing it; come back in a year, and answer your own question.

    > After all, isn't it that ELF files have all the
    > information about how they are linked and loaded?


    What does this have to do with your question?

    Yes, you can write a dynamic loader for ELF binaries (this itself
    is not a trivial task). But this doesn't help you with arbitrary
    binary rewriting at all.

    Cheers,
    --
    In order to understand recursion you must first understand recursion.
    Remove /-nsp/ for email.

+ Reply to Thread