ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (4): 730-741.doi: 10.7544/issn1000-1239.2019.20180166

• 系统结构 • 上一篇    下一篇

基于QEMU的动态二进制插桩技术

邹伟,高峰,颜运强   

  1. (中国工程物理研究院计算机应用研究所 四川绵阳 621999) (weighzou@163.com)
  • 出版日期: 2019-04-01
  • 基金资助: 
    国家自然科学基金项目(61520106005,61761136014);国家重点研发计划项目(2017YFB1010000)

Dynamic Binary Instrumentation Based on QEMU

Zou Wei, Gao Feng, Yan Yunqiang   

  1. (Institute of Computer Application, China Academy of Engineering Physics, Mianyang, Sichuan 621999)
  • Online: 2019-04-01

摘要: 软件插桩是程序优化、软件调试、软件测试、故障定位等软件动态分析的基础技术.而其中,动态二进制插桩技术,因其无侵入性,即既不需要对源代码进行修改编译,又不需要重新组装二进制程序,不会引起目标码膨胀,而广泛应用于软件动态分析,特别是在资源受限、功耗低、实时性高的嵌入式软件领域,动态二进制插桩技术十分关键.然而,现有的二进制插桩工具仅能应用于用户态软件分析,在嵌入式全系统软件领域,还没有相应的二进制插桩工具.针对上述问题,在基于动态二进制翻译的开源指令集仿真器QEMU(quick emulator)基础上,研究突破基本块运行时间统计收集,并消除中断对嵌入式系统软件控制流分析的不良影响,实现了在中间码上对嵌入式全系统软件的动态二进制插桩,完成嵌入式全系统软件运行控制流跟踪,并开发日志处理工具.实验表明,该方法能完成目标码的调用图、函数剖面、覆盖率、控制流等分析,可以解决了嵌入式全系统软件动态二进制分析问题.

关键词: 动态分析, 动态二进制插桩, QEMU, 二进制目标码, 软件测试

Abstract: Software instrumentation is a basic technology of software dynamic analysis, such as program optimization, debugging, testing, fault location and so on. The dynamic binary instrumenta-tion technology, because of its non-invasive, which does not need to modify the source code to compile, and does not need to reassemble the binary program, will not cause the expansion of the object code, and is widely used in software dynamic analysis, especially in resource constrained, low power consumption, high real-time embedded field, so dynamic binary instrumentation is the very key technology. However, the existing binary instrumentation tool can only be applied to user mode software, and the embedded whole system software also needs a corresponding binary instrumentation tool. In order to solve this problem, this paper based on the dynamic binary translation open source instruction set simulator QEMU(quick emulator), breaks through run time statistics collection on the basic blocks, and eliminates interrupt’s adverse effects of control flow analysis in the embedded the system software, and achieves the implementation of instrumentation on the intermediate code level to the embedded system software code, full completion of the embedded system software running control flow tracking, and the development of log information processing tool. Experiments show that the method proposed in this paper can accomplish call graph, function profile, coverage, control flow analysis and so on, which can solve the problem of dynamic binary analysis of embedded system software.

Key words: dynamic analysis, dynamic binary instrumentation, QEMU, binary code, software testing

中图分类号: