Skip to content

a tool for matching variables between source code and binaries

Notifications You must be signed in to change notification settings

Absoler/varviewer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

varviewer

This tool is used to match variable between source code and compiled binaries (with debug information, now support DWARF4 and DWARF5)

Dependencies

necessary basic package

if you are using ubuntu (recommended), you can execute

apt -y install build-essential wget zip pkgconf zlib1g zlib1g-dev libzstd1 meson \
ninja-build doxygen bzip2 flex graphviz libbz2-dev libssl-dev libncurses5-dev \
libsqlite3-dev libreadline-dev libtk8.6 libgdm-dev libdb4o-cil-dev libpcap-dev

libdwarf

varviewer need libdwarf to extracter dwarf info, this can be downloaded from https://github.com/davea42/libdwarf-code/releases and perform customized installation.

you can execute the following for this,

mkdir /tmp/build && cd /tmp
wget https://github.com/davea42/libdwarf-code/releases/download/v0.5.0/libdwarf-0.5.0.tar.xz && \
tar xf libdwarf-0.5.0.tar.xz
cd /tmp/build && meson /tmp/libdwarf-0.5.0 && ninja && ninja install && ninja test

python

varviewer's analysis module is implemented with high version of python3, python-3.11 is recommended, here's the quick build commands.

wget https://github.com/python/cpython/archive/refs/tags/v3.11.1.zip
unzip v3.11.1.zip && cd cpython-3.11.1/ && ./configure --enable-optimizations
make -j 32 && make install

also, some python3 packages are in need,

pip3 install angr z3-solver bz2file pydot graphviz angr iced_x86 pyelftools pyinstrument timeout_decorator

Usage

you need 2 steps to match variables.

extract debug info

  1. go into extracter/ and mkdir build -p && cd build && cmake.. && make
  2. execute ./bin/extracter <binary-to-extract> -o <json-file>, the json file contains organized debug info to feed the analysis module, besides there are also some debug option(s)
    • -r for print raw dwarf expression
    • -nc for only print complex expressions
    • -fde for print CFA info, and --no-traverse for avoidance of fully traversing, and quickly print other info

analysis

as default, user only need main.py to complete matching analysis.

you can execute python3 ./main.py <binary-to-analyze> <json-file> -uO -o <result-file>

About

a tool for matching variables between source code and binaries

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published