Skip to content

Latest commit

 

History

History
64 lines (44 loc) · 2.34 KB

README.md

File metadata and controls

64 lines (44 loc) · 2.34 KB

varviewer

This tool is used to match variable between source code and compiled binaries (with debug information, now support DWARF4 and DWARF5)

Dependencies

necessary basic package

if you are using ubuntu (recommended), you can execute

apt -y install build-essential wget zip pkgconf zlib1g zlib1g-dev libzstd1 meson \
ninja-build doxygen bzip2 flex graphviz libbz2-dev libssl-dev libncurses5-dev \
libsqlite3-dev libreadline-dev libtk8.6 libgdm-dev libdb4o-cil-dev libpcap-dev

libdwarf

varviewer need libdwarf to extracter dwarf info, this can be downloaded from https://github.com/davea42/libdwarf-code/releases and perform customized installation.

you can execute the following for this,

mkdir /tmp/build && cd /tmp
wget https://github.com/davea42/libdwarf-code/releases/download/v0.5.0/libdwarf-0.5.0.tar.xz && \
tar xf libdwarf-0.5.0.tar.xz
cd /tmp/build && meson /tmp/libdwarf-0.5.0 && ninja && ninja install && ninja test

python

varviewer's analysis module is implemented with high version of python3, python-3.11 is recommended, here's the quick build commands.

wget https://github.com/python/cpython/archive/refs/tags/v3.11.1.zip
unzip v3.11.1.zip && cd cpython-3.11.1/ && ./configure --enable-optimizations
make -j 32 && make install

also, some python3 packages are in need,

pip3 install angr z3-solver bz2file pydot graphviz angr iced_x86 pyelftools pyinstrument timeout_decorator

Usage

you need 2 steps to match variables.

extract debug info

  1. go into extracter/ and mkdir build -p && cd build && cmake.. && make
  2. execute ./bin/extracter <binary-to-extract> -o <json-file>, the json file contains organized debug info to feed the analysis module, besides there are also some debug option(s)
    • -r for print raw dwarf expression
    • -nc for only print complex expressions
    • -fde for print CFA info
    • --no-traverse for avoidance of fully traversing, and quickly print other info
    • -omm for output struct member's member in a single json, or in a single json will only output its own member
    • -mf for match a struct variable's member to expressions, or it will only match the struct variable

analysis

as default, user only need main.py to complete matching analysis.

you can execute python3 ./main.py <binary-to-analyze> <json-file> -uO -o <result-file>