Case Study on LLVM as suitable intermediate language for binary analysisCase Study on LLVM as suitable intermediate language for binary analysis

2017 - Technische Universität München - Bachelor Seminar Thesis


Many binary analysis tools and compilers, instead of directly working on code, use an intermediate representation of it. The idea of this thesis is to use the well-tested intermediate representation from LLVM for binary analysis tasks. We take a look at McSema, a tool to translate x86 and x86_64 binaries to LLVM, describe its translation process in detail and additionally implement Python bindings for it. To practically test McSema, we present five examples of code we translate to LLVM and then recompile again. The last of these demos is an example on using KLEE, a symbolic execution engine for LLVM, on the code produced by McSema in order to successfully solve a CrackMe. We conclude that McSema's translation approach provides a suitable way to extract functions from binaries to integrate them in other code or to analyse them using symbolic execution, as well as serving as a potential basis to implement an LLVM-based decompiler. We also compare it to Remill, another tool similar to McSema, which generates code that represents the assembly code more explicitly and VEX, the intermediate representation used in Valgind and Angr, which is also more close to the machine code.

Additional Resources:

Umwandlung von Bildern in Audio-SignaleCase Study on LLVM as suitable intermediate language for binary analysis

2013 - Gymnasium Penzberg - German only

Hier gibt es meine W-Seminararbeit zum Thema "Umwandlung von Bildern in Audio-Signale" zum Download.

Die Arbeit steht unter einer Creative Commons Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen 3.0 Unported Lizenz, das zugehörige Programm unter der GPLv3.

Programm "audiocrypt":

Es werden folgende Libraries benötigt: FreeImage, FreeImagePlus (i.d.R. in FreeImage enthalten), libsndfile. Dem Windows Binary liegen die jeweiligen DLLs bereits bei.