How-to rewrite a binary file or modfiy its control flow graph

Question

Essentially I want to rewrite a binary file to perform additional tasks regarding its actual tasks. Regarding binary rewriting the process seems to be following:

Create a Control Flow Graph from an existing binary
Create a Code Snippet with the desired changes in an appropriate format
Create a binary file from the modified CFG

I came across a couple of tools, which either won't compile on my ubuntu 12.04, are not available for download or I can not find a decent tutorial / howto on how to hot patch / rewrite a binary. Those tools are:

ParseAPI, Code-Surfer/x86, EEL, LEEL, Jakstab, DynInst, Diablo + Lancet

To be more precise I want to analyze a given binary for its most frequently used functions and change it in such a way that before executing these functions, a given set of instructions are performed. These instructions comprise of loading an array of stored bytes, reading a byte at a certain position and comparing it with a pre-defined value. I want to make sure that the binary definitely executes these instructions during every trial.

There are 2 alternative approaches I came across which basically alter standard c functions (like memcpy(), strcpy(), printf(), etc.) since I assume these functions to be part of the binary with high probability:

LD_PRELOAD: Define my own libraries and let them get loaded before the ordinary ones
Compile the binary (of sourcecode is given) with own versions of the standard functions using something like gcc -fno-builtin -o strcpy strcpy.c

Drawback of this approach is that eventhough I subsitute standard c functions they do not necessarily have to get called, hence my instruction will not get executed neither.

Do you guys have experience regarding binary rewriting or do your have clues for accomplishing this rather exotic task?

Best regards!

How-to rewrite a binary file or modfiy its control flow graph

Answers (1)

Related Questions