一种面向嵌入式设备的动态插桩方法  

作　　者：司健鹏 洪征 周振吉 陈乾 李涛 SI Jianpeng;HONG Zheng;ZHOU Zhenji;CHEN Qian;LI Tao(College of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)

机构地区：[1]陆军工程大学指挥控制工程学院,南京210007

出　　处：《计算机科学》2024年第11期347-355,共9页Computer Science

基　　金：智慧城市网络安全综合防控关键技术及系统(2019YFB2101704)。

摘　　要：现有动态插桩方法大多基于x86/x64指令集,对嵌入式设备常用的RISC兼容性较差,且在应用嵌入式设备时存在插桩效率低、资源消耗大等问题。文中提出了一种面向嵌入式设备的动态插桩方法DIEB(Dynamic Instrumentation Method for Embedded Physical Devices)。DIEB在嵌入式设备中使用以控制转移指令为探针的探测模式对目标进程进行动态二进制插桩。DIEB提出了一种轻量化的解释执行指令方法,根据指令的运行环境设置指令解释执行区域,并在解释执行区域中解释执行指令获取执行结果。在目标进程动态运行过程中,DIEB通过解释执行用作探针的控制转移指令,获取控制转移指令的目的地址,从而跟踪目标进程的执行流,在软硬件资源紧张的嵌入式设备上高效地进行动态插桩。ARM指令集是一种典型的RISC指令集,测试实验以ARM指令集为验证对象,在NetGear R7000等设备上进行。实验结果表明,经过DIEB插桩的进程可以正常运行,插桩导致的时延远小于基于ptrace的插桩方式,解决了PIN,Dynamorio等现有动态插桩框架难以在嵌入式设备上运行的问题。此外,DIEB具有在多线程环境下稳定运行的能力,可以准确记录并发线程的执行流轨迹。Most existing dynamic instrumentation methods are based on the x86/x64 instruction set,which is poorly compatible with reduced instruction set(RISC)commonly used in embedded devices,and there are problems such as low instrumentation efficiency and large resource consumption when the dynamic instrumentation methods are applied to embedded devices.This paper proposes a dynamic instrumentation method for embedded physical devices(DIEB).DIEB uses control transfer instructions as probes in embedded devices to dynamically perform binary instrumentation on target processes.It proposes a lightweight method to interpret the execution of instructions,and sets the instruction execution area based on the operating environment.DIEB interprets the execution instructions in the simulation execution area to obtain the execution results.During the dynamic operation of the target process,DIEB interprets and executes control transfer instructions to obtain the destination address of the control transfer instructions,and tracks the execution flow of the target process so as to efficiently perform dynamic instrumentation on embedded devices with limited resources.Taking the ARM instruction set as the verification object,experiments are carried out on physical devices such as NetGear R7000.Experimental results show that the DIEB instrumentation process can run normally,and the time delay caused by instrumentation is much smaller than that of the ptrace-based instrumentation method.In addition,DIEB can run stably in a multi-threaded environment and accurately record the execution flow traces of concurrent threads.

关 键 词：动态二进制插桩 指令解释执行 嵌入式设备 灰盒测试 程序运行状态反馈 

分 类 号：TP313[自动化与计算机技术—计算机软件与理论]