a gpu based x86 disassembler
play

A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos - PowerPoint PPT Presentation

Feb 01, 2023 •210 likes •513 views

GPU-Disasm: A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, George Portokalidis First Impressions Evangelos Ladakis - FORTH 2 First Impressions Evangelos Ladakis -

  1. GPU-Disasm: A GPU-based x86 Disassembler ISC 2015 Evangelos Ladakis , Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, George Portokalidis

  2. First Impressions Evangelos Ladakis - FORTH 2

  3. First Impressions Evangelos Ladakis - FORTH 3

  4. First Impressions Evangelos Ladakis - FORTH 4

  5. Outline • Background • Architecture • Optimization • Evaluation • Conclusion Evangelos Ladakis - FORTH 5

  6. Disassembly Software Reverse Engineering • Mandatory when source code is not available o Bad guys • Find vulnerabilities • Bypass protection mechanisms o Good guys • Find malicious code • Debug and patching • Apply protection mechanisms • Techniques o Linear o Recursive Evangelos Ladakis - FORTH 6

  7. Binary Stores • Large number of binaries • 1.6 million Google play • 1.5 million app store • Updated occasionally From a security aspect: • Analysis time and cost are essential Evangelos Ladakis - FORTH 7

  8. Motivation • How can we build a fast and cheap Disassembler for large scale analysis? • Can we use GPU’s to accelerate the decoding process? • Why GPUs? Evangelos Ladakis - FORTH 8

  9. General-Purpose Programming on GPUs (GPGPU) • Powerful co-processors for General Purpose Programming • Commodity hardware, relative cheap • Compute capabilities increasing • Familiar API CUDA and OpenCl Evangelos Ladakis - FORTH 9

  10. GPU memory model Evangelos Ladakis - FORTH 10

  11. X86-ISA • CISC architecture • 1~15 Bytes instructions Why x86? • Widely used • More challenges to address • Applying to RISC is easier Evangelos Ladakis - FORTH 11

  12. GPU-Disasm Arch. GPU-based Disassembler of the x86 architecture Two modes: • Linear disassembly o Each thread is assigned a binary • Exhaustive disassembly o Each thread decodes one instruction of the same binary but from a different offset Evangelos Ladakis - FORTH 12

  13. Challenges • Arbitrary accesses to Global o X86 nature • Load balancing and correctness o Utilize threads fairly with same size buffers o Start disassembling where we left • Large number of static and constant values o Fast memory interfaces are small in capacity o Store the most frequently used Evangelos Ladakis - FORTH 13

  14. GPU-Disasm Arch. GPU-Disasm Components: How to achieve high performance:  Optimize transfers  Optimize the Disassembly process  Pipeline the operations Evangelos Ladakis - FORTH 14

  15. PCI Throughput • PCI 3.0 throughput evaluation Evangelos Ladakis - FORTH 15

  16. PCI Throughput • Maximum throughput on 16MB of data Evangelos Ladakis - FORTH 16

  17. Optimize Transfers 1. Pre-allocate page-locked I/O buffers to the host ( cudaMallocHost) 2. Place I/O to single buffers o Greater of 16 MB for PCI max throughput 3. Minimize the PCI transfer API calls Evangelos Ladakis - FORTH 17

  18. Optimize Disassembly • Store Look-up-tables to Constant & Shared mem. • Pre-fetch input data to registers • Improve cache hits in L2 o Divide input into small buffers o Move threads as groups inside memory Evangelos Ladakis - FORTH 18

  19. Correctness • We keep a copy of old decoded bytes and the upcomming bytes • So that we can continue decoding where we left Evangelos Ladakis - FORTH 19

  20. Evaluation • Implementation in CUDA • System: o GPU: NVIDIA GTX 770 $396 o CPU: intel i7 $305 o Total cost $1120 • Dataset from usr of ubuntu 12.04 • Performance measured in Lines/sec Evangelos Ladakis - FORTH 20

  21. Disassemblers Evaluation • Single threaded, discard disk I/O • Performance divergence due to output construction Evangelos Ladakis - FORTH 21

  22. GPU-Disasm on crafted bins Buffer Size (Bytes) Average Hit Rate % (L1 to L2) 16 58.7 32 53.65 64 45.26 • Decode 2 Bytes Instructions • Impact of L2 optimization o 25.85 % more performance Evangelos Ladakis - FORTH 22

  23. GPU-Disasm on Binaries Comparing only the disassembly process Evangelos Ladakis - FORTH 23

  24. GPU-Disasm on Binaries Comparing only the disassembly process • Linear disassembly 2 times faster • Exhaustive average 4.4 times faster Evangelos Ladakis - FORTH 24

  25. Pipeline Components • After 1024 batch size, disassembly becomes the bottleneck Evangelos Ladakis - FORTH 25

  26. Hybrid (CPU & GPU) • Hybrid has 7 CPU threads and the GPU o 1 thread is needed as the GPU controller Evangelos Ladakis - FORTH 26

  27. Power evaluation • Metrics include CPU, RAM, and peripherals power consumption o Measured internally with sensors Evangelos Ladakis - FORTH 27

  28. Conclusion • Presented a GPU-based implementation of an x86 disassembler • 2 times faster in linear disassembly and 4.4 in exhaustive • Similar power consumption with the CPU implementation Evangelos Ladakis - FORTH 28

  29. Thank you Evangelos Ladakis - FORTH 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20 Presentation Whoami? Where do I work? What do I do? Angelin

453 views • 20 slides
Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State University 3 Disassemblers Disassembler Convert machine code in a binary file into assembly code or code in an equivalent IR Assume a

514 views • 26 slides
Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1

Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1

Simulation of OpenCL and APUs on Multi2Sim 4.1 Rafael Ubal, David Kaeli Conference title 1 Outline Introduction Simulation methodology Part 1 Simulation of an x86 CPU Part 2 Simulation of a Southern Islands GPU Disassembler OpenCL

913 views • 73 slides
HITB 2009 Metasm Debugger Analysis of a protection Compiler Decompilation Disassembler Plan

HITB 2009 Metasm Debugger Analysis of a protection Compiler Decompilation Disassembler Plan

Binary deprotection with metasm and stuff Alexandre Gazet Yoann Guillot Sogeti / ESEC R&D Sogeti / ESEC R&D alexandre.gazet(at)sogeti.com yoann.guillot(at)sogeti.com HITB 2009 Metasm Debugger Analysis of a protection Compiler

767 views • 59 slides
Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic

Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic

CS440/ECE448: Intro to Artificial Intelligence Review Different kinds of agents: Lecture 3: reflex-based, model-based, goal-based, utility-based, learning-based Systematic search How do we evaluate agents? External

522 views • 13 slides
Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing [Kleinberg04] J. Kleinberg, A. Slivkins, T. Wexler. Triangulation and Embedding using Small Sets of Beacons. Proc. 45th IEEE Symposium on Foundations of

450 views • 32 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data

Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data

Designing and Developing Person-Based and Topic-Based Person-Based and Topic-Based Data Collection Instruments Emily A. Johnson Thomas C Melaney Thomas C. Melaney US Census Bureau, USA Summary The American Community Survey (ACS) tests

202 views • 16 slides
Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance

Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance

Civil Aviation Department The Government of the Hong Kong Special Administrative Region Integrated Approach of Risk-based Compliance-based Performance-based Audit and Surveillance Programme George WAI, Airworthiness Officer Flight Standards

394 views • 26 slides
Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples

Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples

Example-Based Skeleton Extraction Scott Schaefer Can Yuksel Example-Based Deformation Examples Previous Work Mesh-based Inverse Kinematics [Sumner et al. 2005], [Der et al. 2006] Example-based deformation method Non-linear

773 views • 59 slides
<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com

<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com

<draft-lee-ce-based-vpl-00.txt> 54 th IETF PPVPN WG Cheng-Yin.Lee@alcatel.com Mitsuru.Higashiyama@yy.anritsu.co.jp <draft-lee-ce-based-vpl-00.txt> Martini RFC2547 PE-based Kompella VPLS VR CE-based site-to-site CE-based VPL

233 views • 10 slides
Approaches Based on guided code generation Based on exploring existing code Based on

Approaches Based on guided code generation Based on exploring existing code Based on

Approaches Based on guided code generation Based on exploring existing code Based on spreadsheet interaction Using R for teaching statistics to nonmajors: Comparing experiences of 2.5 different approaches Thomas Baier University of

639 views • 7 slides
Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Stuttgart, Germany, 2014-11-27 Integrating Workload Specification and Extraction for Model- Based and Measurement-Based Performance Evaluation An Approach for Session-Based Software Systems Andr van Hoorn, Christian Vgele Eike Schulz,

1.02k views • 29 slides
Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting

Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting

Why Use Performance Based Contracting Performance Measure vs Performance Based Contracting Used to Achieve Agency Goals & Objectives Outcome Based Service Intended to Drive Contractor Behavior Penalties Must be Reasonable:

52 views • 4 slides
Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering Distributed Systems Mar Marco Autili BPMN2 Choreographies basics University of LAquila Invited Seminar Lecture 1 Course: Advanced

724 views • 59 slides
Outline Specific Issues Related to Embedded Processor Architectures General approach Sorin

Outline Specific Issues Related to Embedded Processor Architectures General approach Sorin

Sorin Manolache Sorin Manolache Outline Specific Issues Related to Embedded Processor Architectures General approach Sorin Manolache SIMD example sorma@ida.liu.se VLIW example 1 2 November 7, 2001 November 7, 2001 Sorin

68 views • 6 slides
HRANCO SERVICE FABRICATION ERECTION PRESSURE FINISHING CAPACITY

HRANCO SERVICE FABRICATION ERECTION PRESSURE FINISHING CAPACITY

SUPER STEEL... SUPER SERVICE... HRANCO SERVICE FABRICATION ERECTION PRESSURE FINISHING CAPACITY CERTIFICATIONS SUPER STEEL. SUPER SERVICE. Leaders in the super steel industry Meet or exceed your highest 1554

244 views • 9 slides
Public Safety Communications Interoperability: The Future looks Bright! Proudly governed by:

Public Safety Communications Interoperability: The Future looks Bright! Proudly governed by:

www.citig.ca Public Safety Communications Interoperability: The Future looks Bright! Proudly governed by: Presentation : Paramedic Chiefs of Canada June 13 th , 2013 @CITIG_Canada @CITIG_Canada Canadian Interoperability Technology Interest Group

351 views • 17 slides
EAST LONDON NHS FOUNDATION PRESENTATION TO TOWER HAMLETS HEALTH SCRUTINY COMMITTEE JULY 2018 1

EAST LONDON NHS FOUNDATION PRESENTATION TO TOWER HAMLETS HEALTH SCRUTINY COMMITTEE JULY 2018 1

EAST LONDON NHS FOUNDATION PRESENTATION TO TOWER HAMLETS HEALTH SCRUTINY COMMITTEE JULY 2018 1 Background ELFT achieve Foundation status 2007, At that point we were a mental health provider: Since then we have added: Forensic Services

119 views • 9 slides
RoFaL Roma Families Learning Project County Clare VEC Clare Adult Basic Education Service is

RoFaL Roma Families Learning Project County Clare VEC Clare Adult Basic Education Service is

RoFaL Roma Families Learning Project County Clare VEC Clare Adult Basic Education Service is funded by the Department of Education and Science with assistance from the European Social Fund as part of the National Development Plan 2007-2013. Irish

817 views • 48 slides
Translating ETC to LLVM Assembly Carl Ritson C.G.Ritson@kent.ac.uk School of Computing,

Translating ETC to LLVM Assembly Carl Ritson C.G.Ritson@kent.ac.uk School of Computing,

Translating ETC to LLVM Assembly Carl Ritson C.G.Ritson@kent.ac.uk School of Computing, University of Kent 2009 11 3 1983-1984 INMOS Transputer released. occam is born. 2009 11 3 1989 SGS Thompson

477 views • 37 slides
Clamp Selection Guide www.sinctech.com | Page 1 Clamp Selection Guide Clamps and Mounting

Clamp Selection Guide www.sinctech.com | Page 1 Clamp Selection Guide Clamps and Mounting

How To Use The Sinclair Clamp Selection Guide www.sinctech.com | Page 1 Clamp Selection Guide Clamps and Mounting Hardware Our standard clamps are designed for mounting base station Our standard clamps are designed for mounting base

488 views • 32 slides
Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June

Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June

Thomas Stewart Clamping mop Karys Thomas Stewart's Life Thomas Stewart's birthday is June 11, 1893. He died Sept. 24 1986. He was born in Kalamazoo, Michigan. He grew up in that place. As a kid he loved making things. His family was poor.

119 views • 8 slides

More recommend