Description
Timeless debugging of binaries is a complex task with conflicting challenges. On one side there are approaches, with tiny memory
footprints that allow inspection of the state at any time, via pre-recording and combinations of re-execution and emulation, but
therefore do not support live debugging. On the other side, we can find approaches that need huge amounts of memory to support this
and are limited when dealing with system calls.
We research possibilities to position between both sides to benefit from some of their advantages and address some of their downsides
as well. Using the ptrace API, we support live debugging functionality, at the cost of recording performance, while using partial memory
snapshots to keep the footprint small. We can revert kernel-state effects of a well-selected set of system calls, by injecting additional
system calls into the binary at runtime, which is quite reliable so long as we are not communicating with remote machines or special
devices. We thus developed a debugger supporting the x86-64 ISA, that we hope will help speed up reverse-engineering and exploit development
because of its time-traveling features.
|
