6

There are some excellent DBI frameworks for Windows (Intel PIN, DynamoRIO...) but unfortunately none of them expose an IR afaik. I am looking for something like Valgrind's VEX that works on Windows.

Any pointers / references would be greatly appreciated. Thanks in advance!

Carlos Garcia
  • 1,041
  • 1
  • 7
  • 15

3 Answers3

3

If you are searching for lifting assembly to IR, look at either BAP or RevGen.

Edit 2018: There is also great McSema (supports x86, x64 and aarch64).

w s
  • 8,458
  • 1
  • 24
  • 40
  • This may be what I was looking for. I always avoided BAP since it is written in OCAML but I guess I'll have to check it out nevertheless. – Carlos Garcia Apr 01 '14 at 14:21
  • On a closer look, it does not seem that BAP supports Windows. Any experiences with compiling this on a Windows OS? – Carlos Garcia Apr 01 '14 at 16:18
  • Nevermind, it accepts PE files as input. Suboptimal for my purposes but it'd make do. Sorry for the little self-chat here. – Carlos Garcia Apr 01 '14 at 16:24
3

dynamoRIO does expose an IR (see documentation). There is just no "written textual" form of it, it is basically a 1:1 mapping of the underlying assembly language and thus very close to the underlying architecture.

newgre
  • 1,183
  • 7
  • 18
1

Intel's Pin is probably what you want.

Microsoft's Vulcan is great, but I don't think it was ever released publicly, at least not in a standalone form.

Jason Geffner
  • 20,681
  • 1
  • 36
  • 75