пятница, 8 января 2016 г.

CFG with LLVM

On holydays I read book "LLVM Cookbook" (not very good - lots of meaningless copy-pasted code blocks are annoying) and played a bit with fresh llvm-3.7.1 (was released 5 january)

So I decided to check whether it is possible to implement MS CFG in llvm. I have two news - good and bad, as usually

Good: yes, you can easy add instrumentation in llvm - just add some plugin for IR derived from FunctionPass and add call to your guard_check_icall before each VTBL call (or even on any ptr call). I think it will take one day for any CS-student

Bad: you need integration with MS linker and it seems that support of CFG in COFF files is totally undocumented. LLVM itself cannot make load_config and even more - their definition of coff_load_configuration in include\llvm\Object\COFF.h has no fields for CFG (like GuardCFCheckFunctionPointer and GuardCFFunctionTable)