Zero-overhead static rewriting of arm64 binaries
So for my master thesis I worked on a nice static rewriter for aarch64 binaries. It’s pretty cool, and has the following features:
- “Zero” overhead (less than <1% without instrumentation)
- First symbolization approach on aarch64
- Small (<3k LOC of python) and built to be easy to add instrumentation modules
- Address Sanitization implemented as intrumentation pass that lets you add ASAN checks on closed-source binaries. Same memory sanitization result as running a binary through e.g. Valgrind but with almost an order of magnitude less overhead (very nice for fuzzing!)
Unfortunately, it also has the following non-features:
- Only works on C binaries (for now)
- No obfuscated/packed/self-modifying code (basically, only well-behaved compilers)
- No statically-linked binaries
To be honest though, many static rewriters share the above limitations.
Write me a mail or reach me out on twitter if you have any questions!