Hi Marius,
On Fri, Sep 18, 2009 at 6:23 PM, Marius <wishinet at googlemail.com>
wrote:> I recently strumbled across llvm-qemu
> (http://code.google.com/p/llvm-qemu/) which apparantly should be able to
> translate qemu supported architectures to LLVM IR
> (http://markmail.org/message/iyqzgtcux62wdhkb) to ease analysing
> binaries.
Yes, at runtime and at basic block level this is very much possible.
Whether this is useful to you largely depends on what you actually
want to do :)  But e.g. for binary instrumentation this should work.
> Using LLVM for (dynamic binary) translations seems to be a great
> idea. However I haven't seen many approaches being made in that
> direction.
Yeah, I think llvm-qemu is the only project in this regard.
> Valgrind's VEX (RISC like intermediate language) seems to be
> used in Bitblaze VINE (http://bitblaze.cs.berkeley.edu/vine.html).
Looks like an interesting project. VEX seems to be very similar to
LLVM IR. I'd be curious to see how effective the static binary
analysis done by Vine actually is.
> Does anybody know a similar project for LLVM? - Because the llvm-qemu
> seems to have specific downsides linked to qemu emulation engine.
I'm not aware of any projects which do binary analysis with LLVM.
What downsides are you referring to? The fact that it doesn't do a
"direct" translation?
At one point someone was working on a direct translation from x86 to
LLVM IR, never heard anything about it again though.
Cheers,
Tilmann