Rev.Ng: A Tale Of Reverse Engineering, Dynamic Analysis And Translation Of Binaries Using Qemu And Llvm

This talk will provide an overview and an outlook to the future of rev.ng [1-3], a binary analysis tools based on QEMU and LLVM. Thanks to QEMU, and unlike many other binary analysis tools, rev.ng can handle a very large number of diverse architectures in a unified way. Unified means that all our analyses are designed to work in a architecture- and ABI-agnostic way: we can detect the arguments of a function no matter if itu0027s SPARC or x86, and no matter the calling convention. As our internal representation we employ the LLVM IR, which means that we are not limited to static analysis, but we can also instrument the IR and recompile it, even across architectures. In fact, we have been able to successfully translate large pieces of software such as GCC and Perl compiled for an architecture (e.g., ARM) to another one (e.g., x86), preserving the original behavior.