the glibc-runtime heuristic is not precise enough

[ivg]

We have it triggered on .o and .so files, as well as on custom-made executables. We need to collect more information to establish a set of good indicators.

Note, when glibc-runtime is triggered it will rename the target of the first jump of the entry point to __libc_start_main (and insert a synthetic subroutine is the destination is unresolved).

[philzook58]

Some of our examples seem to trigger the __libc_start_main renaming. This occurs only on some systems. It is evident that this is occurring when one runs bap on the binaries with -dbir. It does occur on my system which is using bap 2.1.0+5a98402, ocaml 4.09.0, cc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0, Ubuntu 18.04.4.
It seems to be triggered on our files that are compiled from assembly.
As per your suggestion, adding --no-glibc-runtime to our Makefile and run scripts seems to avoid the issue.

• https://github.com/draperlaboratory/cbat_tools/tree/112ca768925d691fd8781ca873c8cf47a2c641b9/wp/resources/sample_binaries/init_var_compare
• https://github.com/draperlaboratory/cbat_tools/tree/112ca768925d691fd8781ca873c8cf47a2c641b9/wp/resources/sample_binaries/retrowrite_stub
• https://github.com/draperlaboratory/cbat_tools/tree/112ca768925d691fd8781ca873c8cf47a2c641b9/wp/resources/sample_binaries/non_null_check

[XVilka]

I recommend two more things to test on:

• check our testsuites for ELF/SO files:
  • https://github.com/radareorg/radare2-testbins ( see the /elf directory in particular, corresponding tests are in radare2/test/db/formats/elf)
  • https://github.com/radareorg/radeco-regressions
• check LIEF testsuite https://github.com/lief-project/samples

[ivg]

@gitoleg, can you provide in ogre more information about the file type, e.g., I want to know whether it is an object file or shared library? Right now ogre says elf for executables, .o, and .so