Convert LLIL to compileable and executable C++.
GOALS:
- test lifting: accurate LLIL should compute like native code
- provide LLIL semantics - runtime.cpp contains a C/C++ implementation for many LLIL operations
QUICK START: make -f Makefile_x86_x64
./main
EXAMPLE: transpiled A64
The LLIL gets mapped to C/C++ code:
LLIL | C/C++ |
---|---|
LLIL_IF | if |
LLIL_GOTO | goto, with labels generated at every block |
LLIL_CALL | function call |
LLIL_JUMP_TO | switch |
LLIL_REG | REG16() , REG32() , REG64() , etc. |
LLIL_ADD | ADD16() , ADD32() , ADD64() , etc. |
LLIL_XXX | XXX() |
See ildump2cpp.py for the mapper, and runtime.cpp for the C/C++ implementation of the LLIL operations.
- compile tests.cpp into tests.o with the architecture you want to lift
- extract the llil into tests_il.cpp using ildump2cpp.py
- compile tests_il.cpp with runtime.cpp and main.cpp to main
./main
Using make: make x64
or make arm
then ./main
- atop runtime.h, do an
#ifdef ARCH_XXX
and inside define your arch's register types, etc. - in main.cpp, do an
#ifdef ARCH_XXX
and inside definevm_init_stack()
,vm_set_arg0()
, etc. - create a Makefile, being sure to pass
-DARCH_XXX
- run
./main
You could compile a routine in one architecture, transpile it's LLIL to C++, then compile the result to a new architecture.
You could do the above many times, even with the same architecture, increasing code size and obfuscation.