YJN/selfpatch-slr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated README

Browse Source
This commit is contained in:
York Jasper Niebuhr 2026-04-08 12:08:15 +02:00
parent 424065b4b5
commit 32a73df1cd
1 changed files with 54 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
README.md
View File

@ -1,9 +1,8 @@
# Selfpatch SLR # Selfpatch SLR
Selfpatch SLR (SPSLR) is a research prototype that implements **structure layout randomization (SLR)** for C programs on **x86_64 Linux**. Selfpatch SLR (SPSLR) is a research prototype that implements **structure layout randomization (SLR)** for C programs on **x86_64 Linux**.
The system instruments compilation to collect metadata about structure layouts and accesses, compiles that metadata into a patch program before linking, embeds that program into the final binary, and applies randomized layouts at runtime through a self-patching mechanism. The system instruments compilation to collect metadata about structure layouts and accesses, compiles that metadata into a descriptor data section before linking, embeds that data into the final binary, and applies randomized layouts at runtime through a self-patching mechanism.
--- ---
@ -13,10 +12,10 @@ SPSLR introduces controlled randomness into the in-memory layout of C structures
The workflow consists of: The workflow consists of:
1. Collecting structure and access metadata during compilation 1. Collecting structure and access metadata during compilation
2. Compiling metadata into a patch program before linking 2. Compiling metadata into a descriptor data section before linking
3. Embedding the patch program into the executable 3. Embedding the descriptor data into the executable
4. Executing the patch program at startup to randomize layouts and update references 4. Applying layout randomization and updating references at startup
--- ---
@ -29,25 +28,28 @@ SPSLR consists of three main components:
The `spslr_pinpoint` plugin runs during compilation and emits `.spslr` metadata files for each compilation unit. The `spslr_pinpoint` plugin runs during compilation and emits `.spslr` metadata files for each compilation unit.
It tracks: It tracks:
- structure definitions
- field accesses * structure definitions
- relevant data references * field accesses
* relevant data references
The plugin requires two arguments: The plugin requires two arguments:
- `metadir` — output directory for metadata
- `srcroot` — source root directory * `metadir` — output directory for metadata
* `srcroot` — source root directory
--- ---
### `patchcompile` — pre-link patch compiler ### `patchcompile` — pre-link patch compiler
The `spslr_patchcompile` tool consumes `.spslr` metadata files and produces an assembly file containing the SPSLR patch program. The `spslr_patchcompile` tool consumes `.spslr` metadata files and produces an assembly file containing the SPSLR descriptor data section.
Responsibilities: Responsibilities:
- merge metadata across compilation units
- group compatible targets * merge metadata across compilation units
- generate patch instructions * group compatible targets
- emit an assembly representation of the patch program * generate descriptors for targets, data references, and instruction accesses
* emit an assembly representation of the descriptor data section
The generated assembly is assembled into an object file and linked into the final executable. The generated assembly is assembled into an object file and linked into the final executable.
@ -55,7 +57,7 @@ The generated assembly is assembled into an object file and linked into the fina
### `selfpatch` — runtime patcher ### `selfpatch` — runtime patcher
The `spslr_selfpatch` static library executes the embedded patch program at runtime. The `spslr_selfpatch` static library applies runtime transformations based on the embedded descriptor data.
It exposes a single entry point: It exposes a single entry point:
@ -64,20 +66,21 @@ void spslr_selfpatch(void);
``` ```
At startup, this function: At startup, this function:
- loads the embedded patch program
- randomizes structure layouts * locates and parses the embedded descriptor data
- patches instruction operands and data references * randomizes structure layouts
- finalizes execution before normal program logic continues * patches instruction operands and data references
* finalizes execution before normal program logic continues
--- ---
## Repository Structure ## Repository Structure
- `pinpoint/` — GCC plugin for metadata extraction * `pinpoint/` — GCC plugin for metadata extraction
- `patchcompile/` — pre-link patch compiler * `patchcompile/` — pre-link patch compiler
- `selfpatch/` — runtime patch execution library * `selfpatch/` — runtime patch execution library
- `subject/` — example target demonstrating integration * `subject/` — example target demonstrating integration
- `docs/` — additional documentation and notes * `docs/` — additional documentation and notes
--- ---
@ -85,12 +88,12 @@ At startup, this function:
### Platform ### Platform
- x86_64 Linux * x86_64 Linux
### Toolchain ### Toolchain
- `gcc-16` * `gcc-16`
- `g++-16` * `g++-16`
The repository includes GCC patch files used to preserve structure-access expressions required by SPSLR metadata collection. The repository includes GCC patch files used to preserve structure-access expressions required by SPSLR metadata collection.
@ -147,10 +150,11 @@ make -j$(nproc)
``` ```
This builds: This builds:
- `spslr_pinpoint`
- `spslr_patchcompile` * `spslr_pinpoint`
- `spslr_selfpatch` * `spslr_patchcompile`
- the example `subject` executable * `spslr_selfpatch`
* the example `subject` executable
--- ---
@ -158,15 +162,16 @@ This builds:
To integrate SPSLR into a project: To integrate SPSLR into a project:
1. Compile all source files using the `spslr_pinpoint` plugin 1. Compile all source files using the `spslr_pinpoint` plugin
2. Provide `metadir` and `srcroot` plugin arguments 2. Provide `metadir` and `srcroot` plugin arguments
3. Collect generated `.spslr` metadata files 3. Collect generated `.spslr` metadata files
4. Run `spslr_patchcompile` to produce a patch program assembly file 4. Run `spslr_patchcompile` to produce descriptor data assembly
5. Assemble the generated assembly into an object file 5. Assemble the generated assembly into an object file
6. Link the object together with: 6. Link the object together with:
- compiled program objects
- `spslr_selfpatch` * compiled program objects
7. Call `spslr_selfpatch()` early in program startup * `spslr_selfpatch`
7. Call `spslr_selfpatch()` early in program startup
--- ---
@ -174,11 +179,11 @@ To integrate SPSLR into a project:
The `subject` target demonstrates the full pipeline: The `subject` target demonstrates the full pipeline:
- compiles sources with the plugin * compiles sources with the plugin
- generates metadata * generates metadata
- builds the SPSLR patch program * builds the SPSLR descriptor data section
- links the program into the executable * links the data into the executable
- calls `spslr_selfpatch()` at the start of `main()` * calls `spslr_selfpatch()` at the start of `main()`
The example performs operations on randomized structures and accesses both local and global data after patching. The example performs operations on randomized structures and accesses both local and global data after patching.
@ -186,9 +191,9 @@ The example performs operations on randomized structures and accesses both local
## Limitations ## Limitations
- Platform support: **x86_64 Linux** * Platform support: **x86_64 Linux**
- Requires a **custom GCC 16 toolchain** * Requires a **custom GCC 16 toolchain**
- Structure layout randomization alters standard memory layout assumptions * Structure layout randomization alters standard memory layout assumptions
Code that relies on fixed structure layouts, manual offset calculations, or layout-dependent casting may not behave correctly under SPSLR. Code that relies on fixed structure layouts, manual offset calculations, or layout-dependent casting may not behave correctly under SPSLR.