YJN/selfpatch-slr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8e6b249838
selfpatch-slr/README.md

5.1 KiB
Raw Blame History

Selfpatch SLR

Selfpatch SLR (SPSLR) is a research prototype that implements structure layout randomization (SLR) for C programs on x86_64 Linux.

The system instruments compilation to collect metadata about structure layouts and accesses, compiles that metadata into a descriptor data section before linking, embeds that data into the final binary, and applies randomized layouts at runtime through a self-patching mechanism.

Overview

SPSLR introduces controlled randomness into the in-memory layout of C structures. Instead of relying on fixed field offsets, programs are compiled together with metadata that allows rewriting those offsets at startup.

The workflow consists of:

  1. Collecting structure and access metadata during compilation
  2. Compiling metadata into a descriptor data section before linking
  3. Embedding the descriptor data into the executable
  4. Applying layout randomization and updating references at startup

Architecture

SPSLR consists of three main components:

pinpoint — GCC plugin

The spslr_pinpoint plugin runs during compilation and emits .spslr metadata files for each compilation unit.

It tracks:

  • structure definitions
  • field accesses
  • relevant data references

The plugin requires two arguments:

  • metadir — output directory for metadata
  • srcroot — source root directory

patchcompile — pre-link patch compiler

The spslr_patchcompile tool consumes .spslr metadata files and produces an assembly file containing the SPSLR descriptor data section.

Responsibilities:

  • merge metadata across compilation units
  • group compatible targets
  • generate descriptors for targets, data references, and instruction accesses
  • emit an assembly representation of the descriptor data section

The generated assembly is assembled into an object file and linked into the final executable.

selfpatch — runtime patcher

The spslr_selfpatch static library applies runtime transformations based on the embedded descriptor data.

It exposes a single entry point:

void spslr_selfpatch(void);

At startup, this function:

  • locates and parses the embedded descriptor data
  • randomizes structure layouts
  • patches instruction operands and data references
  • finalizes execution before normal program logic continues

Repository Structure

  • pinpoint/ — GCC plugin for metadata extraction
  • patchcompile/ — pre-link patch compiler
  • selfpatch/ — runtime patch execution library
  • subject/ — example target demonstrating integration
  • docs/ — additional documentation and notes

Requirements

Platform

  • x86_64 Linux

Toolchain

  • gcc-16
  • g++-16

The repository includes GCC patch files used to preserve structure-access expressions required by SPSLR metadata collection.

Building the Custom GCC Toolchain

SPSLR relies on a custom GCC build so that offsetof-style structure access expressions remain observable to the plugin infrastructure.

git clone git://gcc.gnu.org/git/gcc.git
cd gcc
git checkout basepoints/gcc-16
git am /path/to/selfpatch-slr/gcc_component_ref.patch
cd ..

mkdir gcc-build
cd gcc-build
../gcc/configure \
  --enable-host-shared \
  --prefix=/usr/local/gcc-16 \
  --program-suffix=16 \
  --enable-languages=c,c++ \
  --enable-plugin \
  --disable-multilib \
  --disable-werror \
  --disable-bootstrap \
  --disable-libsanitizer \
  --disable-libquadmath \
  --disable-libvtv
make -j$(nproc)
sudo make install

sudo ln -s /usr/local/gcc-16/bin/gcc16 /usr/local/bin/gcc-16
sudo ln -s /usr/local/gcc-16/bin/g++16 /usr/local/bin/g++-16

Verify installation:

gcc-16 --version
g++-16 --version

Build

mkdir build
cd build
cmake ..
make -j$(nproc)

This builds:

  • spslr_pinpoint
  • spslr_patchcompile
  • spslr_selfpatch
  • the example subject executable

Integration Workflow

To integrate SPSLR into a project:

  1. Compile all source files using the spslr_pinpoint plugin

  2. Provide metadir and srcroot plugin arguments

  3. Collect generated .spslr metadata files

  4. Run spslr_patchcompile to produce descriptor data assembly

  5. Assemble the generated assembly into an object file

  6. Link the object together with:

    • compiled program objects
    • spslr_selfpatch

  7. Call spslr_selfpatch() early in program startup

Example

The subject target demonstrates the full pipeline:

  • compiles sources with the plugin
  • generates metadata
  • builds the SPSLR descriptor data section
  • links the data into the executable
  • calls spslr_selfpatch() at the start of main()

The example performs operations on randomized structures and accesses both local and global data after patching.

Limitations

  • Platform support: x86_64 Linux
  • Requires a custom GCC 16 toolchain
  • Structure layout randomization alters standard memory layout assumptions

Code that relies on fixed structure layouts, manual offset calculations, or layout-dependent casting may not behave correctly under SPSLR.

Notes

SPSLR is a research platform for exploring structure layout randomization and its implications for systems programming, security, and compiler-assisted transformations.