YJN/selfpatch-slr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
113 Commits 1 Branch 0 Tags 668 KiB
C++ 53.5%
C 41%
CMake 5.5%
c57b3f03a3
Go to file
York Jasper Niebuhr c57b3f03a3 Only dump metadata for used targets
2026-04-05 20:24:38 +02:00
docs Only dump metadata for used targets 2026-04-05 20:24:38 +02:00
patchcompile Replaced post-link finalizer with pre-link patchcompile 2026-04-04 13:56:17 +02:00
pinpoint Only dump metadata for used targets 2026-04-05 20:24:38 +02:00
selfpatch Replaced post-link finalizer with pre-link patchcompile 2026-04-04 13:56:17 +02:00
subject Implemented spslr_field_fixed attribute 2026-04-05 18:50:30 +02:00
.gitignore CMake setup 2025-10-07 23:04:22 +02:00
CMakeLists.txt Replaced post-link finalizer with pre-link patchcompile 2026-04-04 13:56:17 +02:00
gcc_component_ref_v2.patch Updated gcc patch v2 comments 2025-10-30 21:34:57 +01:00
gcc_component_ref.patch Gcc patch subject line areas 2025-10-18 15:12:44 +02:00
README.md Updated README 2026-04-04 14:41:59 +02:00

README.md

Selfpatch SLR

Selfpatch SLR (SPSLR) is a research prototype that implements structure layout randomization (SLR) for C programs on x86_64 Linux.

The system instruments compilation to collect metadata about structure layouts and accesses, compiles that metadata into a patch program before linking, embeds that program into the final binary, and applies randomized layouts at runtime through a self-patching mechanism.

Overview

SPSLR introduces controlled randomness into the in-memory layout of C structures. Instead of relying on fixed field offsets, programs are compiled together with metadata that allows rewriting those offsets at startup.

The workflow consists of:

  1. Collecting structure and access metadata during compilation
  2. Compiling metadata into a patch program before linking
  3. Embedding the patch program into the executable
  4. Executing the patch program at startup to randomize layouts and update references

Architecture

SPSLR consists of three main components:

pinpoint — GCC plugin

The spslr_pinpoint plugin runs during compilation and emits .spslr metadata files for each compilation unit.

It tracks:

  • structure definitions
  • field accesses
  • relevant data references

The plugin requires two arguments:

  • metadir — output directory for metadata
  • srcroot — source root directory

patchcompile — pre-link patch compiler

The spslr_patchcompile tool consumes .spslr metadata files and produces an assembly file containing the SPSLR patch program.

Responsibilities:

  • merge metadata across compilation units
  • group compatible targets
  • generate patch instructions
  • emit an assembly representation of the patch program

The generated assembly is assembled into an object file and linked into the final executable.

selfpatch — runtime patcher

The spslr_selfpatch static library executes the embedded patch program at runtime.

It exposes a single entry point:

void spslr_selfpatch(void);

At startup, this function:

  • loads the embedded patch program
  • randomizes structure layouts
  • patches instruction operands and data references
  • finalizes execution before normal program logic continues

Repository Structure

  • pinpoint/ — GCC plugin for metadata extraction
  • patchcompile/ — pre-link patch compiler
  • selfpatch/ — runtime patch execution library
  • subject/ — example target demonstrating integration
  • docs/ — additional documentation and notes

Requirements

Platform

  • x86_64 Linux

Toolchain

  • gcc-16
  • g++-16

The repository includes GCC patch files used to preserve structure-access expressions required by SPSLR metadata collection.

Building the Custom GCC Toolchain

SPSLR relies on a custom GCC build so that offsetof-style structure access expressions remain observable to the plugin infrastructure.

git clone git://gcc.gnu.org/git/gcc.git
cd gcc
git checkout basepoints/gcc-16
git am /path/to/selfpatch-slr/gcc_component_ref.patch
cd ..

mkdir gcc-build
cd gcc-build
../gcc/configure \
  --enable-host-shared \
  --prefix=/usr/local/gcc-16 \
  --program-suffix=16 \
  --enable-languages=c,c++ \
  --enable-plugin \
  --disable-multilib \
  --disable-werror \
  --disable-bootstrap \
  --disable-libsanitizer \
  --disable-libquadmath \
  --disable-libvtv
make -j$(nproc)
sudo make install

sudo ln -s /usr/local/gcc-16/bin/gcc16 /usr/local/bin/gcc-16
sudo ln -s /usr/local/gcc-16/bin/g++16 /usr/local/bin/g++-16

Verify installation:

gcc-16 --version
g++-16 --version

Build

mkdir build
cd build
cmake ..
make -j$(nproc)

This builds:

  • spslr_pinpoint
  • spslr_patchcompile
  • spslr_selfpatch
  • the example subject executable

Integration Workflow

To integrate SPSLR into a project:

  1. Compile all source files using the spslr_pinpoint plugin
  2. Provide metadir and srcroot plugin arguments
  3. Collect generated .spslr metadata files
  4. Run spslr_patchcompile to produce a patch program assembly file
  5. Assemble the generated assembly into an object file
  6. Link the object together with:
    • compiled program objects
    • spslr_selfpatch
  7. Call spslr_selfpatch() early in program startup

Example

The subject target demonstrates the full pipeline:

  • compiles sources with the plugin
  • generates metadata
  • builds the SPSLR patch program
  • links the program into the executable
  • calls spslr_selfpatch() at the start of main()

The example performs operations on randomized structures and accesses both local and global data after patching.

Limitations

  • Platform support: x86_64 Linux
  • Requires a custom GCC 16 toolchain
  • Structure layout randomization alters standard memory layout assumptions

Code that relies on fixed structure layouts, manual offset calculations, or layout-dependent casting may not behave correctly under SPSLR.

Notes

SPSLR is a research platform for exploring structure layout randomization and its implications for systems programming, security, and compiler-assisted transformations.