Automatically Repairing Stripped Executables with CFG Microsurgery

BINSURGEON is a binary rewriting system that enhances stripped binary executables with repairs, defenses, and additional functionality. This involves making space-consuming changes to the program’s control flow graph (CFG), recomputing instruction content, and relocating instructions, all while preserving functionality in the remainder of the program’s control flow. BINSURGEON uses extendable rewrite templates that enable other systems to specify and parameterize program modifications, which allows BINSURGEON to be a fully-automatic component of a larger system. In this paper, we describe BINSURGEON in the context of the FUZZBOMB automated program analysis and repair system. We outline BINSURGEON’s general binary rewriting algorithm for modifying CFGs according to FUZZBOMB’s rewrite templates. We also review some of FUZZBOMB’s rewrite templates to demonstrate the diverse repair and defense strategies— including stack protection, heap protection, CFI, pointer-checking, and more— that are implemented by BINSURGEON to harden and repair vulnerable binaries.

Scott E. Friedman, David J. Musliner. (2015). Automatically Repairing Stripped Executables with CFG Microsurgery. Fourth annual SASO workshop on Adaptive Host and Network Security. Boston, MA. - [PDF]