Last active
August 29, 2015 14:10
-
-
Save artemdinaburg/f419a697db0d9e90c409 to your computer and use it in GitHub Desktop.
Building mcsema With KLEE on Ubuntu 14.04 i386
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# These are instructions for how to build KLEE and mcsema. | |
# These are a part of a blog post explaining how to use KLEE | |
# to symbolically execute closed source binaries. | |
# install the prerequisites | |
sudo apt-get install vim build-essential g++ curl python-minimal \ | |
git bison flex bc libcap-dev cmake libboost-dev \ | |
libboost-program-options-dev libboost-system-dev ncurses-dev nasm | |
# we assume everything KLEE related will live in ~/klee. | |
cd ~ | |
mkdir klee | |
cd klee | |
# First, get the LLVM source: | |
wget http://llvm.org/releases/3.2/llvm-3.2.src.tar.gz | |
# Now get the Clang source: | |
wget http://llvm.org/releases/3.2/clang-3.2.src.tar.gz | |
# Extract llvm 3.2: | |
tar xzf llvm-3.2.src.tar.gz | |
# Extract clang: | |
tar xzf clang-3.2.src.tar.gz | |
# Move clang into the LLVM source tree: | |
mv clang-3.2.src llvm-3.2.src/tools/clang | |
# normally you would use cmake here, but today you HAVE to use autotools. | |
cd llvm-3.2.src | |
# For this example, we are only going to enable only the x86 target | |
./configure --enable-optimized --enable-assertions --enable-targets=x86 | |
# After configuring, the build can start. Building will take a while. | |
# Go make some coffee, take a nap, etc | |
make | |
# add the resulting binaries to your $PATH (needed for later building steps) | |
export PATH=`pwd`/Release+Asserts/bin:$PATH | |
# Make sure you are using the correct clang when you execute clang — you may | |
# have accidentally installed another clang that has priority in $PATH. Lets | |
# verify the version, for sanity. Your output should match whats below. | |
# | |
#$ clang --version | |
#clang version 3.2 (tags/RELEASE_32/final) | |
#Target: i386-pc-linux-gnu | |
#Thread model: posix | |
# Once clang is built, its time to built STP and uClibc for KLEE. | |
cd ~/klee | |
git clone https://github.com/stp/stp.git | |
# Use CMake to build STP. Compared to LLVM and clang, | |
# the build time of STP will feel like an instant. | |
cd stp | |
mkdir build && cd build | |
cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=Release .. | |
make | |
# After STP builds, lets set ulimit for STP and KLEE: | |
ulimit -s unlimited | |
# Build uclibc for KLEE | |
cd ../.. | |
git clone --depth 1 --branch klee_0_9_29 https://github.com/klee/klee-uclibc.git | |
cd klee-uclibc | |
./configure -l --enable-release | |
make | |
cd .. | |
# It’s time for KLEE itself. KLEE is updated fairly often and we are | |
# building on an unsupported configuration. These instructions may not | |
# work for future versions of KLEE. These examples were tested with | |
# commit 10b800db2c0639399ca2bdc041959519c54f89e5. | |
git clone https://github.com/klee/klee.git | |
# A proper configuration of KLEE with LLVM 3.2 requires this long voodoo command line | |
cd klee | |
./configure --with-stp=`pwd`/../stp/build \ | |
--with-uclibc=`pwd`/../klee-uclibc \ | |
--with-llvm=`pwd`/../llvm-3.2.src \ | |
--with-llvmcc=`pwd`/../llvm-3.2.src/Release+Asserts/bin/clang \ | |
--with-llvmcxx=`pwd`/../llvm-3.2.src/Release+Asserts/bin/clang++ \ | |
--enable-posix-runtime | |
make | |
# KLEE comes with a set of tests to ensure the build works. | |
# Before running the tests, libstp must be in the library path. | |
# Change $LD_LIBRARY_PATH to ensure linking against libstp works. | |
# A lot of text will scroll by with a test summary at the end. | |
# Note that your results may be slightly different since the KLEE | |
# project may have added or modified tests. The vast majority of | |
# tests should pass. A few tests fail, but we’re building KLEE on | |
# an unsupported configuration so some failure is expected. | |
export LD_LIBRARY_PATH=`pwd`/../stp/build/lib | |
make check | |
#These are the expected results: | |
#Expected Passes : 141 | |
#Expected Failures : 1 | |
#Unsupported Tests : 1 | |
#Unexpected Failures: 11 | |
# KLEE also has a set of unit tests so run those too, just to be sure. | |
# All of the unit tests should pass! | |
make unittests | |
# Now we are ready for the second part: | |
# using mcsema with KLEE to symbolically execute existing binaries. | |
# Building mcsema | |
# First, we need to clone and build the latest version of mcsema, which includes | |
# support for linked ELF binaries and comes the necessary samples to get started. | |
cd ~/klee | |
git clone https://github.com/trailofbits/mcsema.git | |
cd mcsema | |
mkdir build && cd build | |
cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. | |
make | |
# Finally, make sure our environment is correct for future steps | |
export PATH=$PATH:~/klee/llvm-3.2.src/Release+Asserts/bin/ | |
export PATH=$PATH:~/klee/klee/Release+Asserts/bin/ | |
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:~/klee/stp/build/lib/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment