DynamoRIO is a BSD-licensed dynamic binary

instrumentation Instrumentation is a collective term for measuring instruments, used for indicating, measuring, and recording physical quantities. It is also a field of study about the art and science about making measurement instruments, involving the related ...

framework for the development of

dynamic program analysis Dynamics (from Greek δυναμικός ''dynamikos'' "powerful", from δύναμις ''dynamis'' " power") or dynamic may refer to: Physics and engineering * Dynamics (mechanics), the study of forces and their effect on motion Brands and en ...

tools. DynamoRIO targets

user space A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...

applications under the Android,

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

, and

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

operating systems running on the

AArch32 ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of RISC instruction set architectures (ISAs) for computer processors. Arm Holdings develops the ISAs and licen ...

IA-32 IA-32 (short for "Intel Architecture, 32-bit", commonly called ''i386'') is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the i386, 80386 microprocessor in 1985. IA-32 is the first incarn ...

, and

x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...

instruction set architectures In computer science, an instruction set architecture (ISA) is an abstract model that generally defines how software controls the CPU in a computer or a family of computers. A device or program that executes instructions described by that ISA, ...

. DynamoRIO was originally created as a dynamic binary optimization system but has since been used for security, debugging, and analysis tools. DynamoRIO originated in a collaboration between

Hewlett-Packard The Hewlett-Packard Company, commonly shortened to Hewlett-Packard ( ) or HP, was an American multinational information technology company. It was founded by Bill Hewlett and David Packard in 1939 in a one-car garage in Palo Alto, California ...

's Dynamo optimization system and the Runtime Introspection and Optimization (RIO) research group at

MIT The Massachusetts Institute of Technology (MIT) is a private research university in Cambridge, Massachusetts, United States. Established in 1861, MIT has played a significant role in the development of many areas of modern technology and sc ...

; hence the combined name "DynamoRIO". It was first released publicly as a proprietary binary toolkit in June 2002 and was later open-sourced with a BSD license in January 2009.

Overview

DynamoRIO is a process virtual machine that redirects a program's execution from its original binary code to a copy of that code. Instrumentation that carries out the actions of the desired tool are then added to this copy. No changes are made to the original program, which does not need to be specially prepared in any way. DynamoRIO operates completely at run time and handles legacy code, dynamically loaded libraries, dynamically generated code, and self-modifying code. DynamoRIO monitors all

control flow In computer science, control flow (or flow of control) is the order in which individual statements, instructions or function calls of an imperative program are executed or evaluated. The emphasis on explicit control flow distinguishes an '' ...

to capture the entire execution of the target program. This monitoring adds overhead even when no tool is present. DynamoRIO's average overhead is 11 percent.

Features

DynamoRIO's

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

abstracts away the details of the virtualization process and focuses on monitoring or modifying the dynamic code stream of the program. A tool can insert trampolines into the program that invoke tool actions at specific program points. A tool can also insert instrumentation at the

assembly language In computing, assembly language (alternatively assembler language or symbolic machine code), often referred to simply as assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence bet ...

level, which provides fine-grained control over tool actions and tool performance. DynamoRIO supports adaptive optimization and adaptive instrumentation by allowing a tool to remove or modify its instrumentation at any point throughout the execution of the target program. DynamoRIO invokes tool-registered

callbacks In computer programming, a callback is a function that is stored as data (a reference) and designed to be called by another function often ''back'' to the original abstraction layer. A function that accepts a callback parameter may be design ...

at a number of common program event points, such as thread creation, library loading, system calls, signals, or exceptions. Its API also allows inspecting the program's libraries and

address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve ...

in addition to its code. DynamoRIO's API and event callbacks are designed to be cross-platform, enabling the same tool code to operate on both Windows and Linux and on both IA-32 and x86-64. DynamoRIO ensures tool transparency by isolating the tool's resources, such as its

stack Stack may refer to: Places * Stack Island, an island game reserve in Bass Strait, south-eastern Australia, in Tasmania’s Hunter Island Group * Blue Stack Mountains, in Co. Donegal, Ireland People * Stack (surname) (including a list of people ...

, memory, and file accesses, from the program upon which the tool is operating. DynamoRIO contains libraries that extend its API to provide

symbol table In computer science, a symbol table is a data structure used by a language translator such as a compiler or interpreter, where each identifier, symbol, constant, procedure and function in a program's source code is associated with information ...

access, function wrapping and replacing, and memory address tracing utilities.

Tools

The first tools built for DynamoRIO focused on dynamic optimization. A number of research tools have been built for a variety of purposes, including

taint checking Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security ris ...

and profiling.

Program Shepherding

Applying DynamoRIO to the security field resulted in a technique called ''program shepherding''. The program shepherding instrumentation monitors the origin of each program instruction and the

between instructions in order to prevent a

security exploit An exploit is a method or piece of code that takes advantage of Vulnerability (computer security), vulnerabilities in software, Application software, applications, Computer network, networks, operating systems, or Computer hardware, hardware, typic ...

from taking control of the program. In 2003, program shepherding was commercialized as the brand-named ''Memory Firewall'' host intrusion prevention software in a startup company called Determina. Determina was acquired by VMware in August 2007.

Dr. Memory

''Dr. Memory'' is an open-source

memory debugger A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garba ...

built on DynamoRIO and released under an LGPL license. Dr. Memory monitors memory allocations and memory accesses using

shadow memory In computing, shadow memory is a technique used to track and store information on computer memory used by a computer program, program during its execution. Shadow memory consists of shadow bytes that map to individual bits or one or more bytes in ...

. It detects memory-related programming errors such as accesses of uninitialized memory, accesses to freed memory, heap overflow and underflow, and

memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an objec ...

s. Its feature set is similar to that of the Valgrind-based ''Memcheck'' tool, though it operates on Windows as well as Linux and is twice as fast as Memcheck.Practical Memory Checking with Dr. Memory
/ref>

Notes

References

* *

External links

* {{Official website, https://dynamorio.org/
Mailing list for DynamoRIO users

Dr. Memory homepage
Debuggers Free memory management software Free memory debuggers Free software testing tools Profilers Software testing tools Software using the BSD license