DynamoRIO is a BSD licensed dynamic binary

instrumentation Instrumentation a collective term for measuring instruments that are used for indicating, measuring and recording physical quantities. The term has its origins in the art and science of scientific instrument-making. Instrumentation can refer to ...

framework for the development of

dynamic program analysis Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs ...

tools. DynamoRIO targets

user space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...

applications under the Android,

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

, and

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

operating systems running on the

AArch32 ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configure ...

IA-32 IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of ...

, and

x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...

instruction set architectures In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ' ...

. DynamoRIO was originally created as a dynamic binary optimization system but has since been used for security, debugging, and analysis tools. DynamoRIO originated in a collaboration between

Hewlett-Packard The Hewlett-Packard Company, commonly shortened to Hewlett-Packard ( ) or HP, was an American multinational information technology company headquartered in Palo Alto, California. HP developed and provided a wide variety of hardware components ...

's Dynamo optimization system and the Runtime Introspection and Optimization (RIO) research group at

MIT The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the m ...

; hence the combined name "DynamoRIO". It was first released publicly as a proprietary binary toolkit in June 2002 and was later open-sourced with a BSD license in January 2009.

Overview

DynamoRIO is a

process virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

that redirects a program's execution from its original binary code to a copy of that code. Instrumentation that carries out the actions of the desired tool are then added to this copy. No changes are made to the original program, which does not need to be specially prepared in any way. DynamoRIO operates completely at

run time Run(s) or RUN may refer to: Places * Run (island), one of the Banda Islands in Indonesia * Run (stream), a stream in the Dutch province of North Brabant People * Run (rapper), Joseph Simmons, now known as "Reverend Run", from the hip-hop group ...

and handles legacy code, dynamically loaded libraries, dynamically generated code, and self-modifying code. DynamoRIO monitors all

control flow In computer science, control flow (or flow of control) is the order in which individual statements, instructions or function calls of an imperative program are executed or evaluated. The emphasis on explicit control flow distinguishes an ''imper ...

to capture the entire execution of the target program. This monitoring adds overhead even when no tool is present. DynamoRIO's average overhead is 11 percent.

Features

DynamoRIO's

API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...

abstracts away the details of the virtualization process and focuses on monitoring or modifying the dynamic code stream of the program. A tool can insert

trampolines A trampoline is a device consisting of a piece of taut, strong fabric stretched between a steel frame using many coiled springs. Not all trampolines have springs, as the Springfree Trampoline uses glass-reinforced plastic rods. People bounce on ...

into the program that invoke tool actions at specific program points. A tool can also insert instrumentation at the

assembly language In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence be ...

level, which provides fine-grained control over tool actions and tool performance. DynamoRIO supports

adaptive optimization Adaptive optimization is a technique in computer science that performs dynamic recompilation of portions of a program based on the current execution profile. With a simple implementation, an adaptive optimizer may simply make a trade-off between ju ...

and adaptive instrumentation by allowing a tool to remove or modify its instrumentation at any point throughout the execution of the target program. DynamoRIO invokes tool-registered callbacks at a number of common program event points, such as thread creation, library loading, system calls, signals, or exceptions. Its API also allows inspecting the program's libraries and

address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve st ...

in addition to its code. DynamoRIO's API and event callbacks are designed to be cross-platform, enabling the same tool code to operate on both Windows and Linux and on both IA-32 and x86-64. DynamoRIO ensures tool transparency by isolating the tool's resources, such as its

stack Stack may refer to: Places * Stack Island, an island game reserve in Bass Strait, south-eastern Australia, in Tasmania’s Hunter Island Group * Blue Stack Mountains, in Co. Donegal, Ireland People * Stack (surname) (including a list of people ...

, memory, and file accesses, from the program upon which the tool is operating. DynamoRIO contains libraries that extend its API to provide

symbol table In computer science, a symbol table is a data structure used by a language translator such as a compiler or interpreter, where each identifier (or symbols), constants, procedures and functions in a program's source code is associated with info ...

access, function wrapping and replacing, and memory address tracing utilities.

Tools

The first tools built for DynamoRIO focused on dynamic optimization. A number of research tools have been built for a variety of purposes, including

taint checking Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious users from executing commands on a host computer. Taint checks highlight specific security ri ...

and profiling.

Program Shepherding

Applying DynamoRIO to the security field resulted in a technique called ''program shepherding''. The program shepherding instrumentation monitors the origin of each program instruction and the

between instructions in order to prevent a

security exploit An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanti ...

from taking control of the program. In 2003, program shepherding was commercialized as the brand-named ''Memory Firewall'' host intrusion prevention software in a startup company called Determina. Determina was acquired by

VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...

in August 2007.

Dr. Memory

''Dr. Memory'' is an open-source

memory debugger Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, ...

built on DynamoRIO and released under an LGPL license. Dr. Memory monitors memory allocations and memory accesses using

shadow memory In computing, shadow memory is a technique used to track and store information on computer memory used by a program during its execution. Shadow memory consists of shadow bytes that map to individual bits or one or more bytes in main memory. These ...

. It detects memory-related programming errors such as accesses of uninitialized memory, accesses to freed memory, heap overflow and underflow, and

memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that Computer memory, memory which is no longer needed is not released. A memory leak may also happe ...

s. Its feature set is similar to that of the

Valgrind Valgrind () is a programming tool for memory debugging, memory leak detection, and profiling. Valgrind was originally designed to be a free memory debugging tool for Linux on x86, but has since evolved to become a generic framework for creati ...

-based ''Memcheck'' tool, though it operates on Windows as well as Linux and is twice as fast as Memcheck.Practical Memory Checking with Dr. Memory
/ref>

Notes

References

* *

External links

* {{Official website, https://dynamorio.org/
Mailing list for DynamoRIO users

Dr. Memory homepage
Debuggers Free memory management software Free memory debuggers Free software testing tools Profilers Software testing tools Software using the BSD license