x86-32 to llvm bytecode

Sers!

I recently strumbled across llvm-qemu
(http://code.google.com/p/llvm-qemu/) which apparantly should be able to
translate qemu supported architectures to LLVM IR
(http://markmail.org/message/iyqzgtcux62wdhkb) to ease analysing
binaries.

Using LLVM for (dynamic binary) translations seems to be a great
idea. However I haven't seen many approaches being made in that
direction. Valgrind's VEX (CISC like intermediate language) seems to be
used in Bitblaze VINE (http://bitblaze.cs.berkeley.edu/vine.html).

Does anybody know a similar project for LLVM? - Because the llvm-qemu
seems to have specific downsides linked to qemu emulation engine.

Thanks,
Marius

Hi Marius,

I recently strumbled across llvm-qemu
(http://code.google.com/p/llvm-qemu/) which apparantly should be able to
translate qemu supported architectures to LLVM IR
(http://markmail.org/message/iyqzgtcux62wdhkb) to ease analysing
binaries.

Yes, at runtime and at basic block level this is very much possible.
Whether this is useful to you largely depends on what you actually
want to do :slight_smile: But e.g. for binary instrumentation this should work.

Using LLVM for (dynamic binary) translations seems to be a great
idea. However I haven't seen many approaches being made in that
direction.

Yeah, I think llvm-qemu is the only project in this regard.

Valgrind's VEX (RISC like intermediate language) seems to be
used in Bitblaze VINE (http://bitblaze.cs.berkeley.edu/vine.html).

Looks like an interesting project. VEX seems to be very similar to
LLVM IR. I'd be curious to see how effective the static binary
analysis done by Vine actually is.

Does anybody know a similar project for LLVM? - Because the llvm-qemu
seems to have specific downsides linked to qemu emulation engine.

I'm not aware of any projects which do binary analysis with LLVM.

What downsides are you referring to? The fact that it doesn't do a
"direct" translation?

At one point someone was working on a direct translation from x86 to
LLVM IR, never heard anything about it again though.

Cheers,

Tilmann