{"id":13645202,"url":"https://github.com/GJDuck/e9patch","last_synced_at":"2025-04-21T13:32:14.323Z","repository":{"id":37259830,"uuid":"250687801","full_name":"GJDuck/e9patch","owner":"GJDuck","description":"A powerful static binary rewriting tool","archived":false,"fork":false,"pushed_at":"2025-01-14T04:12:28.000Z","size":2227,"stargazers_count":998,"open_issues_count":11,"forks_count":67,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-01-14T04:35:04.524Z","etag":null,"topics":["binary","binary-analysis","binary-instrumentation","binary-patching","binary-rewriting","e9patch","elf","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GJDuck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-28T01:22:18.000Z","updated_at":"2025-01-14T04:12:32.000Z","dependencies_parsed_at":"2023-11-24T00:25:18.168Z","dependency_job_id":"6cd89177-fa02-408c-acf7-1f09740c24aa","html_url":"https://github.com/GJDuck/e9patch","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GJDuck%2Fe9patch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GJDuck%2Fe9patch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GJDuck%2Fe9patch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GJDuck%2Fe9patch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GJDuck","download_url":"https://codeload.github.com/GJDuck/e9patch/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250064753,"owners_count":21368966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","binary-analysis","binary-instrumentation","binary-patching","binary-rewriting","e9patch","elf","reverse-engineering"],"created_at":"2024-08-02T01:02:31.166Z","updated_at":"2025-04-21T13:32:14.317Z","avatar_url":"https://github.com/GJDuck.png","language":"C","readme":"# E9Patch - A Powerful Static Binary Rewriter\n\nE9Patch is a powerful static binary rewriting tool for `x86_64` Linux ELF\nbinaries.\nE9Patch is:\n\n* *Scalable*: E9Patch can reliably rewrite large/complex binaries\n  including web browsers (\u003e100MB in size).\n* *Compatible*: The rewritten binary is a drop-in replacement of the\n  original, with no additional dependencies.\n* *Fast*: E9Patch can rewrite most binaries in a few seconds.\n* *Low Overheads*: Both performance and memory.\n* *Programmable*: E9Patch is designed so that it can be easily integrated\n  into other projects.\n  See the [E9Tool User's Guide](https://github.com/GJDuck/e9patch/blob/master/doc/e9tool-user-guide.md) and the [E9Patch Programmer's Guide](https://github.com/GJDuck/e9patch/blob/master/doc/e9patch-programming-guide.md)\n  for more information.\n\n*Static binary rewriting* takes an input binary \n(ELF executable or shared object) and generates an output binary\nwith some patch/modification applied to it.\nThe patched binary can be used as a drop-in replacement of the original.\n\nFor more information, please see our PLDI'2020 paper:\n\n* Gregory J. Duck, Xiang Gao, Abhik Roychoudhury, [Binary Rewriting without Control Flow Recovery](https://comp.nus.edu.sg/~gregory/papers/e9patch.pdf),\n  Programming Language Design and Implementation (PLDI), 2020.\n  [PLDI'2020 Presentation](https://www.youtube.com/watch?v=qK2ZCEStoG0)\n\n## Release\n\nPre-built E9Patch binaries can be downloaded here:\n\n* [https://github.com/GJDuck/e9patch/releases](https://github.com/GJDuck/e9patch/releases)\n\n## Build\n\nBuilding E9Patch is very easy: simply run the `build.sh` script.\n\nThis will automatically build two tools:\n\n1. `e9patch`: the binary rewriter backend; and\n2. `e9tool`: a linear disassembly frontend for E9Patch.\n\n## Example Usage\n\nE9Patch is usable via the E9Tool frontend.\n\nFor example, to add instruction printing instrumentation to all `xor`\ninstructions in `xterm`, we can use the following command:\n\n        $ ./e9tool -M 'asm=/xor.*/' -P print xterm\n\nThis will generate a modified version of `xterm` written to the `a.out` file.\n\nThe modified `xterm` can be run as normal, but will print the assembly\nstring of each executed `xor` instruction to `stderr`:\n\n        $ ./a.out\n        xorl %ebp, %ebp\n        xorl %ebx, %ebx\n        xorl %eax, %eax\n        xorl %edx, %edx\n        xorl %edi, %edi\n        ...\n\nFor a full list of supported options and modes, see:\n\n        $ ./e9tool --help\n\n### More Examples\n\nPatch all jump instructions with \"empty\" instrumentation:\n\n        $ ./e9tool -M 'asm=/j.*/' -P empty xterm\n        $ ./a.out\n\nPrint all jump instructions with \"print\" instrumentation:\n\n        $ ./e9tool -M 'asm=/j.*/' -P print xterm\n        $ ./a.out\n\nSame as above, but use \"Intel\" syntax:\n\n        $ ./e9tool -M 'asm=/j.*/' -P print xterm --syntax=intel\n        $ ./a.out\n\nPatch all jump instructions with a call to an empty function:\n\n        $ ./e9compile.sh examples/nop.c\n        $ ./e9tool -M 'asm=/j.*/' -P 'entry()@nop' xterm\n        $ ./a.out\n\nPatch all jump instructions with instruction count instrumentation:\n\n        $ ./e9compile.sh examples/counter.c\n        $ ./e9tool -M 'asm=/j.*/' -P 'entry()@counter' xterm\n        $ FREQ=10000 ./a.out\n\nPatch all jump instructions with pretty print instrumentation:\n\n        $ ./e9compile.sh examples/print.c\n        $ ./e9tool -M 'asm=/j.*/' -P 'entry(addr,instr,size,asm)@print' xterm\n        $ ./a.out\n\nPatch all jump instructions with \"delay\" instrumentation to slow the\nprogram down:\n\n        $ ./e9compile.sh examples/delay.c\n        $ ./e9tool -M 'asm=/j.*/' -P 'entry()@delay' xterm\n        $ DELAY=100000 ./a.out\n\n*Notes*:\n\n* Tested for `XTerm(322)`\n\n## Projects\n\nSome other projects that use E9Patch include:\n\n* [RedFat](https://github.com/GJDuck/RedFat): A binary hardening system based\n  on [low-fat pointers](https://github.com/GJDuck/LowFat).\n* [E9AFL](https://github.com/GJDuck/e9afl): Automatically insert\n  [AFL](https://github.com/google/AFL) instrumentation into binaries.\n* [E9Syscall](https://github.com/GJDuck/e9syscall): System call\n  interception using static binary rewriting of `libc.so`.\n* [Hopper](https://github.com/FuzzAnything/hopper): Automatic fuzzing test\n  cases generation for libraries.\n* [EnvFuzz](https://github.com/GJDuck/EnvFuzz): Program environment fuzzing.\n* [RFF](https://github.com/dylanjwolff/RFF): Greybox fuzzing for\n  concurrency testing.\n* [AutoTrace](https://github.com/GJDuck/AutoTrace): Simple source line-based\n  tracing.\n\n## Documentation\n\nE9Patch is a low-level tool that is designed to be integrable into other\nprojects.\nTo find out more, please see the following documentation:\n\n* [E9Patch Programmer's Guide](https://github.com/GJDuck/e9patch/blob/master/doc/e9patch-programming-guide.md)\n* [E9Tool User's Guide](https://github.com/GJDuck/e9patch/blob/master/doc/e9tool-user-guide.md)\n\n## Bugs\n\nBugs can be reported here:\n\n* [https://github.com/GJDuck/e9patch/issues](https://github.com/GJDuck/e9patch/issues)\n\n## Versions\n\nThe current version of E9Patch is significantly improved compared to\nthe original prototype evaluated in the PLDI'2020 paper.\nSpecifically:\n\n* The current version implements several new optimizations and can generate\n  significantly faster binaries, sometimes by a factor of 2x.\n  To enable the new optimizations, pass the `-O2` option to E9Tool.\n* The implementation of the *Physical Page Grouping* space optimization\n  has also been improved.\n* The patching coverage has also been slightly improved.\n* Many new features have been implemented (see the documentation).\n\n## License\n\nThis software has been released under the GNU Public License (GPL) Version 3.\n\nSome specific files are released under the MIT license (check the file\npreamble).\n\n## Acknowledgements\n\nThis work was partially supported by the National Satellite of Excellence in\nTrustworthy Software Systems, funded by National Research Foundation (NRF)\nSingapore under the National Cybersecurity R\u0026D (NCR) programme.\n\n","funding_links":[],"categories":["C","Rewrite","Project"],"sub_categories":["Program Analysis"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGJDuck%2Fe9patch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGJDuck%2Fe9patch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGJDuck%2Fe9patch/lists"}