{"id":13746486,"url":"https://github.com/lifting-bits/mcsema","last_synced_at":"2025-09-26T22:31:47.074Z","repository":{"id":19167777,"uuid":"22399826","full_name":"lifting-bits/mcsema","owner":"lifting-bits","description":"Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode","archived":true,"fork":false,"pushed_at":"2022-04-26T13:43:28.000Z","size":161741,"stargazers_count":2592,"open_issues_count":115,"forks_count":344,"subscribers_count":112,"default_branch":"master","last_synced_at":"2024-05-21T12:57:03.830Z","etag":null,"topics":["aarch64","binary-analysis","ida","llvm","llvm-bitcode","llvm-ir","sparc","sparc64","x86","x86-64"],"latest_commit_sha":null,"homepage":"https://www.trailofbits.com/expertise/mcsema","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lifting-bits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-29T23:24:24.000Z","updated_at":"2024-05-15T01:51:05.000Z","dependencies_parsed_at":"2022-08-07T09:01:10.768Z","dependency_job_id":null,"html_url":"https://github.com/lifting-bits/mcsema","commit_stats":null,"previous_names":[],"tags_count":32,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fmcsema","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fmcsema/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fmcsema/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fmcsema/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lifting-bits","download_url":"https://codeload.github.com/lifting-bits/mcsema/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234356510,"owners_count":18819378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aarch64","binary-analysis","ida","llvm","llvm-bitcode","llvm-ir","sparc","sparc64","x86","x86-64"],"created_at":"2024-08-03T06:00:54.424Z","updated_at":"2025-09-26T22:31:42.007Z","avatar_url":"https://github.com/lifting-bits.png","language":"C++","readme":"\n\n# McSema [![Slack Chat](http://empireslacking.herokuapp.com/badge.svg)](https://empireslacking.herokuapp.com/)\n\u003cp align=\"center\"\u003e\n     \u003cimg src=\"docs/images/mcsema_logo.png\" /\u003e\n\u003c/p\u003e\n\nMcSema is an executable lifter. It translates (\"lifts\") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an [intermediate representation](https://en.wikipedia.org/wiki/Intermediate_representation) form of a program that was originally created for the [retargetable LLVM compiler](https://llvm.org), but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly.\n\nMcSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be [fuzzed with libFuzzer](https://github.com/lifting-bits/mcsema/blob/master/docs/UsingLibFuzzer.md), an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be [compiled](https://github.com/lifting-bits/mcsema/blob/master/docs/UsingLibFuzzer.md) back into a [runnable program](https://github.com/lifting-bits/mcsema/blob/master/docs/McSemaWalkthrough.md)! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.\n\nMcSema supports lifting both Linux (ELF) and Windows (PE) executables, and understands most x86 and amd64 instructions, including integer, X87, MMX, SSE and AVX operations. AARCH64 (ARMv8) instruction support is in active development.\n\nUsing McSema is a two-step process: control flow recovery, and instruction translation. Control flow recovery is performed using the `mcsema-disass` tool, which relies on IDA Pro to disassemble a binary file and produce a control flow graph. Instruction translation is then performed using the `mcsema-lift` tool, which converts the control flow graph into LLVM bitcode. Under the hood, the instruction translation capability of `mcsema-lift` is implemented in the [`remill` library](https://github.com/lifting-bits/remill). The development of `remill` was a result of refactoring and improvements to McSema, and was first introduced with McSema version 2.0.0. Read more about `remill` [here](https://github.com/lifting-bits/remill).\n\nMcSema and `remill` were developed and are maintained by Trail of Bits, funded by and used in research for DARPA and the US Department of Defense.\n\n## Build status\n\n|       | master                                   |\n| ----- | ---------------------------------------- |\n| Linux | [![Build Status](https://github.com/lifting-bits/mcsema/workflows/CI/badge.svg)](https://github.com/lifting-bits/mcsema/actions?query=workflow%3ACI) |\n\n## Features\n\n* Lifts 32- and 64-bit Linux ELF and Windows PE binaries to bitcode, including executables and shared libraries for each platform.\n* Supports a large subset of x86 and x86-64 instructions, including most integer, X87, MMX, SSE, and AVX operations.\n* Supports a large subset of AArch64, SPARCv8+ (SPARC32), and SPARCv9 (SPARC64) instuctions.\n* McSema runs on Windows and Linux and has been tested on Windows 7, 10, Ubuntu (14.04, 16.04, 18.04), and openSUSE.\n* McSema can cross-lift: it can translate Linux binaries on Windows, or Windows binaries on Linux.\n* Output bitcode is compatible with the LLVM toolchain (versions 3.5 and up).\n* Translated bitcode can be analyzed or [recompiled as a new, working executable](docs/McSemaWalkthrough.md) with functionality identical to the original.\n\n## Use-cases\n\nWhy would anyone translate binaries *back* to bitcode?\n\n* **Binary Patching And Modification**. Lifting to LLVM IR lets you cleanly modify the target program. You can run obfuscation or hardening passes, add features, remove features, rewrite features, or even fix that pesky typo, grammatical error, or insane logic. When done, your new creation can be recompiled to a new binary sporting all those changes. In the [Cyber Grand Challenge](https://blog.trailofbits.com/2015/07/15/how-we-fared-in-the-cyber-grand-challenge/), we were able to use McSema to translate challenge binaries to bitcode, insert memory safety checks, and then re-emit working binaries.\n\n* **Symbolic Execution with KLEE**. [KLEE](https://klee.github.io/) operates on LLVM bitcode, usually generated by providing source to the LLVM toolchain. McSema can lift a binary to LLVM bitcode, [permitting KLEE to operate on previously unavailable targets](https://blog.trailofbits.com/2014/12/04/close-encounters-with-symbolic-execution-part-2/). See our [walkthrough](examples/Maze/README.md) showing how to run KLEE on a symbolic maze.\n\n* **Re-use existing LLVM-based tools**. KLEE is not the only tool that becomes available for use on bitcode. It is possible to run LLVM optimization passes and other LLVM-based tools like [libFuzzer](http://llvm.org/docs/LibFuzzer.html) on [lifted bitcode](docs/UsingLibFuzzer.md).\n\n* **Analyze the binary rather than the source**. Source level analysis is great but not always possible (e.g. you don't have the source) and, even when it is available, it lacks compiler transformations, re-ordering, and optimizations. Analyzing the actual binary guarantees that you're analyzing the true executed behavior.\n\n* **Write one set of analysis tools**. Lifting to LLVM IR means that one set of analysis tools can work on both the source and the binary. Maintaining a single set of tools saves development time and effort, and allows for a single set of better tools.\n\n## Comparison with other machine code to LLVM bitcode lifters\n|   | McSema | [dagger](https://github.com/repzret/dagger) | [llvm-mctoll](https://github.com/Microsoft/llvm-mctoll) | [retdec](https://github.com/avast-tl/retdec) | [reopt](https://github.com/GaloisInc/reopt) | [rev.ng](https://github.com/revng/revamb) | [bin2llvm](https://github.com/cojocar/bin2llvm) | [fcd](https://github.com/zneak/fcd) | [RevGen](https://github.com/S2E/tools/tree/master/tools) | [Fracture](https://github.com/draperlaboratory/fracture) | [libbeauty](https://github.com/pgoodman/libbeauty) |\n|  ------ | ------ | ------ | ------ | ------ | ------ | ------ | ------ | ------ | ------ | ------ | ------ |\n|  Actively maintained? | Yes | No | Yes | Yes | Yes | No | Maybe | Maybe | Maybe | No | Yes |\n|  Commercial support available? | Yes | No | No | No | Maybe | No | No | No | No | Maybe | No |\n|  LLVM versions | 9 - 11 | 5 | current | 4.0 | 3.8 | 3.8 | 3.2 | 4 | 3.9 | 3.4 | 6 |\n|  Builds with CI? | Yes | No | No | Yes | No | No | Yes | Maybe | Maybe | No | No |\n|  32-bit architectures | x86, SPARC32 | x86 | ARM | x86, ARM, MIPS, PIC32, PowerPC |  | ARM, MIPS | S2E | S2E | S2E | ARM, x86 |  |\n|  64-bit architectures | x86-64, AArch64, SPARC64 | x86-64, [AArch64](https://github.com/IAIK/ios-analysis-dagger/)) | x86-64 | x86-64, arm64 \u0026 more | x86-64 | x86-64 |  | S2E | S2E | PowerPC | x86-64 |\n|  Control-flow recovery | IDA Pro | Ad-hoc | Ad-hoc | Ad-hoc | Ad-hoc | Ad-hoc | Ad-hoc | Ad-hoc | McSema | Ad-hoc | Ad-hoc |\n|  File formats | ELF, PE | ELF, Mach-O |  | ELF, PE, Mach-O, COFF, AR, Intel HEX, Raw | ELF | ELF | ELF |  | ELF, PE | ELF, Mach-O (maybe) | ELF |\n|  Bitcode is executable? | Yes | Yes | Yes | Yes | Yes | Yes | No | No | CGC | No | No |\n|  C++ exceptions suport? | Yes | No | No | No | No | Indirectly | No | No | No | No | Maybe |\n|  Lifts stack variables? | Yes | No | Maybe | Yes | No | No | No | Yes | No | No | Maybe |\n|  Lifts global variables? | Yes | Maybe | Yes | Yes | No | Maybe | No | No | No | Yes | Maybe |\n|  Has a test suite? | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | No |\n\n**Note:** We label some architectures as \"S2E\" to mean any architecture supported by the S2E system. A system using \"McSema\" for control-flow recovery (e.g. RevGen) uses McSema's CFG.proto format for recovering control-flow. In the case of RevGen, only bitcode produced from DARPA Cyber Grand Challenge (CGC) binaries is executable.\n\n## Dependencies\n\n| Name | Version | \n| ---- | ------- |\n| [Git](https://git-scm.com/) | Latest |\n| [CMake](https://cmake.org/) | 3.14+ |\n| [Remill](https://github.com/lifting-bits/remill) | 710013a |\n| [Anvill](https://github.com/lifting-bits/anvill) | bc3183b |\n| [Python](https://www.python.org/) | 3.8 |\n| [Python Package Index](https://pypi.python.org/pypi) | Latest |\n| [python-protobuf](https://pypi.python.org/pypi/protobuf) | 3.2.0 |\n| [python-clang](https://pypi.org/project/clang/) | 3.5.0 |\n| [ccsyspath](https://pypi.org/project/ccsyspath/) | 1.1.0 |\n| [IDA Pro](https://www.hex-rays.com/products/ida) | 7.5+ |\n| macOS | Latest |\n| Ubuntu | 18.04, 20.04 |\n\n* DynInst support is optional if you use the experimental DynInst disassembler. Note: We do not provide support for the DynInst disassembler.\n\n## Getting and building the code\n\n### Docker\n\n#### Step 1: Clone the repository\n\n```bash\ngit clone https://github.com/lifting-bits/mcsema\ncd mcsema\n```\n\n#### Step 2: Add your disassembler to the Dockerfile\n\nCurrently IDA is the only supported frontend for control-flow recovery, it's left as an exercise to the reader to install your disassembler of choice. Experimental support for DynInst is available but may be buggy and sometimes get out of date, as we do not officially support it. DynInst support is provided as an exemplar of how to make a third-party disassembler.\n\n#### Step 3: Build \u0026 Run Dockerfile\n\nThis will build the container for you and run it with your local directory mounted into the container (at `/mcsema/local`) such that your work in the container is saved locally:\n\n```sh\n# Build McSema container\nARCH=amd64; UBUNTU=18.04; LLVM=9; docker build . \\\n  -t mcsema:llvm${LLVM}-ubuntu${UBUNTU}-${ARCH} \\\n  -f Dockerfile \\\n  --build-arg UBUNTU_VERSION=${UBUNTU} \\\n  --build-arg LLVM_VERSION=${LLVM} \\\n  --build-arg ARCH=${ARCH}\n\n# Run McSema container lifter\ndocker run --rm -it --ipc=host -v \"$(pwd)\":/mcsema/local mcsema:llvm${LLVM}-ubuntu${UBUNTU}-${ARCH}\n\n# Run McSema container disassembler\ndocker run --rm -it --entrypoint=mcsema-disass --ipc=host -v \"$(pwd)\":/mcsema/local mcsema:llvm${LLVM}-ubuntu${UBUNTU}-${ARCH}\n```\n\n### Native Build\n\n#### Linux pre-requisites\n\nNative builds on Linux are supported for Ubuntu 18.04 and 20.04. We only support\nLTS Ubuntu releases.\n\n```shell\nsudo apt-get update\nsudo apt-get upgrade\n\nsudo apt-get install \\\n     git \\\n     curl \\\n     cmake \\\n     python3 python3-pip python3-virtualenv \\\n     wget \\\n     xz-utils pixz \\\n     clang \\\n     rpm \\\n     build-essential \\\n     gcc-multilib g++-multilib \\\n     libtinfo-dev \\\n     lsb-release \\\n     zip \\\n     zlib1g-dev \\\n     ccache\n```\n\n#### macOS pre-requisites\n\nDownload and install the [Homebrew](https://brew.sh) package manager.\n\nMake sure to download XCode from the App Store if you don't have it. After\ndownloading XCode, make sure to open it at least once, as it might install\nmore stuff.\n\n```bash\nbrew update\nxcode-select --install 2\u003e\u00261 \u003e /dev/null\nsudo xcode-select --switch /Applications/Xcode.app/Contents/Developer\nbrew install coreutils ccache\npip3 install requests\n```\n\nDouble check that you have the correct Clang installed. You should see something like this:\n\n```bash\n% clang -v\nApple clang version 12.0.0 (clang-1200.0.32.21)\nTarget: x86_64-apple-darwin19.6.0\nThread model: posix\nInstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin\n```\n\n#### Step 1 (Optional): Create a virtualenv for your McSema installation\n\nUsing a [virtualenv](https://virtualenv.pypa.io/en/stable/) ensures that your McSema installation does not interfere with other software packages. This setup is especially helpful if you are hacking on McSema and want to avoid clobbering a global, working version with development code.\n\n```shell\nmkdir mcsema-ve\nvirtualenv mcsema-ve\ncd mcsema-ve\nsource bin/activate\n```\n\n#### Step 2: Clone the repository and its dependencies\n```shell\ngit clone https://github.com/lifting-bits/remill.git\npushd .\ncd remill\n\n# For latest LLVM versions (\u003e=12)\ngit checkout -b release_93aba7c 93aba7c\n\n# OR\n\n# For LLVM versions (\u003c=11)\ngit checkout -b all_llvm 9006baf7db\n\n\npopd\n```\n\nAfter which;\n\n```shell\ngit clone --depth 1 --single-branch --branch master https://github.com/lifting-bits/mcsema.git\n\n# Get a compatible anvill version\ngit clone --branch master https://github.com/lifting-bits/anvill.git\n( cd anvill \u0026\u0026 git checkout -b release_bc3183b bc3183b )\n\nexport CC=\"$(which clang)\"\nexport CXX=\"$(which clang++)\"\n\n\n# Download cxx-common, build Remill. \n./remill/scripts/build.sh --llvm-version 11 --download-dir ./\npushd remill-build\nsudo cmake --build . --target install\npopd\n\n# Build and install Anvill\nmkdir anvill-build\npushd anvill-build\n# Set VCPKG_ROOT to whatever directory the remill script downloaded\ncmake -DVCPKG_ROOT=$(pwd)/../vcpkg_ubuntu-20.04_llvm-11_amd64 ../anvill\nsudo cmake --build . --target install\npopd\n\n# Build and install McSema\nmkdir mcsema-build\npushd mcsema-build\n# Set VCPKG_ROOT to whatever directory the remill script downloaded\ncmake -DVCPKG_ROOT=$(pwd)/../vcpkg_ubuntu-20.04_llvm-11_amd64 ../mcsema\nsudo cmake --build . --target install\n```\n\nOnce installed, you may use `mcsema-disass` for disassembling binaries, and `mcsema-lift-9.0` for lifting the disassembled binaries. If you specified `--llvm-version 9` to the `build.sh` script, then you would use `mcsema-lift-9.0`.\n\n#### Step 3: Verifying Your McSema Installation\n\nStep 2 specified `--llvm-version 9` to Remill's `build.sh` script. This means\nthat Remill, Anvill, and McSema have all been built against a copy of LLVM 9.\nTo enable you to use multiple LLVM versions simultaneously, we suffix our binaries\nwith the LLVM version. Thus, you may use `mcsema-lift-9.0` to lift to LLVM 9 bitcode.\n\nTry running `mcsema-lift-9.0 --version` to see if McSema has been installed.\n\n##### Run the integration tests\n\nIn order to verify that McSema works correctly as built, head on over to [the documentation on integration tests](tests/MakingTests.md). Check that you can run the tests and that they pass.\n\n### On Windows (Experimental, may not work)\n\n#### Step 1: Installing the toolchain\n**Visual Studio**\n1. Click on \"Tools for Visual Studio 2019\" and download the \"Build Tools for Visual Studio 2019\" installer from the [Visual Studio downloads page](https://visualstudio.microsoft.com/downloads/)\n2. Select \"MSVC v142 - VS 2019 C++ x64/x86 build tools\" and confirm the installation\n\n**LLVM**\n1. Get the LLVM 9 (x64) installer from the LLVM download page: http://releases.llvm.org\n2. Do **NOT** enable \"Add to PATH\"\n\n**Python**\n1. Get the latest Python 3 (X64) installer from the official download page: https://www.python.org/downloads/windows/\n2. Enable \"Add to PATH\"\n\n**CMake**\n1. Download the CMake (x64) installer from https://cmake.org/download\n2. Enable \"Add to PATH\"\n\n#### Step 2: Obtaining the source code\n```\ngit clone https://github.com/lifting-bits/remill.git --depth=1\ngit clone https://github.com/lifting-bits/mcsema.git --depth=1 remill/tools/mcsema\n```\n\nNote that for production usage you should always use a specific remill commit (`remill/tools/mcsema/.remill_commit_id`) when building McSema. At the time of writing, it is however best to use HEAD (or at least make sure that commit `e7795be` is present in the remill branch).\n\n```\ncd remill\ngit fetch --unshallow\ngit checkout -b production \u003ccommit\u003e\n```\n\n#### Step 3: Enabling the LLVM toolchain for Visual Studio\n\nDownload the official extension from the market place: https://marketplace.visualstudio.com/items?itemName=LLVMExtensions.llvm-toolchain\n\n##### Automatic installation\n\nOnly works for the full Visual Studio IDE. Double clicking the extension should automatically install it.\n\n##### Manual installation\n\nThe extension is in fact a ZIP archive; extract it and copy the VCTargets folder to the right location.\n\n* Full Visual Studio: `C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\BuildTools\\Common7\\IDE\\VC\\VCTargets`\n* Visual Studio Build Tools: `C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\BuildTools\\MSBuild\\Microsoft\\VC\\v160`\n\n#### Step 4: Dependencies\n\nIts time to fetch library dependencies. You can either build them yourself using our [cxx-common](https://github.com/lifting-bits/cxx-common) dependency manager or download a pre-built package.\n\nThere are two versions of LLVM used by Remill and McSema. One version (currently 7.0.1) builds remill and McSema. Another version (currently 5.0.1) is used to build the translation semantics.\n\nOn Windows, only the LLVM 5.0.1 package is supported for building semantics. If you build it yourself, use the Visual Studio 2017 Win64 generator with the LLVM 5.0.1 toolchain. The cxx-common script will automatically take care of this requirement.\n\nBinaries (extract to C:\\Projects\\tob_libraries)\n* [LLVM 5](https://s3.amazonaws.com/cxx-common/libraries-llvm50-windows10-amd64.7z)\n\n#### Step 5: Building\nMake sure to always execute the `vcvars64.bat` script from the \"x64 Native Tools Command Prompt\": `C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat`.\n\n```\nmkdir remill_build\ncd remill_build\n\ncmake -G \"Visual Studio 16 2019\" -T llvm -A x64 -DCMAKE_BUILD_TYPE=Release -DCXX_COMMON_REPOSITORY_ROOT=C:\\Projects\\tob_libraries -DCMAKE_INSTALL_PREFIX=C:\\ ..\\remill\ncmake --build . --config Release -- /maxcpucount:%NUMBER_OF_PROCESSORS%\n```\n\nIf you are using a recent CMake version (\u003e 3.13) you can also use the newly introduced cross-platform `-j` parameter:\n\n```\ncmake --build . --config Release -j %NUMBER_OF_PROCESSORS%\n```\n\n#### Step 6: Installing\n```\ncmake --build . --config Release --target install\n```\n\nYou should now have the following directories: C:\\mcsema, C:\\remill.\n\n#### Step 7: Running McSema\n\n**Add the McSema python package to Python**\n\nMake extra sure it only contains ASCII characters with no newlines! The following command should work fine under cmd:\n\n```\necho|set /p=\"C:\\mcsema\\Lib\\site-packages\" \u003e \"C:\\Python3\u003cversion\u003e\\Lib\\site-packages\\mcsema.pth\"\n```\n\n**Install the libmagic DLL**\n\n```\npip install python-magic-bin\n```\n\n**Update the PATH (cmd)**\n\n```\nset PATH=%PATH%;C:\\remill\\bin;C:\\mcsema\\bin;C:\\mcsema\\Scripts\n```\n\n**Update the PATH (PowerShell)**\n\n```\n$env:PATH+=\"C:\\remill\\bin;C:\\mcsema\\bin;C:\\mcsema\\Scripts\"\n```\n\n## Additional Documentation\n\n* [McSema command line reference](docs/CommandLineReference.md)\n* [Common Errors](docs/CommonErrors.md) and [Debugging Tips](docs/DebuggingTips.md)\n* [How to add support for a new instruction](https://github.com/lifting-bits/remill/blob/master/docs/ADD_AN_INSTRUCTION.md)\n* [How to use McSema: A walkthrough](docs/McSemaWalkthrough.md)\n* [Life of an instruction](docs/LifeOfAnInstruction.md)\n* [Limitations](docs/Limitations.md)\n* [Navigating the source code](docs/NavigatingTheCode.md)\n* [Using McSema with libFuzzer](docs/UsingLibFuzzer.md)\n\n## Getting help\n\nIf you are experiencing problems with McSema or just want to learn more and contribute, join the `#binary-lifting` channel of the [Empire Hacking Slack](https://empireslacking.herokuapp.com/). Alternatively, you can join our mailing list at [mcsema-dev@googlegroups.com](https://groups.google.com/forum/?hl=en#!forum/mcsema-dev) or email us privately at mcsema@trailofbits.com.\n\n## FAQ\n\n### How do you pronounce McSema and where did the name come from\n\nThis is a hotly contested issue. We must explore the etymology of the name to find an answer. The \"Mc\" in McSema was originally a contraction of the words \"Machine Code,\" and the \"sema\" is short for \"semantics.\" At that time, McSema used LLVM's instruction decoder to take machine code bytes, and turn them into `llvm::MCInst` data structures. It is possible that \"MC\" in that case is pronounced em-see. Alas, even those who understand the origin of the name pronounce it as if it were related to America's favorite fast food joint.\n\n### Why do I need IDA Pro to use McSema\n\nIDA Pro is an excellent disassembler, and in our experience, it has been the most reliable disassembler to use in McSema. The way in which IDA Pro exposes information about cross-references closely matches how McSema stores that information in its CFG file, which is convenient. We also feature an experimental, not officially supported [DynInst disassembler frontend](tools/mcsema_disass/dyninst/README.md). This frontent exists mostly to support open-source uses cases, but is not actively maintained, and may be out of date. The Dyninst frontend is a good example of how to make a new frontend.\n\n### What is Remill, and why does McSema need it\n\n[Remill](https://github.com/lifting-bits/remill) is a library that McSema uses to lift individual machine code instructions to LLVM IR. You can think of McSema being to Remill as Clang is to LLVM. Remill's scope is small: it focuses on instruction semantics only, and it provides semantics for x86, x86-64, and AArch64 instruction semantics. McSema's scope is much bigger: it focuses on lifting entire programs. To do so, McSema must lift the individual instructions, but there's a lot more to lifting programs than just the instructions; there are code and data cross-references, segments, etc.\n\n### I'm a student and I'd like to contribute to McSema: how can I help\n\nWe would love to take you on as an intern to help improve McSema. We have several project ideas labelled [`intern project`](https://github.com/lifting-bits/mcsema/labels/intern%20project), as well as having smaller scale to-dos labelled under [`good first issue`](https://github.com/lifting-bits/mcsema/labels/good%20first%20issue) and [`help wanted`](https://github.com/lifting-bits/mcsema/labels/help%20wanted) on our issue tracker. You are not limited to those items: if you think of a great feature you want in McSema, let us know and we will sponsor it. Simply contact us on our [Slack channel](https://empireslacking.herokuapp.com/) or via mcsema@trailofbits.com and let us know what you'd want to work on and why.\n","funding_links":[],"categories":["使用","\u003ca id=\"83de90385d03ac8ef27360bfcdc1ab48\"\u003e\u003c/a\u003e作为辅助\u0026\u0026构成其他的一环"],"sub_categories":["\u003ca id=\"83de90385d03ac8ef27360bfcdc1ab48\"\u003e\u003c/a\u003e作为辅助\u0026\u0026构成其他的一环","\u003ca id=\"1c698e298f6112a86c12881fbd8173c7\"\u003e\u003c/a\u003eSwift"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flifting-bits%2Fmcsema","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flifting-bits%2Fmcsema","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flifting-bits%2Fmcsema/lists"}