{"id":13754839,"url":"https://github.com/rub-syssec/marx","last_synced_at":"2025-05-10T00:31:13.261Z","repository":{"id":74321036,"uuid":"75276361","full_name":"RUB-SysSec/Marx","owner":"RUB-SysSec","description":"Uncovering Class Hierarchies in C++ Programs","archived":false,"fork":false,"pushed_at":"2022-09-16T06:55:11.000Z","size":46541,"stargazers_count":125,"open_issues_count":1,"forks_count":17,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-12-24T09:02:16.833Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RUB-SysSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-12-01T09:25:47.000Z","updated_at":"2024-11-21T12:39:29.000Z","dependencies_parsed_at":"2023-03-03T16:30:19.685Z","dependency_job_id":null,"html_url":"https://github.com/RUB-SysSec/Marx","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RUB-SysSec%2FMarx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RUB-SysSec%2FMarx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RUB-SysSec%2FMarx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RUB-SysSec%2FMarx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RUB-SysSec","download_url":"https://codeload.github.com/RUB-SysSec/Marx/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253346382,"owners_count":21894263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T10:00:34.781Z","updated_at":"2025-05-10T00:31:12.588Z","avatar_url":"https://github.com/RUB-SysSec.png","language":"C++","funding_links":[],"categories":["使用"],"sub_categories":["\u003ca id=\"4900b1626f10791748b20630af6d6123\"\u003e\u003c/a\u003eC++类\u0026\u0026虚表"],"readme":"# Marx\nUncovering Class Hierarchies in C++ Programs\n\nThis repository holds the programs used for the NDSS 2017 paper [MARX: Uncovering Class Hierarchies in C++ Programs](https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/marx-uncovering-class-hierarchies-c-programs/).\n\n\n## Evaluation Data\n\nThe data used to evaluate Marx is available at [zenodo.org](https://zenodo.org/record/238686).\n\n\n## Organization\n\nFolder structure as follows:\n- `include` contains the header files,\n- `src` contains the source code itself,\n- `patch` contains a patch to enable manual memory management for VEX,\n- `ida_export` contains an IDA script creating a `.dmp` file,\n- `scripts` contains helper scripts.\n\n\n## Development Setup\n\nRequires CMake, at least version 2.8. As for IDEs, QtCreator works pretty well\nfor C++ development and contains an useful debugger.\n\nWhen using QtCreator, simply click on \"Open Project\" and select\n`CMakeLists.txt`. It makes sense to let the build directory point to a\ndirectory called `build` inside the project's root directory (in case your IDE\ndoes not honor CMake's `RUNTIME_OUTPUT_DIRECTORY` variable).\n\nDebug builds are considerably slower but are necessary for proper debugging\nbehavior. Make sure to set `CMAKE_BUILD_TYPE` accordingly in `CMakeLists.txt`\n(you can do so from within QtCreator). In desperate cases, try the option \"Run\nCMake\" from the context menu.\n\nWhen developing from the command line, issue the following commands from the\nproject's root directory:\n```\nmkdir build \u0026\u0026 cd build\ncmake ..\nmake -j{CPU_COUNT}\n```\n\nThe project requires a patched version of _Valgrind_. To be more exact, only\nthe _VEX_ sub-project is actually used and patched.\n\nDownload Valgrind from [the official project page](http://valgrind.org/). We\nrecommend checking out the subversion repository. Revision 3203 of VEX is known\nto work:\n```\nsvn co svn://svn.valgrind.org/valgrind/trunk@15732 valgrind\ncd valgrind/VEX/\nsvn update -r 3203\n```\n\nConfigure the project as per its installation instructions. Switch to the `VEX`\ndirectory and apply the patch found in folder `patch`:\n```\ncd VEX\npatch -p0 \u003c ../marx/patch/heap_allocation_patch.diff\n```\n\nFirst configure Valgrind by issuing `./autogen.sh` and `./configure`.\nThen issue `make` and `make install` inside the `VEX` directory to install the\nVEX components. The CMake project tries to include the library\n`/usr/local/lib/valgrind/libvex-amd64-linux.a`. Make sure it exists.\n\n\n## Usage\n\nWhen developing on a new binary, the first step is to export data from an IDA\ndatabase. The IDAPython script found\nin `ida_export` creates a dump file `{BINARY_NAME}.dmp` and exports all\nnecessary data used for the analysis in the folder the\nbinary lies in. Remember to set the pure_virtual_addr in the IDAPython script\nbefore executing it. In case of Windows, the function is called `_purecall`.\nIn Linux, it is called `__cxa_pure_virtual`.\n\nAfter exporting all data, a config file for Marx has to be created manually.\nA config file looks like the following:\n```\nMODULENAME filezilla\nTARGETDIR ../tests/filezilla/\nFORMAT ELF64\nNEWOPERATORS 2 431F80 432C00\nEXTERNALMODULES 8 ../tests/libwx_gtk2u_aui/libwx_gtk2u_aui-3.1.so.0.0.0 ../tests/libwx_gtk2u_xrc/libwx_gtk2u_xrc-3.1.so.0.0.0 ../tests/libwx_gtk2u_adv/libwx_gtk2u_adv-3.1.so.0.0.0 ../tests/libwx_gtk2u_core/libwx_gtk2u_core-3.1.so.0.0.0 ../tests/libwx_baseu_net/libwx_baseu_net-3.1.so.0.0.0 ../tests/libwx_baseu/libwx_baseu-3.1.so.0.0.0 ../tests/libwx_gtk2u_html/libwx_gtk2u_html-3.1.so.0.0.0 ../tests/libwx_baseu_xml/libwx_baseu_xml-3.1.so.0.0.0\n```\n\nFurther examples of config files can be seen in the evaluation data at [zenodo.org](https://zenodo.org/record/238686).\n\nWhen the config file is created, Marx can be executed by issuing the following command:\n```\n./marx ../tests/filezilla/config.cfg\n```\n\nAfterwards, the IDAPython script found in `ida_import` can be used to import the analyzed data back to IDA.\n\nNOTE: Windows binaries have to be loaded at base address 0x0 (or rebased)\nin IDA before exporting them. Also, the IDAPython script only supports Windows\nbinaries which are compiled with RTTI. Furthermore, specific functions\nhave to be blacklisted in Windows binaries\n(because of compiler optimizations which would cause a lot of false-positives\nduring the analysis) that are in multiple vtables but do not belong together.\nThis is the case for example for short functions that do just zero a\nregister and do nothing more. See for further details the helper script\n`ida_win_find_blacklist_functions.py`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frub-syssec%2Fmarx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frub-syssec%2Fmarx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frub-syssec%2Fmarx/lists"}