Giters

mitthu / griffin-trace

A version of Griffin used to provide program traces

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GRIFFIN TRACE

Griffin Trace is an application of the Griffin Control-Flow Integrity (CFI) monitor. Griffin Trace watches a program during runtime and records traces during specific triggers. Right now, Griffin Trace can report the traces at Forward Edge and Shadow Stack violations, at the conclusion of a program run (either naturally or by an exception), at system calls, and at specific addresses.

WARNING

Griffin Trace uses a technique to reconstruct the control flow of a program in realtime in order to watch for forward-edge and shadow stack violations, and to identify specific address triggers. These require the use of mirror pages in user space memory, which currently requires disabling of SMAP protections that limit kernel access to user-space memory. No one should use this feature on deployment systems at this time, but rather restrict usage only to software testing environments.

Requirements

Griffin is a kernel patch that relies on specific Intel Processor Trace (PT) hardware. The Griffin kernel will only work on an Intel processor that includes Processor Trace. Modern Intel processors, such as Intel Xeon include this hardware.

Installation & Usage

To build and install the Griffin Trace kernel on your system, check out our Wiki pages for the latest documentation: Griffin Trace Wiki.

Reviewing the Trace

To read over the trace, you can run the PT trace tool provided in our Griffin kernel patch. The tool is located in ./tools/pt/ subfolder within the Griffin kernel.

  1. Compile the tool: $ make /path/to/griffin/tools/pt/
  2. Then provide the PT log generated by Griffin Trace: $ /path/to/griffin/tools/pt/pt /path/to/pt.log

This will produce a fairly large trace depending on the program, so you may want to feed the output into another file.

Trace Analysis Tools

Function & CFI Annotation

The Griffin Trace Annotator is included in the ./griffin-tests/ folder in this repository. The Annotator adds information to the PT log generated by Griffin Trace, and annotates any instructions used as entrypoints to functions, all system calls, and forward-edge and shadow stack CFI violations.

View the Griffin Trace Annotator for more information.

About

A version of Griffin used to provide program traces

License:Other

Languages

Language:C 95.8%Language:Assembly 1.9%Language:C++ 1.3%Language:Objective-C 0.4%Language:Makefile 0.3%Language:Perl 0.1%Language:Python 0.1%Language:Shell 0.1%Language:Yacc 0.0%Language:Java 0.0%Language:Lex 0.0%Language:Roff 0.0%Language:C# 0.0%Language:Scilab 0.0%Language:Awk 0.0%Language:GDB 0.0%Language:UnrealScript 0.0%Language:Gherkin 0.0%Language:M4 0.0%Language:XS 0.0%Language:Perl 6 0.0%Language:Clojure 0.0%