pgoodman
commented
4 years ago What you need is to implement a "runtime." The purpose of the runtime is to implement intrinsic functions that are used to model state changes that are beyond the scope of what can be modelled in instruction semantics. In general, we don't provide one by default as we don't really know how our users will use our bitcode. You can probably copy large parts of McSema's runtime implementation from here: https://github.com/lifting-bits/mcsema/blob/master/mcsema/Arch/X86/Runtime/Runtime.cpp
Otherwise, McSema itself doesn't (yet) support recompilation for lifted Windows code. That would require writing some low-level assembly code to do state swapping and it'd be quite tricky. We don't have any immediate plans to implement this code.
my executed command is: remill-clang-5.0.exe -v -Xlinker /subsystem:windows -o calc_new.exe calc.bc
I am trying to reassambling of disassambled calc.exe. but I get error:
clang version 5.0.1 (tags/RELEASE_501/final) Target: x86_64-pc-windows-msvc Thread model: posix InstalledDir: D:\Users\oacar\Desktop\remill_compiled\remill\bin "D:\Users\oacar\Desktop\remill_compiled\remill\bin\remill-clang-5.0.exe" -cc1 -triple x86_64-pc-windows-msvc19.27.29111 -emit-obj -mrelax-all -mincremental-linker-compatible -disable-free -disable-llvm-verifier -discard-value-names -main-file-name calc.bc -mrelocation-model pic -pic-level 2 -mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -momit-leaf-frame-pointer -v -dwarf-column-info -debugger-tuning=gdb -resource-dir "D:\Users\oacar\Desktop\remill_compiled\remill\lib\clang\5.0.1" -fdebug-compilation-dir "D:\Users\oacar\Desktop\mcsema_compiled\bin" -ferror-limit 19 -fmessage-length 142 -fms-extensions -fms-compatibility -fms-compatibility-version=19.27.29111 -fdelayed-template-parsing -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -o "D:\Users\oacar\AppData\Local\Temp\calc-40d6ea.o" -x ir "D:\Users\oacar\Desktop\mcsema_compiled\bin\calc.bc" clang -cc1 version 5.0.1 based upon LLVM 5.0.1 default target x86_64-pc-windows-msvc warning: overriding the module target triple with x86_64-pc-windows-msvc19.27.29111 [-Woverride-module] 1 warning generated. "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\bin\HostX64\x64\link.exe" -out:calc_new.exe -defaultlib:libcmt "-libpath:C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\lib\x64" "-libpath:C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\ucrt\x64" "-libpath:C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\x64" -nologo /subsystem:windows "D:\Users\oacar\AppData\Local\Temp\calc-40d6ea.o" Creating library calc_new.lib and object calc_new.exp calc-40d6ea.o : error LNK2019: unresolved external symbol remill_function_call referenced in function sub_140001010 calc-40d6ea.o : error LNK2019: unresolved external symbol __remill_atomic_begin referenced in function sub_1400019a0 calc-40d6ea.o : error LNK2019: unresolved external symbol remill_atomic_end referenced in function sub_1400019a0 calc-40d6ea.o : error LNK2019: unresolved external symbol RoGetMatchingRestrictedErrorInfo referenced in function sub_140001138 calc-40d6ea.o : error LNK2019: unresolved external symbol remill_async_hyper_call referenced in function sub_140002170_TopLevelExceptionFilter calc-40d6ea.o : error LNK2019: unresolved external symbol remill_error referenced in function sub_140002170_TopLevelExceptionFilter calc-40d6ea.o : error LNK2019: unresolved external symbol purecall referenced in function sub_140002140 calc-40d6ea.o : error LNK2019: unresolved external symbol remill_jump referenced in function sub_140002140 calc-40d6ea.o : error LNK2019: unresolved external symbol callnewh referenced in function sub_140001950 calc-40d6ea.o : error LNK2019: unresolved external symbol wcmdln referenced in function sub_140001a40 calc-40d6ea.o : error LNK2019: unresolved external symbol set_app_type referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol RoActivateInstance referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol WindowsDeleteString referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol WindowsCreateString referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol WindowsCreateStringReference referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol RoInitialize referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol ShellExecuteW referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol EventSetInformation referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol EventRegister referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol SetRestrictedErrorInfo referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol "void cdecl terminate(void)" (?terminate@@YAXXZ) referenced in function callback_sub_140001400 Hint on symbols that are defined and could potentially match: terminate calc-40d6ea.o : error LNK2019: unresolved external symbol _amsg_exit referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol __wgetmainargs referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2019: unresolved external symbol EventWriteTransfer referenced in function callback_sub_140001400 calc-40d6ea.o : error LNK2001: unresolved external symbol _XcptFilter calc-40d6ea.o : error LNK2001: unresolved external symbol mcsema_attach_call libcmt.lib(exe_winmain.obj) : error LNK2019: unresolved external symbol WinMain referenced in function "int cdecl scrt_common_main_seh(void)" (?__scrt_common_main_seh@@YAHXZ) calc_new.exe : fatal error LNK1120: 27 unresolved externals remill-clang-5.0.exe: error: linker command failed with exit code 1120 (use -v to see invocation)