Self-hosting binary instrumentation framework for security research
Egalito is a binary recompiler, designed for implementing security hardening. It uses a low-level intermediate representation (EIR or Chunk) that accurately reflects all aspects of a program binary. Egalito uses metadata present in modern position-independent binaries to turn all cross-references into EIR Links, allowing code to be arbitrarily rearranged without additional overhead. Output generation in the form of ELFs or union ELFs is supported, and Egalito provides a custom loader that allows it to bootstrap into a fully self-hosted environment (parsing and transforming libegalito.so).
Egalito supports x86_64 and aarch64, with experimental support for RISC-V.
For more information, please visit: https://egalito.org
To build: $ sudo apt-get install make g++ libreadline-dev gdb lsb-release unzip $ sudo apt-get install libc6-dbg libstdc++6-7-dbg # names may differ $ git submodule update --init --recursive $ make -j
To test, try: $ cd test/codegen && make && cd - $ cd app && ./etelf -m ../src/ex/hello hello && ./hello && cd - $ cd src && ./loader ex/hello && cd - $ cd app && ./etshell
Other extensions: - Python bindings and Python shell: see app/README-python - Docker: see test/docker/README.md