• Aucun résultat trouvé

Understanding Software Dependencies in Windows

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Understanding Software Dependencies in Windows"

Copied!
22
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Windows workshop 2010

Understanding Software Dependencies in Windows

Roland Yap

School of Computing

National University of Singapore Singapore

[email protected]

(2)

Motivation

• Software is complex with a ecosystem of dependencies

Installation can cause other S/W to fail (e.g overwriting old library versions)

Uninstallation can cause S/W to fail (e.g removing critical shared libraries)

• Interactions and dependencies between software are difficult to understand

• We explore visualization as a tool for understanding software dependencies

See Y. Wu, R.H.C. Yap and R. Ramnath, Comprehending Module Dependencies and Sharing, ICSE 2010, to appear

Note: Dave’s talk – what is an application?

(3)

Examples of dependencies (1)

• Binaries used by notepad

c:\windows\apppatch\acgenral.dll c:\windows\system32\avgrsstx.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll

c:\windows\system32\msacm32.dll c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime c:\windows\system32\shimeng.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll c:\windows\system32\winmm.dll c:\windows\system32\winspool.drv

c:\windows\winsxs\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

(4)

Examples of dependencies (2)

• Simple boot (only Windows installed)

– DLLs: 154 – EXEs: 10 – Drivers: 1 – Ime: 1

• Typical boot (Windows + applications)

– DLLs: 274 – EXEs: 15

– Telephony/Modem: 6 – Drivers: 3

– ActiveX: 2 – Ime: 1

(5)

What are binaries?

• EXE (executables) are considered binaries

• Other binary types are DLL (dynamic

linked libraries), OCX (ActiveX controls), SYS (drivers) and CPL (control panel

applets), …

(6)

Visualization Objectives

• Visualizing binaries used by a particular executable

• Visualize any commonalities between binaries

• Visualize dependencies between binaries

(7)

Visualization (1)

• Basic dependency graph

• Graph is too dense

(8)

Revisiting processes (1)

• Process creation: Broken into many native calls.

• Very different from UNIX’s fork+execve

• The user space Win32 API CreateProcess()

1. Open the EXE file (ZwCreateFile)

2. Create process object (ZwCreateProcess) 3. Create thread object (ZwCreateThread) 4. Notify Windows subsystem (csrss)

5. Start the initial thread (ZwResumeThread)

Note: Recall Dave’s talk – NT native system calls

(9)

Revisiting processes (2)

• Binary loading: broken into many native calls

• Similar to UNIX:

dlopen

=

open

+

mmap

+…

• The user space Win32 API LoadLibrary()

1. Open the binary (ZwCreateFile)

2. Create a Section object (ZwCreateSection)

3. Map the binary to VM (ZwMapViewOfSection)

4. Dynamic linking, relocation…

(10)

Binary Dependency Visualization

• Two types of nodes: EXE, DLL + etc

• Three types of directed edges

1. EXE X launches another EXE Y 2. EXE X load a DLL Y

3. A function in binary X calls a function in binary Y

• How are binaries shared among programs?

EXE Dependency Graph

Only Type 1 and 2 edge Group DLLs by loader

• How binaries interact?

DLL Dependency Graph

Only Type 2 and 3 edge

Group DLLs manually by functionality or software vendor

(11)

Visualization (1)

• Basic dependency graph

• Graph is too dense

(12)

A more usable Visualization: EXE Dependency Graph

• Grouped dependency graph

1

1

1

2

2

(13)

Collecting binary dependency information

• EXE X launches another EXE Y

– Use the kernel

PsSetCreateProcessNotifyRoutine() API

• EXE X load a DLL Y

– Use the kernel

PsSetLoadImageNotifyRoutine() API

• A function in binary X calls a function in binary Y

– Instrument code execution

(14)

Comparing Microsoft Word and

Open Office Writer

(15)

DLL Dependency Graph: actual binary usage

• Some definitions:

– An EXE-DLL dependency in a DLL Dependency Graph is when there is has a control transfer from code in executable x to code in DLL y. We say that x has an EXE-DLL dependency on y.

– A DLL-DLL dependency in a DLL Dependency Graph is when there is has a control transfer from code in DLL x to code in DLL y. We say that x has a DLL-DLL dependency on y

(16)

Visualizing binaries executed

• Call graph is large.

• Group functions to images => DLL dependency graph.

• DLL dependency graph is still large.

• Group DLLs by properties:

– By functionality: graphics, audio, network…

– By vendor: microsoft, adobe…

– By path: C:\windows\system32\*.dll,

D:\vmware\*.dll…

(17)

Grouping by functionality

wget: DLL dependency without grouping

(18)

Grouping by functionality

wget: DLL dependency with grouping

(19)

Examples of grouping

By functionality (GIMP)

(20)

Examples of grouping

By software vendor (GIMP)

(21)

Boot trace

Most common dlls e.g kernel32, gdi32

Svchost using a lot of dlls

(22)

Conclusion

• Actual software dependencies quite complex in Windows

• 2 effective visualizations:

– EXE Dependency Graphs: commonality between binaries

– DLL Dependency Graphs: actual binary

usage

Références

Télécharger maintenant ( PDF - 22 Page - 362.82 KB )

Documents relatifs

Scale dependency in the hydromorphological control of a stream ecosystem functioning

Leaf breakdown data were then crossed with data on water chemistry and hydromorphological features at four spatial scales (i.e. upstream catchment, river segment, reach and

Formation création et utilisation des Dll sous Visual C++ – Cours et formation gratuit

Ces exemples seront séparés en deux catégories : Dans l’une nous verrons l’utilisation de la Dll crée en C++ et dans l’autre dans un programme en Visual Basic?. Mais

Deep Dependency Graph Conversion in English

Our work is distinguished from previous work concerning the generation of shallow dependency trees such that it generates dependency graphs incorporating deep structures in

...,.,_DD.. Na. n Dll LA GIIOLOGIII. vaua ca. present courrier. .._tle lepntw... Dbecte G6116MI CONAKY

NB • les ressources financleres peuvent etre foumles par une societe apparentee ou une societe soeur de Ia societe qui detlent les permis et/ou droits relatif s a u gisement

Time dependency in TV viewer clustering

Also the categories of programs watched in different clusters were distinct, such that the clusters provided a meaningful grouping of users with respect to their

Dependency Analysis Using Conceptual Graph

This paper attempts to formalize both the definition and characterization of a dependency in a unified approach, and then illustrates how dependencies themselves and the effect of

Trouver kernel32.dll

Le procédé pour déterminer l’adresse de base de kernel32.dll avec cette technique repose sur le fait que le SEH par défaut est configurer pour utiliser une fonction qui réside

An Industrial Case Study on Improving Quality in Integrated Software Product using defect dependency

We implemented it against a real time defect dataset to improve and evaluate the quality of our large scale integrated software product during every release cycle since