Remill is a static binary translator that translates machine code instructions into LLVM bitcode. It translates AArch64 (64-bit ARMv8), SPARC32 (SPARCv8), SPARC64 (SPARCv9), x86 and amd64 machine code (including AVX and AVX512) into LLVM bitcode. AArch32 (32-bit ARMv8 / ARMv7) support is underway.
Remill focuses on accurately lifting instructions. It is meant to be used as a library for other tools, e.g. McSema.
- How to contribute
- How to implement the semantics of an instruction
- How instructions are lifted
- The design and architecture of Remill
If you are experiencing undocumented problems with Remill then ask for help in the #binary-lifting channel of the Empire Hacking Slack.
Remill is supported on Linux platforms and has been tested on Ubuntu 14.04, 16.04, and 18.04. Remill also works on macOS, and has experimental support for Windows.
Remill's Linux version can also be built via Docker for quicker testing.
Most of Remill's dependencies can be provided by the cxx-common repository. Trail of Bits hosts downloadable, pre-built versions of cxx-common, which makes it substantially easier to get up and running with Remill. Nonetheless, the following table represents most of Remill's dependencies.
| Name | Version |
|---|---|
| Git | Latest |
| CMake | 3.2+ |
| Google Flags | Latest |
| Google Log | Latest |
| Google Test | Latest |
| LLVM | 3.5+ |
| Clang | 3.5+ |
| Intel XED | Latest |
| Python | 2.7 |
| Unzip | Latest |
| ccache | Latest |
If you are running Ubuntu or Mac, you will be able to use pre-compiled libraries instead of building everything yourself.
First, clone the repository. This will clone the code into the remill directory.
git clone https://github.com/lifting-bits/remill.gitNext, we build Remill. This script will create another directory, remill-build, in the current working directory. All remaining dependencies needed by Remill will be downloaded from what was built in our CI into the remill-build directory. The build script will use whatever compiler is found by CMake.
./remill/scripts/build.shTo run the tests you must have built Remill with clang:
cmake --build . --target test_dependencies
env CTEST_OUTPUT_ON_FAILURE=1 cmake --build build --target testTo see more options for the build script, use --help, open an issue, or join Slack.
Ensure remill works:
# Decode some AMD64 instructions to LLVM
docker run --rm -it remill:llvm800-ubuntu18.04-amd64 \
--arch amd64 --ir_out /dev/stdout --bytes c704ba01000000
# Decode some AArch64 instructions to LLVM
docker run --rm -it remill:llvm800-ubuntu18.04-amd64 \
--arch aarch64 --address 0x400544 --ir_out /dev/stdout \
--bytes FD7BBFA90000009000601891FD030091B7FFFF97E0031F2AFD7BC1A8C0035FD6