LLVM与OLLVM基础教学文档<\/h1>

一、环境准备与LLVM编译<\/h2>

1.1 基础环境配置<\/h3>
使用Ubuntu 18.04系统，需要安装以下基础工具：<\/p>
su root
<\/span><\/span>apt update
<\/span><\/span>apt install net-tools openssh-server vim build-essential cmake ninja-build
<\/span><\/span><\/code><\/pre>1.2 编译工具说明<\/h3>

CMake<\/strong>：跨平台构建工具，管理源文件编译顺序，处理不同OS和编译器的差异<\/li>
Ninja<\/strong>：专注于快速构建的构建系统，比传统构建工具更快<\/li>
build-essential<\/strong>：包含C++编译器等一系列基本构建工具<\/li>
<\/ul>
1.3 LLVM编译步骤<\/h3>


下载LLVM 10.0.1源码：<\/p>
mkdir LLVM
<\/span><\/span>cd LLVM
<\/span><\/span>tar -Jxvf llvm-project-10.0.1.tar.xz
<\/span><\/span><\/code><\/pre><\/li>

配置和编译：<\/p>
cd llvm-project-10.0.1
<\/span><\/span>mkdir build
<\/span><\/span>cd build
<\/span><\/span>cmake -G Ninja -DCMAKE_BUILD_TYPE=<\/span>"Release"<\/span> \
<\/span><\/span><\/span><\/span>      -DLLVM_ENABLE_PROJECTS=<\/span>"clang"<\/span> \
<\/span><\/span><\/span><\/span>      -DLLVM_ENABLE_RUNTIMES=<\/span>"libcxx;libcxxabi"<\/span> ..\/llvm
<\/span><\/span>ninja &&<\/span> ninja install -j4
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
参数说明：<\/p>

-G Ninja<\/code>：生成Ninja构建文件<\/li>
-DCMAKE_BUILD_TYPE="Release"<\/code>：生产环境构建<\/li>
-DLLVM_ENABLE_PROJECTS="clang"<\/code>：同时构建clang<\/li>
-DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi"<\/code>：启用运行时库<\/li>
<\/ul>
二、LLVM基本概念<\/h2>
2.1 编译器架构<\/h3>
LLVM采用三段式设计：<\/p>


前端(Frontend)<\/strong>：<\/p>

词法分析<\/li>
语法分析<\/li>
语义分析<\/li>
构建抽象语法树(AST)<\/li>
<\/ul>
<\/li>

优化器(Optimizer)<\/strong>：<\/p>

代码优化<\/li>
消除冗余<\/li>
<\/ul>
<\/li>

后端(Backend)<\/strong>：<\/p>

生成目标机器指令<\/li>
指令选择<\/li>
寄存器分配<\/li>
指令调度<\/li>
<\/ul>
<\/li>
<\/ol>
2.2 中间表示(IR)<\/h3>
LLVM IR有两种表示形式：<\/p>



格式<\/th>
类型<\/th>
特点<\/th>
<\/tr>
<\/thead>


.ll<\/code><\/td>
文本格式<\/td>
人类可读，类似汇编<\/td>
<\/tr>

.bc<\/code><\/td>
二进制格式<\/td>
紧凑高效，用于工具链内部<\/td>
<\/tr>
<\/tbody>
<\/table>
转换命令：<\/p>
llvm-as file.ll -o file.bc  # 汇编到二进制<\/span>
<\/span><\/span>llvm-dis file.bc -o file.ll # 二进制到汇编<\/span>
<\/span><\/span><\/code><\/pre>2.3 LLVM工具集<\/h3>



工具<\/th>
功能<\/th>
<\/tr>
<\/thead>


bugpoint<\/td>
调试优化遍数或代码生成后端<\/td>
<\/tr>

llvm-ar<\/td>
生成包含LLVM位码的归档文件<\/td>
<\/tr>

llvm-as<\/td>
将LLVM汇编转换为位码<\/td>
<\/tr>

llvm-dis<\/td>
将位码转换为LLVM汇编<\/td>
<\/tr>

llvm-link<\/td>
链接多个LLVM模块<\/td>
<\/tr>

lli<\/td>
LLVM解释器\/JIT编译器<\/td>
<\/tr>

llc<\/td>
LLVM后端编译器，生成本地代码<\/td>
<\/tr>

opt<\/td>
应用LLVM到LLVM的转换<\/td>
<\/tr>
<\/tbody>
<\/table>
三、LLVM Pass开发<\/h2>
3.1 LLVM Pass概念<\/h3>
LLVM Pass是对IR进行特定操作的组件，可用于：<\/p>

代码优化（提高性能、减小体积）<\/li>
代码分析（检查问题、验证规则）<\/li>
<\/ul>
工作方式：IR代码流经Pass时被处理<\/p>
3.2 项目内Pass开发<\/h3>


在llvm\/lib\/Transforms<\/code>下创建Pass目录<\/p>
<\/li>

创建CMakeLists.txt<\/code>：<\/p>
add_llvm_library(LLVMPrintName<\/span> MODULE<\/span> PrintName.cpp<\/span> PLUGIN_TOOL<\/span> opt<\/span>)
<\/span><\/span><\/span><\/code><\/pre><\/li>

编写Pass代码示例：<\/p>
#include<\/span> "llvm\/IR\/Function.h"<\/span>
<\/span><\/span><\/span>#include<\/span> "llvm\/IR\/Module.h"<\/span>
<\/span><\/span><\/span>#include<\/span> "llvm\/Pass.h"<\/span>
<\/span><\/span><\/span>#include<\/span> "llvm\/Support\/raw_ostream.h"<\/span>
<\/span><\/span><\/span><\/span>
<\/span><\/span>using<\/span> namespace<\/span> llvm;
<\/span><\/span>
<\/span><\/span>namespace<\/span> {
<\/span><\/span>struct<\/span> PrintFunctionNamePass<\/span> :<\/span> public<\/span> ModulePass {
<\/span><\/span>  static<\/span> char<\/span> ID;
<\/span><\/span>  PrintFunctionNamePass() :<\/span> ModulePass(ID) {}
<\/span><\/span>
<\/span><\/span>  bool<\/span> runOnModule<\/span>(Module &<\/span>M) override<\/span> {
<\/span><\/span>    for<\/span> (auto<\/span> &<\/span>F : M) {
<\/span><\/span>      errs() <<<\/span> "函数名: "<\/span> <<<\/span> F.getName() <<<\/span> "<\/span>\n<\/span>"<\/span>;
<\/span><\/span>    }
<\/span><\/span>    return<\/span> false;
<\/span><\/span>  }
<\/span><\/span>};
<\/span><\/span>
<\/span><\/span>char<\/span> PrintFunctionNamePass::<\/span>ID =<\/span> 0<\/span>;
<\/span><\/span>static<\/span> RegisterPass<<\/span>PrintFunctionNamePass><\/span> X(
<\/span><\/span>  "printname"<\/span>,                  \/\/ 命令行标识符
<\/span><\/span><\/span><\/span>  "打印函数名LLVM Pass"<\/span>,        \/\/ 简短描述
<\/span><\/span><\/span><\/span>  false,                       \/\/ 不修改IR
<\/span><\/span><\/span><\/span>  false                        \/\/ 不是分析Pass
<\/span><\/span><\/span><\/span>);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre><\/li>

编译和使用：<\/p>
ninja LLVMPrintName
<\/span><\/span>opt -load \/path\/to\/LLVMPrintName.so -printname hello.ll -o hello.bc
<\/span><\/span><\/code><\/pre><\/li>
<\/ol>
3.3 项目外Pass开发<\/h3>
目录结构：<\/p>
项目根目录\/
├── CMakeLists.txt
└── llvmpass\/
    ├── CMakeLists.txt
    └── PrintName.cpp
<\/code><\/pre>
根目录CMakeLists.txt<\/code>：<\/p>
cmake_minimum_required(VERSION<\/span> 3.10<\/span>)
<\/span><\/span><\/span><\/span>SET(CMAKE_CXX_FLAGS<\/span> "-Wall -fno-rtti"<\/span>)
<\/span><\/span><\/span><\/span>find_package(LLVM<\/span> REQUIRED<\/span> CONFIG<\/span>)
<\/span><\/span><\/span><\/span>add_definitions(${<\/span>LLVM_DEFINITIONS}<\/span>)
<\/span><\/span><\/span><\/span>include_directories(${<\/span>LLVM_INCLUDE_DIRS}<\/span>)
<\/span><\/span><\/span><\/span>link_directories(${<\/span>LLVM_LIBRARY_DIRS}<\/span>)
<\/span><\/span><\/span><\/span>add_subdirectory(llvmpass<\/span>)
<\/span><\/span><\/span><\/code><\/pre>子目录CMakeLists.txt<\/code>：<\/p>
add_library(LLVMPrintName<\/span> MODULE<\/span> PrintName.cpp<\/span>)
<\/span><\/span><\/span><\/span>target_link_libraries(LLVMPrintName<\/span> PRIVATE<\/span> ${<\/span>LLVM_LIBRARY_DIRS}<\/span>)
<\/span><\/span><\/span><\/code><\/pre>四、OLLVM基础<\/h2>
OLLVM是基于LLVM的混淆工具，通过对代码结构进行转换增加逆向难度。理解OLLVM需要先掌握LLVM基础知识，特别是：<\/p>

LLVM IR结构<\/li>
Pass开发技术<\/li>
编译器优化流程<\/li>
<\/ol>
OLLVM主要通过以下Pass实现混淆：<\/p>

控制流扁平化<\/li>
指令替换<\/li>
虚假控制流<\/li>
字符串加密等<\/li>
<\/ul>
五、常见问题解决<\/h2>


apt锁冲突<\/strong>：<\/p>
ps aux | grep apt
<\/span><\/span>sudo kill -9 <PID>
<\/span><\/span><\/code><\/pre><\/li>

网卡丢失<\/strong>：<\/p>
service NetworkManager restart
<\/span><\/span><\/code><\/pre><\/li>

编译中断<\/strong>：<\/p>

重新运行命令会继续之前进度<\/li>
建议增加内存和CPU核心数<\/li>
<\/ul>
<\/li>
<\/ol>
六、参考资料<\/h2>

LLVM官方文档：https:\/\/llvm.org\/docs\/GettingStarted.html<\/li>
Writing an LLVM Pass：https:\/\/releases.llvm.org\/9.0.1\/docs\/WritingAnLLVMPass.html<\/li>
CMake构建参考：https:\/\/stackoverflow.com\/questions\/17225956\/developing-an-llvm-pass-with-cmake-out-of-llvm-source-directory<\/li>
<\/ol>