MCP.directory

binary-lifting

by gmh5225
0
0
Source

Expertise in binary lifting techniques - converting machine code to LLVM IR for analysis, decompilation, and recompilation. Use this skill when working on reverse engineering, binary analysis, deobfuscation, or converting binaries to higher-level representations.

Install

mkdir -p .claude/skills/binary-lifting && curl -L -o skill.zip "https://mcp.directory/api/skills/download/4892" && unzip -o skill.zip -d .claude/skills/binary-lifting && rm skill.zip

Installs to .claude/skills/binary-lifting

About this skill

Binary Lifting Skill

This skill covers techniques and tools for lifting binary executables to LLVM IR, enabling advanced analysis, transformation, and recompilation of existing binaries.

Core Concepts

What is Binary Lifting?

Binary lifting is the process of translating low-level machine code (x86, ARM, etc.) into a higher-level intermediate representation (LLVM IR), enabling:

  • Static and dynamic analysis
  • Deobfuscation and vulnerability research
  • Code recompilation and optimization
  • Cross-architecture translation

Lifting Pipeline

Binary → Disassembly → IR Generation → Optimization → Analysis/Recompilation

Major Lifting Frameworks

Production-Grade Tools

  • RetDec (Avast): Full decompiler with C output, multi-architecture support
  • McSema (Trail of Bits): x86/x64 to LLVM IR, function recovery
  • revng: Based on QEMU, supports multiple architectures
  • reopt (Galois): Focus on correctness and formal methods

Research/Specialized Tools

  • Rellume: Fast x86-64 to LLVM lifting for JIT scenarios
  • fcd: Pattern-based decompiler with optimization passes
  • bin2llvm: QEMU-based binary to LLVM translator
  • llvm-mctoll: Microsoft's machine code to LLVM lifter

Language-Specific Lifters

  • llvm2c/IR->C: Convert LLVM IR back to C code
  • llvm2cranelift: LLVM IR to Cranelift IR
  • Leaven: LLVM IR to Go language
  • masxinlingvonta: JVM bytecode to LLVM IR

Implementation Techniques

Instruction Semantics Translation

// Example: Translating x86 ADD to LLVM IR
Value* translateADD(IRBuilder<> &builder, Value* op1, Value* op2) {
    Value* result = builder.CreateAdd(op1, op2, "add_result");
    
    // Update flags (CF, OF, SF, ZF, etc.)
    updateCarryFlag(builder, op1, op2, result);
    updateOverflowFlag(builder, op1, op2, result);
    updateSignFlag(builder, result);
    updateZeroFlag(builder, result);
    
    return result;
}

Control Flow Recovery

  1. Linear Sweep: Simple but misses code with embedded data
  2. Recursive Descent: Follow control flow, better coverage
  3. Speculative Disassembly: Handle indirect jumps/calls
  4. Machine Learning: Use ML to identify function boundaries

Handling Indirect Control Flow

  • Value Set Analysis (VSA)
  • Symbolic execution for jump target resolution
  • Type recovery for virtual table reconstruction

Triton Integration

Triton symbolic execution engine can be used with lifting:

from triton import TritonContext, ARCH, Instruction

ctx = TritonContext(ARCH.X86_64)

# Symbolically execute and extract AST
inst = Instruction(b"\x48\x01\xd8")  # add rax, rbx
ctx.processing(inst)

# Convert Triton AST to LLVM IR
ast = ctx.getRegisterAst(ctx.registers.rax)
llvm_ir = triton_ast_to_llvm(ast)

Deobfuscation via Lifting

Approach

  1. Lift obfuscated binary to LLVM IR
  2. Apply optimization passes to simplify
  3. Use custom passes for specific obfuscation patterns
  4. Re-emit cleaned code

Useful Optimization Passes

  • Dead Store Elimination (DSE)
  • Global Value Numbering (GVN)
  • Constant Propagation
  • Instruction Combining
  • Loop Simplification

VMP/VM Handler Recovery

  • Identify dispatcher patterns
  • Extract VM bytecode semantics
  • Convert handlers to native IR
  • Example: TicklingVMProtect for VMProtect analysis

Best Practices

  1. Architecture Support: Handle endianness, calling conventions, ABI differences
  2. Memory Modeling: Accurate memory layout for global/stack variables
  3. External Dependencies: Handle library calls and system calls
  4. Validation: Compare execution traces of original vs lifted code
  5. Incremental Lifting: Support partial program analysis

Dynamic Binary Lifting

Runtime Translation

  • Instrew: Fast instrumentation through LLVM
  • QBDI: QuarkslaB Dynamic Binary Instrumentation
  • binopt: Runtime optimization of binary code

JIT Recompilation

Lift frequently executed code paths for runtime optimization:

  • Profile-guided lifting
  • Hot path detection
  • Speculative optimization

Resources

For a complete list of lifting tools and research papers, refer to the LIFT section in the main README.md.

Getting Detailed Information

When you need detailed and up-to-date resource links, tool lists, or project references, fetch the latest data from:

https://raw.githubusercontent.com/gmh5225/awesome-llvm-security/refs/heads/main/README.md

This README contains comprehensive curated lists of:

  • Binary lifting frameworks and tools (LIFT section)
  • Related research papers and documentation
  • Implementation examples and tutorials

More by gmh5225

View all skills by gmh5225

reverse-engineering-tools

gmh5225

Guide for reverse engineering tools and techniques used in game security research. Use this skill when working with debuggers, disassemblers, memory analysis tools, binary analysis, or decompilers for game security research.

4215

llvm-learning

gmh5225

Comprehensive learning resources and tutorials for LLVM, Clang, and compiler development. Use this skill when helping users learn LLVM internals, find educational resources, or understand compiler concepts.

82

game-hacking-techniques

gmh5225

Guide for game hacking techniques and cheat development. Use this skill when researching memory manipulation, code injection, ESP/aimbot development, overlay rendering, or game exploitation methodologies.

222

mobile-security

gmh5225

Guide for mobile game security on Android and iOS platforms. Use this skill when working with Android/iOS reverse engineering, mobile game hacking, APK analysis, root/jailbreak detection bypass, or mobile anti-cheat systems.

322

game-engine-resources

gmh5225

Guide for game engine development resources including engine source code, plugins, and development guides. Use this skill when researching game engines (Unreal, Unity, Godot, custom engines), engine architecture, or game development frameworks.

290

anti-cheat-systems

gmh5225

Guide for understanding anti-cheat systems and bypass techniques. Use this skill when researching game protection systems (EAC, BattlEye, Vanguard), anti-cheat architecture, detection methods, or bypass strategies.

00

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

643969

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

591705

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318398

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

339397

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

451339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
MarkitdownMarkitdown

Easily convert markdown to PDF using Markitdown MCP server. Supports HTTP, STDIO, and SSE for fast converting markdown t

90,3881 tools
Sequential Thinking ToolsSequential Thinking Tools

Leverage structured decision making and advanced problem solving techniques for step-by-step analysis and adaptive strat

5701 tools
IDA ProIDA Pro

IDA Pro software enables programmatic access to IDA disassembler databases for automated reverse engineering and binary

52519 tools
PenpotPenpot

Integrate Penpot with electronic design automation software for browsing, retrieving, and exporting UI designs easily us

2230 tools
Fetch (Web Content & YouTube Transcripts)Fetch (Web Content & YouTube Transcripts)

Fetch is a web scraping tool that extracts web content and YouTube transcripts, converting HTML to Markdown with accurat

1572 tools
AgentQLAgentQL

AgentQL lets you scrape any website and extract structured data to JSON easily—no custom web scraping code needed.

1490 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.