DOCSLIB.ORG

Automated Malware Analysis Report for Wget.Exe

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for Wget.Exe ID: 399715 Sample Name: wget.exe Cookbook: default.jbs Time: 04:14:24 Date: 29/04/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report wget.exe 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Networking: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 8 General Information 8 Simulations 9 Behavior and APIs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 9 General 9 File Icon 10 Network Behavior 10 Code Manipulations 10 Statistics 10 System Behavior 10 Analysis Process: wget.exe PID: 6932 Parent PID: 6020 10 General 10 Disassembly 10 Code Analysis 10 Copyright Joe Security LLC 2021 Page 2 of 10 Analysis Report wget.exe Overview General Information Detection Signatures Classification Sample wget.exe Name: FFoouunndd TToorrr oonniiioonn aaddddrrreessss Analysis ID: 399715 DFDoeeuttteenccdttte eTddo prp oottnteeinontnttiiia aalll dccdrrryyrpeptsttoos fffuunncctttiiioonn MD5: 8ab07993aa4c3d… PDPrrerootgegrrcraatemd ddpooeetess n nntoioatttl sschhryoopwwt o m fuucnchch t aiaoccntttiiivviii… SHA1: 3e7d90ead707b7… Ransomware Program does not show much activi Miner Spreading SHA256: 1b532832ecfcffe… mmaallliiiccciiioouusss Infos: malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious Most interesting Screenshot: cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Score: 21 Range: 0 - 100 Whitelisted: false Confidence: 80% Startup System is w10x64 wget.exe (PID: 6932 cmdline: 'C:\Users\user\Desktop\wget.exe' MD5: 8AB07993AA4C3DB71B44D0552950BD17) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview • Cryptography Copyright Joe Security LLC 2021 Page 3 of 10 • Networking • System Summary • Malware Analysis System Evasion • Anti Debugging Click to jump to signature section Networking: Found Tor onion address Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Command Path Path Direct OS System Remote Archive Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts and Scripting Interception Interception Volume Credential Service Services Collected Over Other Channel 1 Insecure Track Device System Interpreter 2 Access Dumping Discovery Data 1 1 Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Rootkit LSASS Application Remote Data from Exfiltration Proxy 1 Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Memory Window Desktop Removable Over Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Calls/SMS Without Scripts Scripts Authorization Behavior Graph Copyright Joe Security LLC 2021 Page 4 of 10 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped Behavior Graph Is Windows Process ID: 399715 Number of created Registry Values Sample: wget.exe Number of created Files Startdate: 29/04/2021 Visual Basic Architecture: WINDOWS Delphi Score: 21 Java .Net C# or VB.NET C, C++ or other language Found Tor onion address started Is malicious Internet wget.exe Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2021 Page 5 of 10 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link wget.exe 4% ReversingLabs Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Source Detection Scanner Label Link crl.sectigo.com/SectigoRSATimeStampingCA.crl0t 0% URL Reputation safe crl.sectigo.com/SectigoRSATimeStampingCA.crl0t 0% URL Reputation safe crl.sectigo.com/SectigoRSATimeStampingCA.crl0t 0% URL Reputation safe crl.sectigo.com/SectigoRSATimeStampingCA.crl0t 0% URL Reputation safe Copyright Joe Security LLC 2021 Page 6 of 10 Source Detection Scanner Label Link https://sectigo.com/CPS0 0% URL Reputation safe https://sectigo.com/CPS0 0% URL Reputation safe https://sectigo.com/CPS0 0% URL Reputation safe https://sectigo.com/CPS0 0% URL Reputation safe https://ftpftp://ftpsftps://Rpcrt4.dllUuidCreateUuidToStringARpcStringFreeA 0% Avira URL Cloud safe ocsp.sectigo.com0 0% URL Reputation safe ocsp.sectigo.com0 0% URL Reputation safe ocsp.sectigo.com0 0% URL Reputation safe ocsp.sectigo.com0 0% URL Reputation safe crt.sectigo.com/SectigoRSATimeStampingCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSATimeStampingCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSATimeStampingCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSATimeStampingCA.crt0# 0% URL Reputation safe https://sectigo.com/CPS0D 0% URL Reputation safe https://sectigo.com/CPS0D 0% URL Reputation safe https://sectigo.com/CPS0D 0% URL Reputation safe https://sectigo.com/CPS0D 0% URL Reputation safe www.metalinker.org/typedynamicoriginurn:ietf:params:xml:ns:metalinktagsidentityfilesfilenames 0% Avira URL Cloud safe crl.sectigo.com/SectigoRSACodeSigningCA.crl0s 0% URL Reputation safe crl.sectigo.com/SectigoRSACodeSigningCA.crl0s 0% URL Reputation safe crl.sectigo.com/SectigoRSACodeSigningCA.crl0s 0% URL Reputation safe crl.sectigo.com/SectigoRSACodeSigningCA.crl0s 0% URL Reputation safe www.metalinker.org/ 0% Virustotal Browse www.metalinker.org/ 0% Avira URL Cloud safe crt.sectigo.com/SectigoRSACodeSigningCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSACodeSigningCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSACodeSigningCA.crt0# 0% URL Reputation safe crt.sectigo.com/SectigoRSACodeSigningCA.crt0# 0% URL Reputation safe Domains and IPs Contacted Domains No contacted domains info URLs from Memory and Binaries Name Source Malicious Antivirus Detection Reputation crl.sectigo.com/SectigoRSATimeStampingCA.crl0t wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://sectigo.com/CPS0 wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe wget.exe false Avira URL Cloud: safe low https://ftpftp://ftpsftps://Rpcrt4.dllUuidCreateUuidToStringARpc StringFreeA ocsp.sectigo.com0 wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe netpreserve.org/warc/1.0/revisit/identical-payload- wget.exe false high digestWARC-Truncatedlength crt.sectigo.com/SectigoRSATimeStampingCA.crt0# wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://savannah.gnu.org/bugs/? wget.exe false high func=additem&group=wget. https://sectigo.com/CPS0D wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://gnu.org/licenses/ wget.exe false high www.gnu.org/licenses/gpl.html wget.exe false high Copyright Joe Security LLC 2021 Page 7 of 10 Name Source Malicious Antivirus Detection Reputation https://gnu.org/licenses/gpl.html wget.exe false high netpreserve.org/warc/1.0/revisit/identical-payload-digest wget.exe false high wget.exe true Avira URL Cloud: safe unknown www.metalinker.org/typedynamicoriginurn:ietf:params:xml:ns: metalinktagsidentityfilesfilenames crl.sectigo.com/SectigoRSACodeSigningCA.crl0s wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe www.metalinker.org/ wget.exe true 0%, Virustotal, Browse unknown Avira URL Cloud: safe crt.sectigo.com/SectigoRSACodeSigningCA.crt0# wget.exe false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe wget.exe false high bibnum.bnf.fr/WARC/WARC_ISO_28500_version1_latestdraft. pdf Contacted IPs No contacted IP infos General Information Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 399715 Start date: 29.04.2021 Start time: 04:14:24 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 14s Hypervisor based Inspection enabled: false Report type: light Sample file name: wget.exe Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: SUS Classification: sus21.evad.winEXE@1/0@0/0 EGA Information: Failed HDC Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Found application associated with file extension: .exe Stop behavior analysis, all processes terminated Copyright Joe Security LLC 2021 Page 8 of 10 Simulations Behavior and APIs No simulations Joe Sandbox View / Context IPs No context Domains No context
Load more

Recommended publications
  • Toolchains Instructor: Prabal Dutta Date: October 2, 2012
    EECS 373: Design of Microprocessor-Based Systems Fall 2012 Lecture 3: Toolchains Instructor: Prabal Dutta Date: October 2, 2012 Note: Unless otherwise specified, these notes assume: (i) an ARM Cortex-M3 processor operating in little endian mode; (ii) the ARM EABI application binary interface; and (iii) the GNU GCC toolchain. Toolchains A complete software toolchain includes programs to convert source code into binary machine code, link together separately assembled/compiled code modules, disassemble the binaries, and convert their formats. Binary program file (.bin) Assembly Object Executable files (.s) files (.o) image file objcopy ld (linker) as objdump (assembler) Memory layout Disassembled Linker code (.lst) script (.ld) Figure 0.1: Assembler Toolchain. A typical GNU (GNU's Not Unix) assembler toolchain includes several programs that interact as shown in Figure 0.1 and perform the following functions: • as is the assembler and it converts human-readable assembly language programs into binary machine language code. It typically takes as input .s assembly files and outputs .o object files. • ld is the linker and it is used to combine multiple object files by resolving their external symbol references and relocating their data sections, and outputting a single executable file. It typically takes as input .o object files and .ld linker scripts and outputs .out executable files. • objcopy is a translation utility that copies and converts the contents of an object file from one format (e.g. .out) another (e.g. .bin). • objdump is a disassembler but it can also display various other information about object files. It is often used to disassemble binary files (e.g.
    [Show full text]
  • Coldfire Cross Development with GNU Toolchain and Eclipse
    ColdFire cross development with GNU Toolchain and Eclipse Version 1.0 embedded development tools Acknowledgements Ronetix GmbH Waidhausenstrasse 13/5 1140 Vienna Austria Tel: +43-720-500315 +43-1962-720 500315 Fax: +43-1- 8174 955 3464 Internet: www.ronetix.at E-Mail [email protected] Acknowledgments: ColdFire is trademark of Freescale Ltd. Windows, Win32, Windows CE are trademarks of Microsoft Corporation. Ethernet is a trademark of XEROX. All other trademarks are trademarks of their respective companies. © 2005-2008 RONETIX All rights reserved. ColdFire cross development 2 www.ronetix.at Acknowledgements Change log April 2007 - First release ColdFire cross development 3 www.ronetix.at Contents 1 INTRODUCTION ...........................................................................................................................5 2 PEEDI COLDFIRE EMULATOR INSTALLATION........................................................................6 3 TOOLSET INSTALLATION ON LINUX ........................................................................................7 4 TOOLSET INSTALLATION ON WINDOWS...............................................................................10 5 WORKING WITH ECLIPSE.........................................................................................................11 5.1 Adding a project ....................................................................................................................11 5.2 Configuring and working with the Eclipse built-in debugger ...........................................16
    [Show full text]
  • Transparent Dynamic Optimization: the Design and Implementation of Dynamo
    Transparent Dynamic Optimization: The Design and Implementation of Dynamo Vasanth Bala, Evelyn Duesterwald, Sanjeev Banerjia HP Laboratories Cambridge HPL-1999-78 June, 1999 E-mail: [email protected] dynamic Dynamic optimization refers to the runtime optimization optimization, of a native program binary. This report describes the compiler, design and implementation of Dynamo, a prototype trace selection, dynamic optimizer that is capable of optimizing a native binary translation program binary at runtime. Dynamo is a realistic implementation, not a simulation, that is written entirely in user-level software, and runs on a PA-RISC machine under the HPUX operating system. Dynamo does not depend on any special programming language, compiler, operating system or hardware support. Contrary to intuition, we demonstrate that it is possible to use a piece of software to improve the performance of a native, statically optimized program binary, while it is executing. Dynamo not only speeds up real application programs, its performance improvement is often quite significant. For example, the performance of many +O2 optimized SPECint95 binaries running under Dynamo is comparable to the performance of their +O4 optimized version running without Dynamo. Internal Accession Date Only Ó Copyright Hewlett-Packard Company 1999 Contents 1 INTRODUCTION ........................................................................................... 7 2 RELATED WORK ......................................................................................... 9 3 OVERVIEW
    [Show full text]
  • Building a GCC Cross Compiler
    B uilding the Gnu GCC Compiler Page 1 Building a Gnu GCC Cross Compiler Cmpware, Inc. Introduction The Cmpware Configurable Multiprocessor Development Kit (CMP-DK) is based around fast simulation models for multiple processors. While the Cmpware CMP-DK comes with several popular microprocessor models included, it does not supply tools for programming these processors. One popular microprocessor development tool chain is the Gnu tools from the Free Software Foundation. These tools are most often used in typical self-hosted development environments, where the processor and operating system used for development is also the processor and operating system used to execute the code being developed. In the case of development for the Cmpware CMP-DK, it is more likely that the tools will be cross targeted. This means that the host machine used for software development uses one processor and operating system and the target system uses a different processor and operating system. This arrangement does not necessarily complicate the processor itself; it still only has to produce code for a single target. The major problem with cross targeted tools is that the possible combinations of host and target can be large and the audience for such tools relatively small. So such tools tend to be less rigorously maintained than more popular self-hosted tools. This document briefly describes the complete process of building a cross targeted Gnu tool chain. It uses a popular combination of host and target, and the process is know to work correctly. This document does not address the problems that may occur in the build process which may require specialized knowledge of the internals of the Gnu tools.
    [Show full text]
  • Embedded Design Handbook
    Embedded Design Handbook Subscribe EDH | 2020.07.22 Send Feedback Latest document on the web: PDF | HTML Contents Contents 1. Introduction................................................................................................................... 6 1.1. Document Revision History for Embedded Design Handbook........................................ 6 2. First Time Designer's Guide............................................................................................ 8 2.1. FPGAs and Soft-Core Processors.............................................................................. 8 2.2. Embedded System Design...................................................................................... 9 2.3. Embedded Design Resources................................................................................. 11 2.3.1. Intel Embedded Support........................................................................... 11 2.3.2. Intel Embedded Training........................................................................... 11 2.3.3. Intel Embedded Documentation................................................................. 12 2.3.4. Third Party Intellectual Property.................................................................12 2.4. Intel Embedded Glossary...................................................................................... 13 2.5. First Time Designer's Guide Revision History............................................................14 3. Hardware System Design with Intel Quartus Prime and Platform Designer.................
    [Show full text]
  • Compiler Driver
    GHS Compiler Driver Advanced Data Controls Corp. 1 Flow of Source Files Through the Tool Chain Assembly Language Sorce File Object Library Lnguage (Ada95,C,C++,Fortron,Pascal) Modules Archives Files Language Compiler Assembly Language File (.s extension) Assembled by the Assembler Object Module (.o extension) Linked Executable program a.out 2 Compiler Drivers • A compiler driver is a program which invokes the other components of the tool set to process a program. There is a separate compiler driver for each source language. The drivers use command line arguments and source file extensions to determine which compiler or assembler to invoke for each source file, then sequence the resulting output through the subsequent linker and conversion utilities, relieving the user of the burden of invoking each of these tools individually. 3 Compilers • Each Green Hills optimizing compiler is a combination of a language-specific front end, a global optimizer, and a target- specific code generator. Green Hills provides compilers for five languages: Ada,C,C++,FORTRAN,and Pascal, including all major dialects. All languages for a target use the same subroutine linkage conventions. This allows modules written in different languages to call each other. The compilers generate assembly language. 4 Assembler • The relocatable macro assembler translates assembly language statements and directives into a relocatable object file containing instructions and data. 5 Librarian • The Librarian combines object files created by assembler or Linker into a library file. The linker can search library files to resolve internal references. 6 Linker • The Linker combines one or more ELF object modules into a single ELF relocatable object or executable program.
    [Show full text]
  • Embedded System Tools Reference Manual
    Embedded System Tools Reference Manual UG1043 (v2016.1) April 06, 2016 Revision History The following table shows the revision history for this document. Date Version Revision 04/06/2016 2016.1 Added information about the supported processors and compilers. Added references to Zynq® UltraScale+™ MPSoC related documentation. Embedded System Tools Reference Manual www.xilinx.com Send Feedback 2 UG1043 (v2016.1) April 06, 2016 Table of Contents Revision History . 2 Chapter 1: Embedded System and Tools Architecture Overview Design Process Overview. 6 Vivado Design Suite Overview . 8 Software Development Kit . 9 Chapter 2: GNU Compiler Tools Overview . 12 Compiler Framework . 12 Common Compiler Usage and Options . 14 MicroBlaze Compiler Usage and Options. 29 ARM Cortex-A9 Compiler Usage and Options . 46 Other Notes . 48 Chapter 3: Xilinx System Debugger SDK System Debugger . 50 Xilinx System Debugger Command-Line Interface (XSDB) . 51 Chapter 4: Flash Memory Programming Overview . 52 Program Flash Utility . 53 Other Notes . 55 Appendix A: GNU Utilities General Purpose Utility for MicroBlaze Processors. 60 Utilities Specific to MicroBlaze Processors. 60 Other Programs and Files . 63 Appendix B: Additional Resources and Legal Notices Xilinx Resources . 64 Solution Centers. 64 Documentation Navigator and Design Hubs . 64 Embedded System Tools Reference Manual www.xilinx.com Send Feedback 3 UG1043 (v2016.1) April 06, 2016 References . 65 Training Resources. 65 Please Read: Important Legal Notices . 66 Embedded System Tools Reference Manual www.xilinx.com Send Feedback 4 UG1043 (v2016.1) April 06, 2016 Chapter 1 Embedded System and Tools Architecture Overview This guide describes the architecture of the embedded system tools and flows provided in the Xilinx® Vivado® Design Suite for developing systems based on the MicroBlaze™ embedded processor and the Cortex A9, A53 and R5 ARM processors.
    [Show full text]
  • Slides for RISC-V Code Size Talk
    How compact is compiled RISC-V Jeremy Bennett code? Copyright © 2019 Embecosm. Freely available under a Creative Commons license. What this talk is... Thanks to openclipart.org What this talk is not... Thanks to openclipart.org Architectures Analysed ● DesignWare ARC HS. ● Arm Cortex-M4 + Thumb 2. ● RISV-V RV32IMC All 32-bit architectures, with 16-bit short instructions and no hardware floating point. BEEBS Name B M I F Bristol/Embecosm Embedded Benchmark Suite Blowfish ● CRC32 free and open source Cubic root solver ● mixture of branching (B), memory access (M), Dijkstra FDCT integer ops (I) and floating point (F) Float matmult ● minimal I/O Integer matmult ● Rjindael https://arxiv.org/abs/1308.5174 SHA ● BEEBS 2.0 now 79 benchmarks 2D FIR High frequency Medium frequency Low frequency What to Measure ● Sections in an embedded program – code: goes into ROM/Flash – read-only data: goes into ROM/Flash – initialized data: goes into RAM, maybe setup from ROM – uninitialized data (BSS): goes into RAM ● We look at code + read-only data size – most important for embedded systems – easily measured using size What to Measure Look at: Stack/heap code + read-only data RAM – most important for Uninitialized data embedded systems Initialized data – easily measured Read only data using size ROM Code Absolute Statistics ● Size for each program – code + read-only data ● Statistics recorded: – Total size for all programs ● dominated by effects on large programs – Size of largest program – Size of smallest programs Relative Statistics ● Size for ARC and
    [Show full text]
  • In Using the GNU Compiler Collection (GCC)
    Using the GNU Compiler Collection For gcc version 6.1.0 (GCC) Richard M. Stallman and the GCC Developer Community Published by: GNU Press Website: http://www.gnupress.org a division of the General: [email protected] Free Software Foundation Orders: [email protected] 51 Franklin Street, Fifth Floor Tel 617-542-5942 Boston, MA 02110-1301 USA Fax 617-542-2652 Last printed October 2003 for GCC 3.3.1. Printed copies are available for $45 each. Copyright c 1988-2016 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being \Funding Free Software", the Front-Cover Texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled \GNU Free Documentation License". (a) The FSF's Front-Cover Text is: A GNU Manual (b) The FSF's Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. i Short Contents Introduction ::::::::::::::::::::::::::::::::::::::::::::: 1 1 Programming Languages Supported by GCC ::::::::::::::: 3 2 Language Standards Supported by GCC :::::::::::::::::: 5 3 GCC Command Options ::::::::::::::::::::::::::::::: 9 4 C Implementation-Defined Behavior :::::::::::::::::::: 373 5 C++ Implementation-Defined Behavior ::::::::::::::::: 381 6 Extensions to
    [Show full text]
  • Developing Programs Using the Hardware Abstraction Layer, Nios II
    6. Developing Programs Using the Hardware Abstraction Layer January 2014 NII52004-13.1.0 NII52004-13.1.0 This chapter discusses how to develop embedded programs for the Nios® II embedded processor based on the Altera® hardware abstraction layer (HAL). This chapter contains the following sections: ■ “The Nios II Embedded Project Structure” on page 6–2 ■ “The system.h System Description File” on page 6–4 ■ “Data Widths and the HAL Type Definitions” on page 6–5 ■ “UNIX-Style Interface” on page 6–5 ■ “File System” on page 6–6 ■ “Using Character-Mode Devices” on page 6–8 ■ “Using File Subsystems” on page 6–15 ■ “Using Timer Devices” on page 6–16 ■ “Using Flash Devices” on page 6–19 ■ “Using DMA Devices” on page 6–25 ■ “Using Interrupt Controllers” on page 6–30 ■ “Reducing Code Footprint in Embedded Systems” on page 6–30 ■ “Boot Sequence and Entry Point” on page 6–37 ■ “Memory Usage” on page 6–39 ■ “Working with HAL Source Files” on page 6–44 The application program interface (API) for HAL-based systems is readily accessible to software developers who are new to the Nios II processor. Programs based on the HAL use the ANSI C standard library functions and runtime environment, and access hardware resources with the HAL API’s generic device models. The HAL API largely conforms to the familiar ANSI C standard library functions, though the ANSI C standard library is separate from the HAL. The close integration of the ANSI C standard library and the HAL makes it possible to develop useful programs that never call the HAL functions directly.
    [Show full text]
  • Compiler Support for Linker Relaxation in RISC-V
    Compiler Support For Linker Relaxation in RISC-V Shiva Chen Hsiangkai Wang 2019 RISC-V Workshop Taiwan The Idea of Linker Relaxation in RISC-V To reduce the number of instructions to access symbols Function call can be generated by jal(jump and link) jal can jump to the symbol within +/- 1Mib auipc and jalr pair The pair can jump to the symbol within 32-bit pc-relative address If the symbol and the call site are not in the same compile unit Compiler can not know the symbol offsets auipc and jalr pair will be generated to guarantee the function call can reach the symbol Linker know the symbol address if it’s a static linking Linker can transfer the pair to single jal Taking RISC-V® Mainstream 2 What is Relocation? The process that linker will fill in the symbol offsets that compiler can not know Linker will rewrite the offsets according to relocation records Relocation record contain the information Which instructions need to be relocated the offsets Which symbols involved with the relocations How to relocate the fields relative to symbols 00000000 <foo>: 0: auipc t1,0x0 4: jalr t1 # 0 <foo> Relocation section '.rela.text' Offset Type Sym.Value Sym. Name + Addend 00000000 R_RISCV_CALL 00000000 bar + 0 Taking RISC-V® Mainstream 3 Relaxation Relocation Type With the relocation types, linker can eliminate the instructions if the offset can fit in single instruction Emit extra relocation type “R_RISCV_RELAX” To indicate the instructions can do the relaxation Linker could relax auipc and jalr to jal 00000000 <foo>: 0: auipc t1,0x0 4: jalr t1 # 0 <foo> Relocation section '.rela.text' Offset Type Sym.Value Sym.
    [Show full text]
  • Compiling Applications for Analysis with DIVINE
    Faculty of Informatics, Masaryk University wyA 1 Compiling Applications for Analysis with DIVINE Master’s thesis Zuzana Baranová Brno, 2019 Declaration Hereby I declare that this thesis is my original work, which I have created on my own. All sources and literature used in writing the thesis, as well as any quoted material, are properly cited, including full reference to its source. Advisor: doc. RNDr. Petr Švenda, Ph.D. Consultant: RNDr. Petr Ročkai, Ph.D. Abstract Verification and other formal analysis techniques are often demanding tasks, both in skill and time. This is why non-critical software is seldom subjected to the same rigorous analysis as safety-critical software. However, all software would benefit from an extra level of assurance of its reliability and there has been prolonged effort on the side of analysis tools developers to make their use easier. Ideally, the aim is to integrate analysis techniques into the normal software development process. Among other tools, DIVINE is one such verifier whose long-term key goal is to bring verification closer to the developers of everyday software. A big step forward was direct verification of C and C++ programs. The programs are compiled into a more analysis-friendly form to be verified, notably LLVM bitcode (LLVM IR). Another big step in lowering barriers for adopting formal verification is re-using automated build tools and existing build instructions of projects, which would prevent the need for manual compilation of software. The purpose of this thesis is to replace the existing compilation toolchain of DIVINE with a tool which could be transparently used in automated build systems and which would produce bitcode of the whole program.
    [Show full text]