IA-64过程调用的逆向恢复技术

The Recovery of IA-64 Procedure Call

本文给出了对于IA-64体系结构可执行程序逆向恢复中过程识别和抽象的技术实现方法。采用自动机理论与模板匹配相结合的方法解决IA-64体系结构模板中不确定指令的识别问题。实现了基于数据流分析对过程调用的参数和返回值进行恢复的算法,有效地完成了过程调用的二进制代码向与硬件无关中间语言代码转换的恢复工作。

This paper present the method of procedure recovery technology of reverse engineering on IA-64 architecture executable. We implement the method of pattern match with automata theory to solve the problem of random instruction identifying in patterns, and describe the recovery algorithm of arguments and return values of a procedure which is based on data flow analysis. So we translate the binary of procedure call into low level intermedia language program code.