期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于控制流精化的反汇编方法 被引量:6

Disassembly method based on control flow refining
原文传递
导出
摘要 反汇编过程是整个逆向工程的基础和重要部分。为提高反汇编过程的效率及反汇编结果的准确度,通过对传统反汇编方法的探究,提出了一种基于控制流图精化的静态反汇编方法。该方法把二进制代码通过函数定位切分成单个函数,然后再对单个函数生成初始的过程内控制流图,使用图论的方法与汇编指令的特征匹配相结合,提炼出真实的控制流图。使用CoreUtils中的22个程序作为测试基准,使用2种线性扫描算法作为比较基准。实验结果表明:本文所提出的反汇编方法比Objdump快63.2%,并且可以高度精确地绘制出控制流图,因此具有准确度高、效率高的显著特性。 Disassembly plays a fundamental and important role in reverse engineering.A static disassembly method based on a refining control flow graph was developed to improve disassembly accuracy and efficiency.The method slices the binary into functions and constructs an intra-procedure control flow graph for each function.Then,it extracts the real control flow graph as per graph theory and the assembly code features.This program evaluated 22 coreutils programs between these two linear sweep algorithms and is 63.2% faster than Objdump for drawing accurate control flow graphs.Therefore,it is more efficient and accurate.
作者 马金鑫 忽朝俭 李舟军
机构地区 北京航空航天大学计算机学院
出处 《清华大学学报(自然科学版)》 EI CAS CSCD 北大核心 2011年第10期1345-1350,共6页 Journal of Tsinghua University(Science and Technology)
基金 国家自然科学基金资助项目(60973105 90718017)
关键词 反汇编 控制流图 模糊化 disassembly control flow graph obfuscation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1Reps T, Balakrishnan G, Lim J. Intermediate representation recovery from low level code [C]// Partial Evaluation and Semantics-Based Program Charleston, USA Manipulation (PEPM) for Computing Machinery,2006: 100-111.
  • 2Brumley D, Jager I, Avgerinos T, et al. BAP: A binary analysis platform [C]// Proceedings of the 2ard International Conference on Computer Aided Verification (CAV'11). Utah, USA:Springer-Verlag, 2011.
  • 3Kruegel C, Robertson W, Valeur F, et al. Static disassembly of obfuscated binaries [C]// Proceedings of the 13th Conference on USENIX Security Symposium. San Diego, USA: USENIX Security, 2004:255-270.
  • 4Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly [C]// Computer and Communications Security (CCS). Washington DC, USA, 2003 : 290a - 299.
  • 5Schwarz B, Debray S, Andrews G. Disassembly of executable code revisited [C]// Working Conference on Reverse Engineering (WCRE). Richmond, USA: IEEE Computer Society, 2002:45-54.
  • 6Nanda S, Li W, Lam L, et al. BIRD: Binary interpretation using runtime disassembly [C]// Code Generation and Optimization(CGO). New York, USA: Association for Computing Machinery, 2006:358- 370.
  • 7Krishnammorthy N, Debray S, Fligg K. Static detection of disassembly errors [C]// 16th Working Conference on Reverse Engineering. Lille, France: IEEE Computer Society, 2009:259 - 268.
  • 8Balakrishnan G, Reps T. Analyzing stripped device driver executables [C]// Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Budapest, Hungary: Springer-Verlag, 2008:124 - 140.
  • 9Lee J, Avgerinos T, Brumley D. TIE: Principled reverse engineering of types in binary programs [C]// Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS 11). San Diego, USA: lnternet Society, 2011.
  • 10Christodorescu M, Jha S. Static analysis of executables to detect malicious patterns [C]// Proceedings of the 12th USEN1X Security Symposium. Washington I)C, USA: USENIX Security, 2003: 169-186.

同被引文献54

  • 1周晓聪.类型系统的λω×_≤等式理论及其语义的合理性[J].计算机研究与发展,2006,43(5):874-880. 被引量:2
  • 2李红霞,向宏.非对称加密在软件保护中的应用研究[J].信息安全与通信保密,2006,28(7):95-97. 被引量:3
  • 3李长青,李晓勇,韩臻.基于控制转换的软件保护[J].信息安全与通信保密,2006,28(10):146-149. 被引量:8
  • 4JosephYiu.ARMCortex-M3权威指南[M].宋岩,译.北京:北京航空航天大学出版社,2009.
  • 5COLLBERG C. Tamper-proofmg and Obfuscation Tools for Software Protection[J]. IEEE Transactions on Software Engineering, 2002, 28(8): 736-742.
  • 6LINN Cullen, DEBRAY Saumya. Obfuscation of ExecutableCode to Improve Resistance to Static Disassembly[C]//Proceedings of the 10th ACM Conference on Computer and Communications Security. Washington: [s.n.], 2003 : 292- 298.
  • 7CAPPAERT Jan, PRENEEL Bart. A General Model for Hiding Control Flow[C]//Proeeedings of the Tenth Annual ACM Workshop on Digital Rights Management. New York: ACM, 2010.
  • 8LIN Zhiqiang,ZHANG Xiangyu,XU Dongyan.Automaticreverse engineering of data structures from binary execution[C] //Proceedings of the 17th Network and DistributedSystem Security Symposium(NDSS).San Diego,USA:Internet Society,2010.
  • 9Lee J,Avgerinos T,Brumley D.TIE:Principled reverseengineering of types in binary programs[C] //Proceedings ofthe 18th Network and Distributed System SecuritySymposium(NDSS).San Diego,USA:InternetSociety,2011.
  • 10Troshina K,Chernov A.High-level composite typereconstruction during decompilation from assembly programs[C] //Proceedings of the 7th Perspectives of SystemInformatics(PSI).Akademgorodok,Russia:Springer Press,1999.

引证文献6

二级引证文献12

清华大学学报(自然科学版)
2011年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部