摘要
当前对嵌入式设备固件进行动态分析面临很多困难,单独的仿真分析和设备实体调试都难以满足实际需求,针对这一问题,提出虚拟执行和实体执行相结合的迭代式固件分析方法。设计一种迭代式分析机制并实现一个分析框架,使固件代码的执行能够根据分析需求在虚拟运行环境和实体运行环境之间多轮切换,解决仿真执行无法模拟I/O端口访问以及实体执行难以跟踪记录的问题,能够为嵌入式设备固件分析提供基础支撑。应用该技术对希捷硬盘固件进行分析,验证了其有效性。
At present, there are many difficulties in dynamic analysis of embedded device firmware. It is difficult to meet actual demands for separate simulation analysis and debugging of device entity. To solve this problem, an iterative firmware analysis method combining virtual execution and entity execution was proposed. An iterative analysis mechanism was designed and an analysis framework was implemented to enable the implementation of firmware code to switch between the virtual execution environment and the physical execution environment multiple times according to the analysis requirements. This method solved the problem that emulation execution cannot simulate I/O port access and entity execution is difficult to track and record, and could provide basic support for firmware analysis of embedded devices. This technology was applied to the analysis of Seagate hard disk firmware, which verified its effectiveness.
作者
徐永超
舒辉
杜三
XU Yong-chao;SHU Hui;DU San(State Key Laboratory of Mathematical Engineering and Advanced Computing,InformationEngineering University,Zhengzhou 450001,China)
出处
《计算机工程与设计》
北大核心
2019年第6期1676-1681,共6页
Computer Engineering and Design
关键词
嵌入式设备
动态分析
虚拟执行
实体执行
迭代分析机制
embedded device
dynamic analysis
virtual execution
entity execution
iterative analysis mechanism
