Proceedings of the Institute for System Programming of the RAS
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Proceedings of the Institute for System Programming of the RAS, 2017, Volume 29, Issue 3, Pages 31–42
DOI: https://doi.org/10.15514/ISPRAS-2016-29(3)-3
(Mi tisp220)
 

This article is cited in 2 scientific papers (total in 2 papers)

On representation used in the binary code reverse engineering

V. A. Padaryanab

a Lomonosov Moscow State University
b Institute for System Programming of the Russian Academy of Sciences
Full-text PDF (539 kB) Citations (2)
References:
Abstract: The paper discusses the problem of representation of algorithms extracted from binary code in course of reverse engineering: both representations for automatic analysis and final representations for the user. Two key subproblems of reverse engineering are focused on: automatic search for exploitable defects and discovery of undeclared capabilities. A principal scheme of system that allows automatically finding exploitable defects is described, along with key features of an internal representation employed by such system from the viewpoint of efficient generation of equations for an SMT solver. A sequence of steps for a system that reveals undeclared capabilities is enumerated: algorithm localization, its representation in a form suitable for analysis, and recovery of its properties. In order to automate the first step a static-dynamic representation is built which includes OS-level events and calls to library functions that serve as “anchor points” for the analyst in course of algorithm localization. Further support for localization is provided by means of code slicing and navigation algorithms. Once the algorithm is localized, further work goes in two directions: dialogue-based building of an annotated representation of the algorithm as a flowchart and automated research of characteristics of the algorithm in terms of declared and undeclared data flows. Flowchart representation of an algorithm is based on building simplified function models which describe input and output buffers, and automatic analysis of data flows between buffers of calls of different functions. The general scenario of interaction between an analyst and such a flowchart in context of the undeclared capability revealing problem is described, based on annotating declared data flows and automatically revealing undeclared ones. The paper concludes with an example of such a representation and an enumeration of further work directions.
Keywords: binary code, combined analysis, intermediate representation.
Funding agency Grant number
Russian Foundation for Basic Research 16-29-09632
Bibliographic databases:
Document Type: Article
Language: Russian
Citation: V. A. Padaryan, “On representation used in the binary code reverse engineering”, Proceedings of ISP RAS, 29:3 (2017), 31–42
Citation in format AMSBIB
\Bibitem{Pad17}
\by V.~A.~Padaryan
\paper On representation used in the binary code reverse engineering
\jour Proceedings of ISP RAS
\yr 2017
\vol 29
\issue 3
\pages 31--42
\mathnet{http://mi.mathnet.ru/tisp220}
\crossref{https://doi.org/10.15514/ISPRAS-2016-29(3)-3}
\elib{https://elibrary.ru/item.asp?id=29438838}
Linking options:
  • https://www.mathnet.ru/eng/tisp220
  • https://www.mathnet.ru/eng/tisp/v29/i3/p31
  • This publication is cited in the following 2 articles:
    Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Proceedings of the Institute for System Programming of the RAS
    Statistics & downloads:
    Abstract page:183
    Full-text PDF :89
    References:40
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024