Lightweight heuristics to retrieve parameter associations from binaries

Autor:	Laurent Mounier, Roland Groz, Franck de Goër
Přispěvatelé:	Validation de Systèmes, Composants et Objets logiciels (VASCO), Laboratoire d'Informatique de Grenoble (LIG), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), VERIMAG (VERIMAG - IMAG), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Grenoble (INPG)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Université Joseph Fourier - Grenoble 1 (UJF), ANR-11-LABX-0025,PERSYVAL-lab,Systemes et Algorithmes Pervasifs au confluent des mondes physique et numérique(2011)
Rok vydání:	2015
Předmět:	Data flow diagram Allocator Theoretical computer science Relation (database) Computer science Scalability Instrumentation (computer programming) Arity Static analysis Heuristics ComputingMilieux_MISCELLANEOUS [INFO.INFO-CL]Computer Science [cs]/Computation and Language [cs.CL]
Zdroj:	PPREW@ACSAC Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW@ACSAC Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW@ACSAC, Dec 2015, Los Angeles, CA, United States
DOI:	10.1145/2843859.2843861
Popis:	We present an approach to recover information on function signatures and data-flow relations from stripped binary code. Contrary to most approaches based either on static analysis or fine-grained dynamic instrumentation, we propose lightweight instrumentation and heuristics. Our goal is to get a fast and scalable pre-processing that could serve as a front-end to focus more detailed analysis of particular functions. We infer arity and parameter types, as well as a coupling relation (which we define). We are interested in particular in couples of functions with a data-flow relation, such as memory allocators. We trade-off accuracy for scalability and performance, but our experiments show that the results of the proposed heuristics can be quite accurate, even on a single random execution.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_dedup___::89910d0208f66f5f3cf64587ba15279b https://doi.org/10.1145/2843859.2843861 Zobrazit plný text záznamu