关键词: 逆向分析，固件代码，反汇编，中断向量表

Abstract: Disassembly is an important part of firmware reverse engineering analysis, whose correctness directly influences the precision of FREA. At present,most of the disassembly methods focus on practical program. However,these methods could not be directly used in firm-code disassembly due to its particularity. IV T (Interrupt Vector Fable) is the core of firm-code. Effective interrupt vectors are available by reconstructing the IVT. The more interrupt vectors we obtwin, the more precise the disassembly result is. The structural characteristics of firm-code were studied, and the IV T reconstruction method was introduced. Moreover, a disassembly technology based on the reconstruction of IVT was proposed. The experimental results show that the proposed technology can effectively improve the precision of firm-code disassembly, by which both of main function and interrupt subprograms could be disassembled, compared with traditional static disassembly methods. The disassembly precision is increased by 8. 72 0 in average.

Key words: Reverse analysis, Firm-code, Disassembly, IVT