计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 315-319.
李丹,王震宇,井靖,王国好
LI Dan,WANG Zhen-yu,JING Jing and WANG Guo-hao
摘要: 间接跳转目标地址的识别一直是二进制代码控制流重构的难点之一,其跳转目标一般依赖于程序动态执行时的信息,传统方法无法精确识别。通过对控制流重构技术的研究,提出一种基于路径约束的间接跳转目标地址识别方法,即对于一个间接跳转,在初始控制流图的基础上构建从程序入口点到间接跳转的路径集合,对于每条路径,首先通过数据流分析相关技术得到跳转目标地址关于自由变量的一个表达式,然后对路径约束求解,得到满足约束的自由变量的一组特定解,并以此确定跳转目标表达式的值。通过该方法,每个间接跳转都可以根据路径集合确定跳转目标的地址集合。
[1] Balakrishnan G.WYSINWYX:What you see is not what you execute[D].Wisconsin:University of Wisconsin,2007 [2] Cifuentes C.Reverse Compilation Techniques [D].Queensland:Queensland University of Technology,1994 [3] Bardin S,Herrmann P,Vedrine F.Refinement-Based CFG Re-construction from Unstructured Program[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2011.Berlin:LNCS 6538,2011:54-69 [4] Larus J R,Schnarr E.EEL:Machine-Independent ExecutableEditing[C]∥Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation.1995:291-300 [5] De Sutter B,De Bus B,De Bosschere K.Link-time binary rewriting techniques for program compaction[J].ACM Trans.Program.Lang.Syst.,2005,27(5):882-945 [6] Kinder J,Zuleger F,Veith H.An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2009.Berlin:LNCS 5043,2009:214-228 [7] Kinder J,Kravchenko D.Alternating Control Flow Reconstruction[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2012.Berlin:LNCS 7148,2012:267-282 [8] Xu L,Sun F,Su Z.Constructing precise control flow graphsfrom binaries[R].Tech.Rep.University of California,Davis,2009 [9] Binary analysis platform (BAP).http://bap.ece.cmu.edu,2012-11-25 [10] Song D,Brumley D,Yin Heng,et al.BitBlaze:A New Approach to Computer Security via Binary Analysis[C]∥Intelligent Computing and Integrated Systems Security (ICISS),2008.Berlin:LNCS 5352,2008:1-25 [11] STP:A Decision Procedure for Bitvectors and Arrays.http://people.csail.mit.edu/vganesh/STP_files/stp.html,2012-11-01 [12] 方霞.代码逆向分析中的语句恢复与算法识别技术研究[D].郑州:信息工程大学,2009 [13] 殷文建.面向ARM体系结构的代码逆向分析关键技术研究[D].郑州:信息工程大学,2009 [14] Schwartz E J,Avgerinos T,Brumely D.All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution[C]∥IEEE Symposium on Security and Privacy,2010.Pittsburgh:DOI 10.1109/SP,2010,26 |
No related articles found! |
|