Computer Science

Computer Science ›› 2013, Vol. 40 ›› Issue (Z6): 315-319.

Previous Articles     Next Articles

Recognition of Indirect Jump Targets Based on Trace Constraint

LI Dan,WANG Zhen-yu,JING Jing and WANG Guo-hao   

  • Online:2018-11-16 Published:2018-11-16

PDF (PC)

682

Abstract: The recognition of indirect jump targets is one of the most difficult problems for control flow reconstruction from binary all the time.Due to dependency for runtime information,traditional solutions of indirect jump cannot meet the demand of precision.Through research of control flow reconstruction technical,we presented a new method for recognition of indirect jump targets based on trace constraint.For an indirect jump,a trace set from entry point to indirect jump can be constructed from a given initial control flow graph.Then for every element of the trace set,a target address can be determined through trace constraint resolve and target address expression which is constructed with relevant control flow analysis technical.By this means,a set of jump targets can be determined for every indirect jump.

Key words: Control flow reconstruction,Indirect jump,Recognition of target address,Trace constraint,Data flow analysis

[1] Balakrishnan G.WYSINWYX:What you see is not what you execute[D].Wisconsin:University of Wisconsin,2007
[2] Cifuentes C.Reverse Compilation Techniques [D].Queensland:Queensland University of Technology,1994
[3] Bardin S,Herrmann P,Vedrine F.Refinement-Based CFG Re-construction from Unstructured Program[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2011.Berlin:LNCS 6538,2011:54-69
[4] Larus J R,Schnarr E.EEL:Machine-Independent ExecutableEditing[C]∥Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation.1995:291-300
[5] De Sutter B,De Bus B,De Bosschere K.Link-time binary rewriting techniques for program compaction[J].ACM Trans.Program.Lang.Syst.,2005,27(5):882-945
[6] Kinder J,Zuleger F,Veith H.An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2009.Berlin:LNCS 5043,2009:214-228
[7] Kinder J,Kravchenko D.Alternating Control Flow Reconstruction[C]∥Verification Model Checking and Abstract Interpretation (VMCAI),2012.Berlin:LNCS 7148,2012:267-282
[8] Xu L,Sun F,Su Z.Constructing precise control flow graphsfrom binaries[R].Tech.Rep.University of California,Davis,2009
[9] Binary analysis platform (BAP).http://bap.ece.cmu.edu,2012-11-25
[10] Song D,Brumley D,Yin Heng,et al.BitBlaze:A New Approach to Computer Security via Binary Analysis[C]∥Intelligent Computing and Integrated Systems Security (ICISS),2008.Berlin:LNCS 5352,2008:1-25
[11] STP:A Decision Procedure for Bitvectors and Arrays.http://people.csail.mit.edu/vganesh/STP_files/stp.html,2012-11-01
[12] 方霞.代码逆向分析中的语句恢复与算法识别技术研究[D].郑州:信息工程大学,2009
[13] 殷文建.面向ARM体系结构的代码逆向分析关键技术研究[D].郑州:信息工程大学,2009
[14] Schwartz E J,Avgerinos T,Brumely D.All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution[C]∥IEEE Symposium on Security and Privacy,2010.Pittsburgh:DOI 10.1109/SP,2010,26
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.