Acta Informatica Pragensia 2013, 2(1), 18-29 | DOI: 10.18267/j.aip.104379

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Jakub K�oustek, Du�an Kol��
IT4Innovations Centre of Excellence, Faculty of Information Technology, Brno University of Technology, Bo�et�chova 1/2, 612 66 Brno, Czech Republic

Program comprehension and reverse engineering are two large domains of computer science that have one common goal - analysis of existing programs and understanding their behaviour. In present, methods of source-code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable-code analysis are rare because of their complexity. In this paper, we present a complex platform-independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain, developed within the Lissom project, exploits several previously designed methods and it can be used for debugging user's applications as well as malware analysis, etc. The main contribution of this paper is to interconnect the existing methods and illustrate their usage on the real-world scenarios. Furthermore, we introduce a concept of a new retargetable method - the hybrid analysis. It can eliminate the shortcomings of the static and dynamic analysis in future.

Keywords: Debugger, Decompiler, Reverse Engineering, Lissom

Received: March 12, 2013; Revised: May 29, 2013; Accepted: June 14, 2013; Published: June 29, 2013  Show citation

ACS AIP APA ASA Harvard Chicago IEEE ISO690 MLA NLM Turabian Vancouver
K�oustek, J., & Kol��, D. (2013). Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis. Acta Informatica Pragensia,�2(1),�18-29. doi:�10.18267/j.aip.10
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. BARBE, P. The PILER system of computer program translation, Technical report, Probe Consultants Inc., 1974.
    2. CIFUENTES, C. Reverse compilation techniques, PhD thesis, School of Computing Science, Queensland University of Technology, Brisbane, AU-QLD, 1994.
    3. �URFINA, L., K�OUSTEK, J., ZEMEK, P., K�BELE, B. Detection and Recovery of Functions and Their Arguments in a Retargetable Decompiler, In: 19th Working Conference on Reverse Engineering (WCRE'12), Kingston, Ontario, CA, IEEE CS, 2012, pp. 51-60, ISBN 978-0-7695-4891-3.
    4. �URFINA, L., K�OUSTEK, J., ZEMEK, P., KOL��, D., HRU�KA, T., MASA��K, K., MEDUNA, A. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: International Journal of Security and Its Applications, Vol. 5, No. 4, 2011, Daejeon, KR, pp. 91-106, ISSN 1738-9976. Go to original source...
    5. K�STNER D., WILHELM S. Generic control flow reconstruction from assembly code, In Proceedings of the joint conference on Languages, compilers and tools for embedded systems: Software and compilers for embedded systems (LCTES/SCOPES '02), ACM, New York, NY, USA, pp. 46-55. 2002. URL http://www.absint.com Go to original source...
    6. KINDER, J., VEITH, H. Jakstab: A static analysis platform for binaries, In Computer Aided Verification, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, vol. 5123, pp. 423-427, 2008. Go to original source...
    7. K�OUSTEK, J., MATULA, P., KON�ICK�, J., KOL��, D. Accurate Retargetable Decompilation Using Additional Debugging Information, In: Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12), Rome, IT, IARIA, pp. 79-84, ISBN 978 1 61208-209-7, 2012.
    8. K�OUSTEK, J., P�IKRYL, Z., KOL��, D., HRU�KA, T. Retargetable Multi-level Debugging in HW/SW Codesign, In: The 23rd International Conference on Microelectronics (ICM 2011), Hammamet, TN, IEEE, pp. 6, ISBN 978-1-4577-2209-7, 2011. Go to original source...
    9. LATTNER C. LLVM: An Infrastructure for Multi-Stage Optimization, Master's Thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Dec. 2002. URL http://llvm.org/
    10. MASA��K, K. System for Hardware-Software Co-Design, FIT BUT, ISBN 978-80-214-3863-7, Brno, CZ, 2008, URL http://www.fit.vutbr.cz/research/groups/lissom/
    11. MIPS Technologies Inc., MIPS32 Architecture for Programmers Volume II-A: The MIPS32 Instruction Set, 2010.
    12. P�IKRYL, Z. Advanced Methods of Microprocessor Simulation, PhD thesis, Brno University of Technology, Faculty of Information Technology, Brno, CZ, p. 103, 2011.
    13. P�IKRYL, Z., K�OUSTEK, J., HRU�KA, T., KOL��, D. Fast Translated Simulation of ASIPs, In: OpenAccess Series in Informatics (OASIcs), Vol. 16, No. 1, Wadern, DE, pp. 93-100, ISSN 2190-6807, 2011. Go to original source...
    14. RAMOS D. A., ENGLER, D. R. Practical, low-effort equivalence verification of real code, In Proceedings of the 23rd international conference on Computer aided verification (CAV'11), Springer-Verlag, Berlin, Heidelberg, pp. 669-685, 2011. URL http://www.coverity.com/ Go to original source...
    15. ROSENBERG, B. J. How Debuggers Work - Algorithms, Data Structures, and Architecture, Wiley Computer Publishing, 1996.
    16. VAN EMMERIK, M. Static Single Assignment for Decompilation, PhD thesis, School of ITEE, University of Queensland, Brisbane, AU-QLD, 2007.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content