Presentation is loading. Please wait.

Presentation is loading. Please wait.

Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings."— Presentation transcript:

1 Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings of the Third Working Conference on On page(s): 50 - 56 8-10 Nov. 1996 Monterey, CA, USA

2 Introduction What’s the problem?  Investment made on software when newer machine is available. Two points of view for migration of software:  From a commercial view: Software needs to be available on the new machine at the same time.  From a software developer’s point of view: Software developed in-house is an investment and asset to an organization. Software migration is not a trivial problem!!

3 Four approaches to solve this problem Use a native compiler to compile the source code for the new platform. Emulation of old machine’s instructions using micro-code hardware in new machine. Emulation of old machine’s instructions in software in new machine. Binary translation

4 Problems On using a native compiler to compile the source code:  Compilation requires access to all source code, which may not be feasible. On Emulation of old machine’s instructions using micro-code hardware  It’s requires special micro-programmable hardware, which is not include in today’s RISC machine. On Emulation of old machine’s instructions in software  Software emulation is easy to implement but slow.

5 Structure of a Binary Translator and a De-compiler Front-end:  The front-end is a machine-dependent module that loads the source binary program, disassembles it, and translates it into an intermediate representation. Middle-end:  Performs the code analysis for the translation, and performs optimizations on the code Back-end:  It is a target machine-dependent module that generates code for the target machine

6 Integrated Reverse Engineering Environment for Binary Code

7 A Compiler’s Structure

8 An Integrated Reverse Engineering Environment for Binary Code Loader Disassembler  Signature generator  Prototype generator  New Jersey machine-code toolkit (NJMC) Idiom analyzer Control flow graph generator UBM/UDM

9 Loader Just like the operating system loader. Read the binary file by decoding the binary-file format used to store the program, and determine the file’s structure (instructions, tables, symbol tables).

10 Disassembler Parses the binary image of the program and translates it to assembler or some equivalent representation. It parsed starting at the entry point and following all paths from this point. Analysis address of indexed and indirect jumps or calls

11 Idiom analyzer Detect idioms and translates the sequence of instructions into intermediate instructions. An idiom is a sequence o instructions that has a special meaning that can't be derived from semantics of the individual instructions alone. Examples:  ARM : bl foo  X86 Sub ax,immedLo Sbb ax,immedHi = sub dx:ax, immedHi:immedLo

12 Control flow graph generator Constructs a control flow graph for each subroutine of the program. The control flow graph is part of the intermediate representation of any reverse engineering tool that deals with binary code.

13 Second Generation Tools Signature generator  Automatically determines library signatures Prototype generator  Automatically determines the types of the formal arguments of library subroutines, and the type of the return value for functions. New Jersey machine-code toolkit (NJMC)  Facilitate the decoding of machine instructions by provide a specification language to define machine instructions.

14 UBM/UDM Universal binary-translation machine  Generates binary programs for target machine Universal decompilation machine  Generates high-level language (like C).

15 Conclusions This paper presents an integrated environment for the reverse engineering of binary programs. Such environment is suitable for the development of disassemblers, binary translators and decompilers. Make retargetable techniques essential in order to develop such tools for a variety of machines rather than for one specific machine.

Download ppt "Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings."

Similar presentations

1 CIS 461 Compiler Design and Construction Fall 2014 Instructor: Hugh McGuire slides derived from Tevfik Bultan, Keith Cooper, and Linda Torczon Lecture-Module.

1 CIS 461 Compiler Design and Construction Fall 2014 Instructor: Hugh McGuire slides derived from Tevfik Bultan, Keith Cooper, and Linda Torczon Lecture-Module.
8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.

8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.
CS 31003: Compilers Introduction to Phases of Compiler.

CS 31003: Compilers Introduction to Phases of Compiler.
Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.

Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.
The Assembly Language Level

The Assembly Language Level
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Systems Software.

Systems Software.
CSI 3125, Preliminaries, page 1 Programming languages and the process of programming –Programming means more than coding. –Why study programming languages?

CSI 3125, Preliminaries, page 1 Programming languages and the process of programming –Programming means more than coding. –Why study programming languages?
Intermediate Representation I High-Level to Low-Level IR Translation EECS 483 – Lecture 17 University of Michigan Monday, November 6, 2006.

Intermediate Representation I High-Level to Low-Level IR Translation EECS 483 – Lecture 17 University of Michigan Monday, November 6, 2006.
The Design of a Resourceable and Retargetable Binary Translator Cristina Cifuentes Sixth Working Conference on Reverse Engineering On page(s): 280 - 291.

The Design of a Resourceable and Retargetable Binary Translator Cristina Cifuentes Sixth Working Conference on Reverse Engineering On page(s):
Chapter 16 Programming and Languages: Telling the Computer What to Do.

Chapter 16 Programming and Languages: Telling the Computer What to Do.
Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.

Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.
CMP 131 Introduction to Computer Programming Violetta Cavalli-Sforza Week 1, Lab.

CMP 131 Introduction to Computer Programming Violetta Cavalli-Sforza Week 1, Lab.
3-1 3 Compilers and interpreters  Compilers and other translators  Interpreters  Tombstone diagrams  Real vs virtual machines  Interpretive compilers.

3-1 3 Compilers and interpreters  Compilers and other translators  Interpreters  Tombstone diagrams  Real vs virtual machines  Interpretive compilers.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Lecture 2 Phases of Compiler. Preprocessors, Compilers, Assemblers, and Linkers Preprocessor Compiler Assembler Linker Skeletal Source Program Source.

Lecture 2 Phases of Compiler. Preprocessors, Compilers, Assemblers, and Linkers Preprocessor Compiler Assembler Linker Skeletal Source Program Source.
September 7, 2015 1 September 7, 2015September 7, 2015September 7, 2015 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University.

September 7, September 7, 2015September 7, 2015September 7, 2015 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University.
ICS611 Introduction to Compilers Set 1. What is a Compiler? A compiler is software (a program) that translates a high-level programming language to machine.

ICS611 Introduction to Compilers Set 1. What is a Compiler? A compiler is software (a program) that translates a high-level programming language to machine.
Chapter 1. Introduction.

Chapter 1. Introduction.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.

Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.

Similar presentations

Ads by Google