Methods and software tools to support combined binary code analysisстатья
Информация о цитировании статьи получена из
Web of Science,
Scopus
Статья опубликована в журнале из списка Web of Science и/или Scopus
Дата последнего поиска статьи во внешних источниках: 30 октября 2015 г.
Аннотация:Methods and tools for binary code analysis developed in the Institute of System Programming, Russian Academy of Sciences, and their applications in algorithm and data format recovery are considered. The executable code of various general-purpose CPU architectures is analyzed. The analysis is performed given no source codes, debugging information, and specific OS version requirements. The approach implies collecting a detailed machine instruction level execution trace; a method for successively increasing presentation level; extraction of algorithm’s code followed by structuring of both code and data formats it processes. Important results are obtained, viz. an intermediate representation is developed that allows carrying out most preliminary processing tasks and algorithm code extraction without having to focus on specifics of a given machine; and a method and software tool are developed for automated recovery of network message and file formats. The tools are integrated into the unified analysis platform that supports their combined use. The architecture behind the platform is also described. Examples of its application to real programs are given.