ISCAS OpenIR  > 信息安全国家重点实验室
reconbin: reconstructing binary file from execution for software analysis
Ying Lingyun; Su Purui; Feng Dengguo; Wang Xianggen; Yang Yi; Liu Yu
2009
会议名称3rd International Conference on Secure Software Integration and Reliability Improvement
会议录名称SSIRI 2009 - 3rd IEEE International Conference on Secure Software Integration Reliability Improvement
会议日期JUL 08-10,
会议地点Shanghai, PEOPLES R CHINA
出版地10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
出版者2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS
ISBN978-0-7695-3758-0
部门归属Ying, Lingyun; Su, Purui; Feng, Dengguo Chinese Acad Sci, Inst Software, State Key Lab Informat Secur, Beijing, Peoples R China.
摘要Static analysis is one of the most popular approaches of software analysis. As more and more software protects their code by transformation or encryption, then releases them at runtime dynamically, it is hard to statically analyze these protected executables because of the failure of disassembling. In this paper, we propose a novel and general technique to reconstruct binary files for static analysis by monitoring the executions of protected executables. Our approach can identify and extract the dynamically released code at runtime, and at the same time record the control transfers information, and then reconstruct a binary file based on the original executable. The whole process does not depend on any prior knowledge on the protection methods. Experiments on our prototype ReconBin show that our approach can properly reconstruct the executables protected by SMC and packers, and the reconstructed binary files can be successfully analyzed by static analysis tools such as IDA Pro. We show that it also can be used to analyze the code dynamically generated by virtual machines, emulators, and buffer overflow attacks, which also dynamically inject attack code into stack and direct execution flow to it.
关键词Execution Monitoring Software Security Analysis Malware Analysis Binary Analysis
主办者IEEE Reliabil Soc, Shanghai Jiao Tong Univ
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/8270
专题信息安全国家重点实验室
推荐引用方式
GB/T 7714
Ying Lingyun,Su Purui,Feng Dengguo,et al. reconbin: reconstructing binary file from execution for software analysis[C]. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA:2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS,2009.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Ying Lingyun]的文章
[Su Purui]的文章
[Feng Dengguo]的文章
百度学术
百度学术中相似的文章
[Ying Lingyun]的文章
[Su Purui]的文章
[Feng Dengguo]的文章
必应学术
必应学术中相似的文章
[Ying Lingyun]的文章
[Su Purui]的文章
[Feng Dengguo]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。