Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

Ďurfina, Lukáš; Křoustek, Jakub; Zemek, Petr; Kolář, Dušan; Hruška, Tomáš; Masařík, Karel; Meduna, Alexander

doi:10.1007/978-3-642-23141-4_8

Cited by 16 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is done by an entry point analysis. This analysis works similarly as our detection of statically linked code, see [15]. The default value is the entry point given by the executable file.…”

Section: A Front-endmentioning

confidence: 97%

See 1 more Smart Citation

Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler

Durfina

Křoustek

et al. 2012

2012 19th Working Conference on Reverse Engineering

Self Cite

View full text Add to dashboard Cite

Detection and recovery of high-level control structures, such as functions and their arguments, plays an important role in decompilation. It has a direct impact on the quality of the generated code because it is needed for generating functionally equivalent and highly readable code. In this paper, we present an innovative, platform-independent method of detection and recovery of functions and their arguments. This method is based on static code interpretation and iterative bidirectional search over reconstructed basic blocks. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing hand-coded decompilers.

show abstract

Section: A Front-endmentioning

confidence: 97%

“…A detailed description of this decompiler has been introduced in [15]. In that paper, only a very simple function detection was possible.…”

Section: Lissom Project's Retargetable Decompilermentioning

confidence: 99%

Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler

Durfina

Křoustek

et al. 2012

2012 19th Working Conference on Reverse Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…It can help in the analysis of malicious software [8]. As it is shown in Section IV, the user can analyze various executables from un trustworthy websites or vendors.…”

Section: Online Decompilation Servicementioning

confidence: 99%

“…Its main advantage over the existing tools lies in its generality-to add support for a new architecture, one has to first describe this architecture, and then utilize the already developed tools to build a decompiler for that architecture. In this way, the development time for adding support for a new architecture can be dramatically decreased [8,9]. The decompiler is freely available in the form of a web service, and is accessible via any commonly used web browser.…”

Section: Introductionmentioning

confidence: 99%

Retargetable machine-code decompilation in your web browser

Ďurfina

Křoustek

Zemek

2013

2013 Third World Congress on Information and Communication Technologies (WICT 2013)

Self Cite

View full text Add to dashboard Cite

Machine-code decompilation, belonging to the area of reverse engineering, has found its applications in many real-world areas. Analysis of malicious software, search for vulnerabilities, and source-code recovery are some of the most important uses. As there exists a diversity of different platforms on which software can be run, an existence of a generic decompiler would be highly appreciated. The present paper describes such a tool.In this paper, we provide a description of a retargetable decompiler that is being developed within the Lissom project.First, we give an introduction into the area of machine code decompilation, including a brief discussion of existing tools. Then, we describe the concept and architecture of the decompiler. As it is available in the form of a web service, we also provide its description. Finally, we summarize our results, present a case study of using the tool for analysing malicious software, and conclude the paper by several remarks on future research.

show abstract

“…In present, the retargetable decompiler allows decompilation of MIPS, ARM, and Intel x86 executables. The detailed description can be found in [3,4]. …”

Section: Figmentioning

confidence: 99%

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Křoustek¹,

Kolář²

2013

AIP

Self Cite

View full text Add to dashboard Cite

Abstract:Program comprehension and reverse engineering are two large domains of computer science that have one common goal -analysis of existing programs and understanding their behaviour. In present, methods of source-code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable-code analysis are rare because of their complexity. In this paper, we present a complex platform-independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain, developed within the Lissom project, exploits several previously designed methods and it can be used for debugging user's applications as well as malware analysis, etc. The main contribution of this paper is to interconnect the existing methods and illustrate their usage on the real-world scenarios. Furthermore, we introduce a concept of a new retargetable method -the hybrid analysis. It can eliminate the shortcomings of the static and dynamic analysis in future.

show abstract

Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis

Cited by 16 publications

References 11 publications

Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler

Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler

Retargetable machine-code decompilation in your web browser

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Contact Info

Product

Resources

About