reconbin: reconstructing binary file from execution for software analysis
文献类型:会议论文
| 作者 | Ying Lingyun ; Su Purui ; Feng Dengguo ; Wang Xianggen ; Yang Yi ; Liu Yu |
| 出版日期 | 2009 |
| 会议名称 | 3rd International Conference on Secure Software Integration and Reliability Improvement |
| 会议日期 | JUL 08-10, |
| 会议地点 | Shanghai, PEOPLES R CHINA |
| 关键词 | execution monitoring software security analysis malware analysis binary analysis |
| 英文摘要 | Static analysis is one of the most popular approaches of software analysis. As more and more software protects their code by transformation or encryption, then releases them at runtime dynamically, it is hard to statically analyze these protected executables because of the failure of disassembling. In this paper, we propose a novel and general technique to reconstruct binary files for static analysis by monitoring the executions of protected executables. Our approach can identify and extract the dynamically released code at runtime, and at the same time record the control transfers information, and then reconstruct a binary file based on the original executable. The whole process does not depend on any prior knowledge on the protection methods. Experiments on our prototype ReconBin show that our approach can properly reconstruct the executables protected by SMC and packers, and the reconstructed binary files can be successfully analyzed by static analysis tools such as IDA Pro. We show that it also can be used to analyze the code dynamically generated by virtual machines, emulators, and buffer overflow attacks, which also dynamically inject attack code into stack and direct execution flow to it. |
| 会议主办者 | IEEE Reliabil Soc, Shanghai Jiao Tong Univ |
| 会议录 | SSIRI 2009 - 3rd IEEE International Conference on Secure Software Integration Reliability Improvement
 |
| 会议录出版者 | 2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS |
| 会议录出版地 | 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA |
| ISBN号 | 978-0-7695-3758-0 |
| 源URL | [http://124.16.136.157/handle/311060/8270]  |
| 专题 | 软件研究所_信息安全国家重点实验室_会议论文 |
| 推荐引用方式 GB/T 7714 | Ying Lingyun,Su Purui,Feng Dengguo,et al. reconbin: reconstructing binary file from execution for software analysis[C]. 见:3rd International Conference on Secure Software Integration and Reliability Improvement. Shanghai, PEOPLES R CHINA. JUL 08-10,. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。