Results 1 -
5 of
5
Software-Architecture Recovery from Machine Code ∗
"... In this paper, we present a tool, called Lego, which recovers object-oriented software architecture from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) group the functions in the binary into classes, and (ii) identify inheritance ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
In this paper, we present a tool, called Lego, which recovers object-oriented software architecture from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) group the functions in the binary into classes, and (ii) identify inheritance and composition relationships between the inferred classes. The information obtained by Lego can be used for reengineering legacy software, and for understanding the architecture of software systems that lack documentation and source code. Our experiments show that the class hierarchies recovered by Lego have a high degree of agreement—measured in terms of precision and recall—with the hierarchy defined in the source code. Categories and Subject Descriptors
Subroutine Entry Point Recognition Using Data Mining
"... This paper introduces a novel approach to subroutine entry point recognition using data mining. The proposed method applies a Naïve Bayes classifier over features consisting of sequences of normalized disassembled instructions and sequences of preceding bytes. These features combined account for pro ..."
Abstract
- Add to MetaCart
(Show Context)
This paper introduces a novel approach to subroutine entry point recognition using data mining. The proposed method applies a Naïve Bayes classifier over features consisting of sequences of normalized disassembled instructions and sequences of preceding bytes. These features combined account for properties of compilers that introduce code at the start of subroutines and padding bytes before the start of subroutines. Experiments were conducted on a dataset consisting of Windows PE32 x86 binaries generated from a collection of small open-source applications for Windows using several compiler settings. Ten-fold cross-validation was applied for training and testing the classifier. The proposed method achieves an average true positive rate 98 % with a false positive rate of 0.7% for certain features.
Obfuscating Windows DLLs
"... Abstract—We present two techniques to obfuscate the inter-faces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the re-lated symbol information in the binary to prevent static analyses from identifying the invoked library functions. The s ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—We present two techniques to obfuscate the inter-faces between application binaries and Windows system DLLs (dynamic-link libraries). The first technique obfuscates the re-lated symbol information in the binary to prevent static analyses from identifying the invoked library functions. The second technique combines static linking with code obfuscation to avoid the external interface altogether, thus preventing dynamic attacks as well. This is done while still maintaining compatibility with multiple Windows versions, through run-time adaptation of the application. As the first concrete result of this ongoing research, we demonstrate and evaluate the techniques using a proof-of-concept tool applied to a simple test program. I.
Recovery of Class Hierarchies and Composition Relationships from Machine Code?
"... Abstract. We present a reverse-engineering tool, called Lego, which recovers class hierarchies and composition relationships from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) group the functions in the binary into classes, and ( ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. We present a reverse-engineering tool, called Lego, which recovers class hierarchies and composition relationships from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) group the functions in the binary into classes, and (ii) identify inheritance and composition relationships between the inferred classes. The software artifacts recovered by Lego can be subsequently used to understand the object-oriented design of software systems that lack documentation and source code, e.g., to en-able interoperability. Our experiments show that the class hierarchies recovered by Lego have a high degree of agreement—measured in terms of precision and recall—with the hierarchy defined in the source code. 1
