计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (23): 64-66.DOI: 10.3778/j.issn.1002-8331.2010.23.018

• 研发、设计、测试 • 上一篇    下一篇

数据流分析的二进制程序理解方法

唐和平,黄曙光,吴志勇   

  1. 解放军电子工程学院 网络工程系,合肥 230037
  • 收稿日期:2009-08-05 修回日期:2009-11-16 出版日期:2010-08-11 发布日期:2010-08-11
  • 通讯作者: 唐和平

Method based on data flow analysis to understanding binary program

TANG He-ping,HUANG Shu-guang,WU Zhi-yong   

  1. Network Engineering Department,PLA Electronic Engineering Institute,Hefei 230037,China
  • Received:2009-08-05 Revised:2009-11-16 Online:2010-08-11 Published:2010-08-11
  • Contact: TANG He-ping

PDF

摘要: 二进制程序数据流静态分析首先将被分析的程序转换成数据流描述标记,确定每个基本块的输入、输出定值集合,结合程序控制流图,建立模块内数据流方程组,通过迭代的方法解数据流方程并推导出函数输入与输出之间的联系,实现函数功能的静态理解。经过实验表明,在不需要额外提示的情况下,能够准确识别二进制形式的字符串拷贝函数。

关键词: 敏感数据流, 反汇编, 到达-定值, 程序理解

Abstract: In order to analyze executable file,this paper proposes a method of understanding program by data flow analysis.It firstly translates disassemble results into data flow descriptive language and gets Reach In and Out definition,builds intra-procedur data flow equations,and then solves equations to refer relation between function input and output.The method has been validated by experiment on string copy function without extra clue.

Key words: sensitive data flow, disassemble, reach-definition, program understanding

中图分类号: 

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数