Program structure parsing model design in software security reverse analysis

doi:10.3778/j.issn.1002-8331.2008.32.019

Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (32): 64-67.DOI: 10.3778/j.issn.1002-8331.2008.32.019

• 研发、设计、测试 • Previous Articles Next Articles

Program structure parsing model design in software security reverse analysis

LI Guang-xu¹,LI Wei-hua^1,2,PAN Wei¹,SHI Hao-bin¹

1.School of Computer Science and Engineering，Northwestern Polytechnical University，Xi’an 710072，China
2.School of Mingde，Xi’an 710072，China

Received:2008-05-15 Revised:2008-07-24 Online:2008-11-11 Published:2008-11-11
Contact: LI Guang-xu

软件安全逆向分析中程序结构解析模型设计

李广旭¹,李伟华^1,2,潘炜¹,史豪斌¹

1.西北工业大学计算机学院，西安 710072
2.明德学院，西安 710072

通讯作者: 李广旭

Abstract

Abstract: A program structure parsing model for binary file reverse analysis is presented.The model disassembles a binary file to generate a corresponding assembly file，eliminates redundant information from the assembly file，and then statically analyzes the assembly file to construct basic blocks with index-dependent information.It extracts control flow and function call information of binary file based on basic blocks，and creates control flow and function call graphs.The model does not depend on source code，but shows better practicability and generality.Our experiments demonstrate that the proposed model has a high accuracy in parsing program structure of binary file.

Key words: reverse analysis, program structure parsing, static analysis, control flow

摘要： 提出了一种基于二进制文件的程序结构解析模型。该模型通过对二进制文件反汇编，去除汇编文件中的冗余信息，对汇编文件进行静态分析，构建带有索引依赖信息的基本块，并以该基本块为基础提取二进制程序的内部控制流与函数调用关系信息，最后给出程序内部控制流图以及函数调用关系图。该模型不依赖程序的源文件，以二进制文件为分析对象，实用性和通用性比较好；实验结果表明模型对二进制程序内部结构解析具有较高的准确性。

关键词: 逆向分析, 程序结构解析, 静态分析, 控制流

LI Guang-xu¹,LI Wei-hua^1,2,PAN Wei¹,SHI Hao-bin¹. Program structure parsing model design in software security reverse analysis[J]. Computer Engineering and Applications, 2008, 44(32): 64-67.

李广旭¹,李伟华^1,2,潘炜¹,史豪斌¹. 软件安全逆向分析中程序结构解析模型设计[J]. 计算机工程与应用, 2008, 44(32): 64-67.

[1]	CHEN Yaoyang, CHEN Wei. Control Flow Obfuscation Technology Based on Implicit Jump [J]. Computer Engineering and Applications, 2021, 57(20): 125-132.
[2]	LE Deguang, ZHAO Jie, GONG Shengrong. ARM Assembly Code Obfuscation Algorithm Based on Mode Switch [J]. Computer Engineering and Applications, 2021, 57(18): 122-129.
[3]	LIN Hongyang, PENG Jianshan, ZHAO Shibin, ZHU Junhu, XU Hang. Survey on JavaScript Engine Vulnerability Detection [J]. Computer Engineering and Applications, 2019, 55(11): 16-24.
[4]	CHEN Lu, MA Yuanyuan, SHI Congcong, LI Nige, LI Weiwei. Research on Android application security flaws static analysis technology [J]. Computer Engineering and Applications, 2018, 54(4): 117-121.
[5]	LV Boran, WU Junhua. Clone detection method based on path sequence similarity determination [J]. Computer Engineering and Applications, 2018, 54(2): 55-61.
[6]	ZHAO Wei1，4, WANG Nan2, SU Xin3，4, ZHANG Boyun1. Android malware detection approach based on deep belief network [J]. Computer Engineering and Applications, 2018, 54(18): 125-132.
[7]	MA Rongkuan, WEI Qiang, WU Zehui. Static detection method for tainted-style vulnerabilities of PHP application [J]. Computer Engineering and Applications, 2018, 54(1): 64-69.
[8]	CHEN Qi1, JIANG Guoping2, XIA Lingling3. Homology analysis of malware based on function structure [J]. Computer Engineering and Applications, 2017, 53(14): 93-98.
[9]	SUN He1, WU Lifa1, HONG Zheng1, XU Mingfei2, ZHOU Shengli1，3. Research on function call graph based method for similarity analysis of binary files [J]. Computer Engineering and Applications, 2016, 52(21): 126-133.
[10]	DONG Yukun. Illegal computing defect detection by static analysis for C program [J]. Computer Engineering and Applications, 2016, 52(19): 31-36.
[11]	XIE Wenbing1，2, MA Xiaodong1, LI Zhongsheng1, NIU Xiamu2. Detection of buffer overflow by duplication of control flow data [J]. Computer Engineering and Applications, 2016, 52(11): 101-107.
[12]	QIAN Yucun, PENG Guojun, WANG Ying, LIANG Yu. Homology analysis of malicious code and family clustering [J]. Computer Engineering and Applications, 2015, 51(18): 76-81.
[13]	YOU Feng, BIAN Yi, ZHAO Ruilian. Automatic string test data generation for EFSM model [J]. Computer Engineering and Applications, 2014, 50(16): 57-61.
[14]	WU Xiaojing. Data mining based on intelligent knowledge map for financial crisis early warning [J]. Computer Engineering and Applications, 2013, 49(24): 116-121.
[15]	JIN Jing1，2, LI Meng1，2, HUA Zhebang1，2, SONG Huaida1，2, ZHAO Junfeng1，2, XIE Bing1，2. Code function recognition approach based on LDA and static analysis [J]. Computer Engineering and Applications, 2013, 49(15): 27-31.

Program structure parsing model design in software security reverse analysis

软件安全逆向分析中程序结构解析模型设计

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics