Computer Engineering and Applications ›› 2017, Vol. 53 ›› Issue (21): 144-150.DOI: 10.3778/j.issn.1002-8331.1612-0044

Previous Articles     Next Articles

Comparison technology of binary files based on hierarchical nodes

XIAO Ruiqing1, LIU Shengli1, YAN Meng2, XIAO Da1, SUN Haobin1   

  1. 1.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
    2.Xi’an Newspaper Media Group, Xi’an 710002, China
  • Online:2017-11-01 Published:2017-11-15


肖睿卿1,刘胜利1,颜  猛2,肖  达1,孙豪彬1   

  1. 1.数学工程与先进计算国家重点实验室,郑州 450001
    2.西安报业传媒集团,西安 710002

Abstract: The existing methods of binary files comparison is mainly achieved by the comparison of structural directed graph, such as BinDiff, it has problems such as mismatch caused by structure similar and high time-consumption of analysis. A matching method based on node hierarchy and node value is proposed to solve this problem. By extracting the hierarchical and value information of the function node which in the function call graph, providing a node level estimation algorithm for nodes which hierarchical information is unclearly, it has matched nodes recursively in the end. Experiments show that this method avoids the mismatch caused by structural similarity, the time consumption is less than 1/2 of the time consumed by the structured matching tool BinDiff, and the reduction of matching nodes’ number less than 15%. This method can effectively improve the cross-version similarity analysis efficiency of the embedded device firmware.

Key words: binary files comparison, hierarchical analysis, node value analysis, structural graphics

摘要: 当前二进制文件比对技术主流是以BinDiff为代表的结构化比对方法,存在结构相似导致的误匹配、分析耗时较高的问题。针对该问题提出一种基于节点层次化、价值化的匹配方法。通过提取函数节点在函数调用图中的层次与函数在调用网络中的价值,对层次模糊的节点提供了节点层次估算算法,最后递归匹配节点。实验表明,该方法避免了结构相似导致的误匹配,其时耗低于结构化比对工具Bindiff的1/2,节点匹配数量减少在15%以内。该方法可有效提高嵌入式设备固件的跨版本相似性分析效率。

关键词: 二进制文件比对, 层次分析, 节点价值, 结构化图形