ATOM: a system for building customized program analysis tools
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Program generalization for software reuse: from C to C++
SIGSOFT '96 Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering
Lackwit: a program understanding tool based on type inference
ICSE '97 Proceedings of the 19th international conference on Software engineering
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
AnnoDomini: from type theory to Year 2000 conversion tool
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Data Dependence Analysis of Assembly Code
International Journal of Parallel Programming - Special issue on instruction-level parallelism and parallelizing compilation, part 2
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
Eliminating Virtual Function Calls in C++ Programs
ECCOP '96 Proceedings of the 10th European Conference on Object-Oriented Programming
Abstract Interpretation-Based Certification of Assembly Code
VMCAI 2003 Proceedings of the 4th International Conference on Verification, Model Checking, and Abstract Interpretation
Data-Flow-Based Virtual Function Resolution
SAS '96 Proceedings of the Third International Symposium on Static Analysis
Type Inference for COBOL Systems
WCRE '98 Proceedings of the Working Conference on Reverse Engineering (WCRE'98)
Assembly to High-Level Language Translation
ICSM '98 Proceedings of the International Conference on Software Maintenance
Practical and Accurate Low-Level Pointer Analysis
Proceedings of the international symposium on Code generation and optimization
Intermediate-representation recovery from low-level code
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
A next-generation platform for analyzing executables
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Extended weighted pushdown systems
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
Automatic reconstruction of data types in the decompilation problem
Programming and Computing Software
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Verification across intellectual property boundaries
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
A system for generating static analyzers for machine instructions
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
DDE: dynamic data structure excavation
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Programming and Computing Software
Refinement-based CFG reconstruction from unstructured programs
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Misleading malware similarities analysis by automatic data structure obfuscation
ISC'10 Proceedings of the 13th international conference on Information security
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Stack layout transformation: towards diversity for securing binary programs
Proceedings of the 34th International Conference on Software Engineering
Verification across Intellectual Property Boundaries
ACM Transactions on Software Engineering and Methodology (TOSEM)
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Scalable variable and data type detection in a binary rewriter
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
A compiler-level intermediate representation based binary analysis and rewriting system
Proceedings of the 8th ACM European Conference on Computer Systems
Recovering C++ Objects From Binaries Using Inter-Procedural Data-Flow Analysis
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
| Hi-index | 0.00 |
This paper addresses the problem of recovering variable-like entities when analyzing executables in the absence of debugging information. We show that variable-like entities can be recovered by iterating Value-Set Analysis (VSA), a combined numeric-analysis and pointer-analysis algorithm, and Aggregate Structure Identification, an algorithm to identify the structure of aggregates. Our initial experiments show that the technique is successful in correctly identifying 88% of the local variables and 89% of the fields of heap-allocated objects. Previous techniques recovered 83% of the local variables, but 0% of the fields of heap-allocated objects. Moreover, the values computed by VSA using the variables recovered by our algorithm would allow any subsequent analysis to do a better job of interpreting instructions that use indirect addressing to access arrays and heap-allocated data objects: indirect operands can be resolved better at 4% to 39% of the sites of writes and up to 8% of the sites of reads. (These are the memory-access operations for which it is the most difficult for an analyzer to obtain useful results.).