Decompilation of binary programs
Software—Practice & Experience
Derive: a tool that automatically reverse-engineers instruction encodings
DYNAMO '00 Proceedings of the ACM SIGPLAN workshop on Dynamic and adaptive compilation and optimization
Recovery of jump table case statements from binary code
Science of Computer Programming - Special issue on program comprehension (IWPC '99)
Extracting safe and precise control flow from binaries
RTCSA '00 Proceedings of the Seventh International Conference on Real-Time Systems and Applications
Analysis of Virtual Method Invocation for Binary Translation
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
An Experimentation Framework for Evaluating Disassembly and Decompilation Tools for C++ and Java
WCRE '03 Proceedings of the 10th Working Conference on Reverse Engineering
Deobfuscation: Reverse Engineering Obfuscated Code
WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
N-variant systems: a secretless framework for security through diversity
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Automated reduction of the memory footprint of the Linux kernel
ACM Transactions on Embedded Computing Systems (TECS) - Special Section LCTES'05
Proceedings of the eighteenth international symposium on Software testing and analysis
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
A methodology for testing CPU emulators
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
| Hi-index | 0.00 |
The output of a disassembler is used for many different purposes (e.g., debugging and reverse engineering). Therefore, disassemblers represent the first link of a long chain of stages on which any high-level analysis of machine code depends upon. In this paper we demonstrate that many disassemblers fail to decode certain instructions and thus that the first link of the chain is very weak. We present a methodology, called N-version disassembly, to verify the correctness of disassemblers, based on differential analysis. Given a set of n - 1 disassemblers, we use them to decode fragments of machine code and we compare their output against each other. To further corroborate the output of these disassemblers, we developed a special instruction decoder, the nth, that delegates the decoding to the CPU, the ideal decoder. We tested eight of the most popular disassemblers for Intel x86, and found bugs in each of them.