Symbolic execution systems—a review
Software Engineering Journal
Decompilation of binary programs
Software—Practice & Experience
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
Extracting safe and precise control flow from binaries
RTCSA '00 Proceedings of the Seventh International Conference on Real-Time Systems and Applications
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Symbolic Evaluation and the Analysis of Programs
IEEE Transactions on Software Engineering
WYSINWYX: What You See Is Not What You eXecute
Verified Software: Theories, Tools, Experiments
Learning to analyze binary computer code
AAAI'08 Proceedings of the 23rd national conference on Artificial intelligence - Volume 2
Extracting compiler provenance from program binaries
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Binary code presents unique analysis challenges, particularly when debugging information has been stripped from the executable. Among the valuable information lost in stripping are the identities of standard library functions linked into the executable; knowing the identities of such functions can help to optimize automated analysis and is instrumental in understanding program behavior. Library fingerprinting attempts to restore the names of library functions in stripped binaries, using signatures extracted from reference libraries. Existing methods are brittle in the face of variations in the toolchain that produced the reference libraries and do not generalize well to new library versions. We introduce semantic descriptors, high-level representations of library functions that avoid the brittleness of existing approaches. We have extended a tool, unstrip, to apply this technique to fingerprint wrapper functions in the GNU C library. unstrip discovers functions in a stripped binary and outputs a new binary, with meaningful names added to the symbol table. Other tools can leverage these symbols to perform further analysis. We demonstrate that our semantic descriptors generalize well and substantially outperform existing library fingerprinting techniques.