Automata and languages: theory and applications
Automata and languages: theory and applications
Hacker's Delight
Computer Organization and Design
Computer Organization and Design
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Scattered Context Grammars and Their Applications
Scattered Context Grammars and Their Applications
Hi-index | 0.00 |
Reverse program compilation (i.e. decompilation) is a process heavily exploited in reverse engineering. The task of decompilation is to transform a platform-specific executable into a high-level language representation, which is usually the C language. Such a process can be used for source code reconstruction, compiler testing, malware analysis, etc. In present, there are several existing decompilers that are able to decompile simple applications. However, we can see a drop-off in terms of the quality of the generated code when the decompiled code is highly optimized (e.g. usage of instruction idioms) or obfuscated (e.g. dead code insertion, register renaming). Optimized or obfuscated applications are usually generated by highly optimizing compilers or metamorphic engines (used by malware authors). In this paper, we present several innovative decompilation methods based on scattered context grammars. These methods are able to effectively decompile optimized or obfuscated code. For demonstration, we used these methods for enhancement of the static analysis phase of an existing decompiler. Experimental results of our solution are presented at the end of the paper.