Advanced compiler design and implementation
Advanced compiler design and implementation
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
BitShred: feature hashing malware for scalable triage and semantic analysis
Proceedings of the 18th ACM conference on Computer and communications security
Binary Function Clustering Using Semantic Hashes
ICMLA '12 Proceedings of the 2012 11th International Conference on Machine Learning and Applications - Volume 01
Malware Analysis and attribution using Genetic Information
MALWARE '12 Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software (MALWARE)
A scalable search index for binary files
MALWARE '12 Proceedings of the 2012 7th International Conference on Malicious and Unwanted Software (MALWARE)
Analyzing program dependencies for malware detection
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
Hi-index | 0.00 |
Abstraction of semantics of blocks of a binary is termed as 'juice.' Whereas the denotational semantics summarizes the computation performed by a block, its juice presents a template of the relationships established by the block. BinJuice is a tool for extracting the 'juice' of a binary. It symbolically interprets individual blocks of a binary to extract their semantics: the effect of the block on the program state. The semantics is generalized to juice by replacing register names and literal constants by typed, logical variables. The juice also maintains algebraic constraints between the numeric variables. Thus, this juice forms a semantic template that is expected to be identical regardless of code variations due to register renaming, memory address allocation, and constant replacement. The terms in juice can be canonically ordered using a linear order presented. Thus semantically equivalent (rather, similar) code fragments can be identified by simple structural comparison of their juice, or by comparing their hashes. While BinJuice cannot find all equivalent constructs, for that would solve the Halting Problem, it does significantly improve the state-of-the-art in both the computational complexity as well as the set of equivalences it can establish. Preliminary results show that juice is effective in pairing code variants created by post-compile obfuscating transformations.