Decompilation: the enumeration of types and grammars
ACM Transactions on Programming Languages and Systems (TOPLAS)
Decompilation of binary programs
Software—Practice & Experience
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient points-to analysis for whole-program analysis
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Type-Based Decompilation (or Program Reconstruction via Type Reconstruction)
ESOP '99 Proceedings of the 8th European Symposium on Programming Languages and Systems
Flow-Insensitive Interprocedural Alias Analysis in the Presence of Pointers
LCPC '94 Proceedings of the 7th International Workshop on Languages and Compilers for Parallel Computing
Decompiling Java Bytecode: Problems, Traps and Pitfalls
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Using a Decompiler for Real-World Source Recovery
WCRE '04 Proceedings of the 11th Working Conference on Reverse Engineering
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Efficient field-sensitive pointer analysis of C
ACM Transactions on Programming Languages and Systems (TOPLAS)
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
A Study of the Packer Problem and Its Solutions
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Eureka: A Framework for Enabling Static Malware Analysis
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Automatic Reverse Engineering of Malware Emulators
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
With the wide existence of binary code, it is desirable to reuse it in many security applications, such as malware analysis and software patching. While prior approaches have shown that binary code can be extracted and reused, they are often based on static analysis and face challenges when coping with obfuscated binaries. This paper introduces trace-oriented programming (TOP), a general framework for generating new software from existing binary code by elevating the low-level binary code to C code with templates and inlined assembly. Different from existing work, TOP gains benefits from dynamic analysis such as resilience against obfuscation and avoidance of points-to analysis. Thus, TOP can be used for malware analysis, especially for malware function analysis and identification. We have implemented a proof-of-concept of TOP and our evaluation results with a range of benign and malicious software indicate that TOP is able to reconstruct source code from binary execution traces in malware analysis and identification, and binary function transplanting.