BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
Practical analysis of stripped binary code
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Code Normalization for Self-Mutating Malware
IEEE Security and Privacy
Extracting compiler provenance from program binaries
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Malware detection using assembly code and control flow graph optimization
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
Precise control flow reconstruction using boolean logic
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
LLBT: an LLVM-based static binary translator
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Protecting function pointers in binary
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
One of the fundamental problems with the analysis of binary (executable) code is that of recognizing, in a machine-independent way, the target addresses of n-conditional branches implemented via a jump table. Without these addresses, the decoding of the machine instructions for a given procedure is incomplete, as well as any analysis on that procedure.In this paper we present a technique for recovering jump tables and their target addresses in a machine and compiler independent way. The technique is based on slicing and expression substitution. The assembly code of a procedure that contains an indexed jump is transformed into a normal form which allows us to determine where the jump table is located and what information it contains (e.g. offsets from the table or absolute addresses).The presented technique has been tested on SPARC and Pentium code generated by C, C++, Fortran and Pascal compilers. Our tests show that up to 90% more of the code in a text segment can be found by using this technique.