Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
Unpredication, Unscheduling, Unspeculation: Reverse Engineering Itanium Executables
IEEE Transactions on Software Engineering
Link-time binary rewriting techniques for program compaction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
Practical analysis of stripped binary code
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A Smart Fuzzer for x86 Executables
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Program obfuscation: a quantitative approach
Proceedings of the 2007 ACM workshop on Quality of protection
Binary obfuscation using signals
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Decompilation of Java bytecode to Prolog by partial evaluation
Information and Software Technology
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
N-version disassembly: differential testing of x86 disassemblers
Proceedings of the 19th international symposium on Software testing and analysis
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Preventing illegal usage of mobile phone software
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Interprocedural control flow reconstruction
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Precise static analysis of untrusted driver binaries
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Statically-directed dynamic automated test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Multi-stage binary code obfuscation using improved virtual machine
ISC'11 Proceedings of the 14th international conference on Information security
An attack on SMC-based software protection
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Software protection through dynamic code mutation
WISA'05 Proceedings of the 6th international conference on Information Security Applications
DeadSpy: a tool to pinpoint program inefficiencies
Proceedings of the Tenth International Symposium on Code Generation and Optimization
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Malware classification based on extracted API sequences using static analysis
Proceedings of the Asian Internet Engineeering Conference
Compiler help for binary manipulation tools
Euro-Par'12 Proceedings of the 18th international conference on Parallel processing workshops
Rendezvous: a search engine for binary code
Proceedings of the 10th Working Conference on Mining Software Repositories
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
Effective code discovery for ARM/Thumb mixed ISA binaries in a static binary translator
Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems
Hi-index | 0.00 |
Machine code disassembly routines form a fundamentalcomponent of software systems that statically analyze ormodify executable programs, e.g., reverse engineering systems,static binary translators, and link-time optimizers.The task of disassembly is complicated by indirect jumpsand the presence of non-executable data--jump tables,alignment bytes, etc.--in the instruction stream. Existingdisassembly algorithms are not always able to copesuccessfully with executable files containing such features,and they fail silently--i.e., produce incorrect disassemblieswithout any indication that the results they are producingare incorrect. In this paper we examine two commonly-useddisassembly algorithms and illustrate their shortcomings.We propose a hybrid approach that performs betterthan these algorithms in the sense that it is able to detect situationswhere the disassembly may be incorrect and limitthe extent of such disassembly errors. Experimental resultsindicate that the algorithm is quite effective: the amountof code flagged as incurring disassembly errors is usuallyquite small.