Graph-based comparison of Executable Objects
作者: Thomas Dullien
DOI:
关键词:
摘要: A method to construct an optimal isomorphism between the sets of instructions, basic blocks and functions in two differing but similar executables is presented. This can be used for porting recovered information different disassemblies, recover changes made by security updates detect code theft. The most interesting applications realm are malware analysis where a family trojans or viruses reduced analyzing differences variants, recovering details fixed vulnerabilities when vendor patch refuses disclose details. framework implementing described methods presented, along with empirical data about it’s performance multiple variants same vulnerability from updates.
googleusercontent.com参考文章(5)
Scott McFarling, Ken Pierce, Zheng Wang, BMAT -- A Binary Matching Tool for Stale Profile Propagation Journal of Instruction-level Parallelism. ,vol. 2, ,(2000)
Halvar Flake, Structural Comparison of Executable Objects DIMVA. pp. 161- 173 ,(2004) , 10.17877/DE290R-2007
Udi Manber, Brenda S. Baker, Deducing similarities in Java sources from bytecodes usenix annual technical conference. pp. 15- 15 ,(1998)
James W. Hunt, Thomas G. Szymanski, A fast algorithm for computing longest common subsequences Communications of the ACM. ,vol. 20, pp. 350- 353 ,(1977) , 10.1145/359581.359603
Daniel S. Hirschberg, Algorithms for the Longest Common Subsequence Problem Journal of the ACM. ,vol. 24, pp. 664- 675 ,(1977) , 10.1145/322033.322044