Extracting Output Formats from Executables
作者: Junghee Lim , Thomas Reps , Ben Liblit
DOI: 10.1109/WCRE.2006.29
关键词:
摘要: We describe the design and implementation of FFE/x86 (File-Format Extractor for x86), an analysis tool that works on stripped executables (i.e., neither source code nor debugging information need be available) extracts output data formats, such as file formats network packet formats. first construct a hierarchical finite state machine (HFSM) over-approximates format. An HFSM defines language over operations used to generate data. use value-set (VSA) aggregate structure identification (ASI) annotate HFSMs with partially characterizes some values. VSA determines over-approximation set addresses integer values each object can hold at program point, ASI analyzes memory accesses in recover about aggregates. A series filtering is performed over-approximate finite-state machine, which result final answer easier understand. Our experiments uncovered possible bug image-conversion utility png2ico
acm.org 
sci-hub.se 参考文章(15)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
Eldad Eilam, Reversing: Secrets of Reverse Engineering ,(2005)
Gogul Balakrishnan, Thomas Reps, Analyzing Memory Accesses in x86 Executables compiler construction. pp. 5- 23 ,(2006) , 10.1007/978-3-540-24723-4_2
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Detecting Manipulated Remote Call Streams usenix security symposium. pp. 61- 79 ,(2002)
T. Reps, G. Balakrishnan, J. Lim, T. Teitelbaum, A Next-Generation Platform for Analyzing Executables Programming Languages and Systems. pp. 212- 229 ,(2005) , 10.1007/11575467_15
P. Deutsch, GZIP file format specification version 4.3 RFC. ,vol. 1952, pp. 1- 12 ,(1996)
Aske Simon Christensen, Michael I. Schwartzbach, Anders Møller, Precise analysis of string expressions static analysis symposium. pp. 1- 18 ,(2003) , 10.5555/1760267.1760269
Rajeev Alur, Mihalis Yannakakis, Model checking of hierarchical state machines foundations of software engineering. ,vol. 23, pp. 175- 188 ,(1998) , 10.1145/288195.288305
G. Ramalingam, John Field, Frank Tip, Aggregate structure identification and its application to program analysis Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 119- 132 ,(1999) , 10.1145/292540.292553
Hao Chen, David Wagner, MOPS Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 235- 244 ,(2002) , 10.1145/586110.586142