Array type abstraction reconstruction in binary code

Jinxin Ma; Zhoujun Li; Chaojian Hu; Junxian Zhang; Tao Guo

Array type abstraction reconstruction in binary code

Jinxin Ma
, Zhoujun Li^*
, Chaojian Hu
, Junxian Zhang
, Tao Guo

^*Corresponding author for this work

School of Computer Science and Engineering

Beihang University
China Information Technology Security Evaluation Center

Research output: Contribution to journal › Article › peer-review

3 Scopus citations

Abstract

Reconstruction of array abstractions plays a crucial role in vulnerability detection, reverse engineering and malicious code analyses. This paper presents a method for reconstructing multi-dimensional arrays. The loop semantics is extracted and transformed to the relative FOREACH formula set. Five FOREACH formula regulations are presented to calculate the dimensions, size, multi-dimension array bounds, basic element size and scale of each dimension to reconstruct the array. The results are compared to 15 programs in CoreUtils tools which are compiled by the gcc compiler. The present method can reconstruct 16.3% more files than the IDA Pro Hex-ray plugin.

Original language	English
Pages (from-to)	1329-1334
Number of pages	6
Journal	Qinghua Daxue Xuebao/Journal of Tsinghua University
Volume	52
Issue number	10
State	Published - Oct 2012

Keywords

Loop semantics
Multi-dimension array
Type reconstruction

Cite this

@article{99006eb70afc4168bc9716f4a7ffe93d,

title = "Array type abstraction reconstruction in binary code",

abstract = "Reconstruction of array abstractions plays a crucial role in vulnerability detection, reverse engineering and malicious code analyses. This paper presents a method for reconstructing multi-dimensional arrays. The loop semantics is extracted and transformed to the relative FOREACH formula set. Five FOREACH formula regulations are presented to calculate the dimensions, size, multi-dimension array bounds, basic element size and scale of each dimension to reconstruct the array. The results are compared to 15 programs in CoreUtils tools which are compiled by the gcc compiler. The present method can reconstruct 16.3\% more files than the IDA Pro Hex-ray plugin.",

keywords = "Loop semantics, Multi-dimension array, Type reconstruction",

author = "Jinxin Ma and Zhoujun Li and Chaojian Hu and Junxian Zhang and Tao Guo",

year = "2012",

month = oct,

language = "英语",

volume = "52",

pages = "1329--1334",

journal = "Qinghua Daxue Xuebao/Journal of Tsinghua University",

issn = "1000-0054",

publisher = "Tsinghua University",

number = "10",

}

TY - JOUR

T1 - Array type abstraction reconstruction in binary code

AU - Ma, Jinxin

AU - Li, Zhoujun

AU - Hu, Chaojian

AU - Zhang, Junxian

AU - Guo, Tao

PY - 2012/10

Y1 - 2012/10

N2 - Reconstruction of array abstractions plays a crucial role in vulnerability detection, reverse engineering and malicious code analyses. This paper presents a method for reconstructing multi-dimensional arrays. The loop semantics is extracted and transformed to the relative FOREACH formula set. Five FOREACH formula regulations are presented to calculate the dimensions, size, multi-dimension array bounds, basic element size and scale of each dimension to reconstruct the array. The results are compared to 15 programs in CoreUtils tools which are compiled by the gcc compiler. The present method can reconstruct 16.3% more files than the IDA Pro Hex-ray plugin.

AB - Reconstruction of array abstractions plays a crucial role in vulnerability detection, reverse engineering and malicious code analyses. This paper presents a method for reconstructing multi-dimensional arrays. The loop semantics is extracted and transformed to the relative FOREACH formula set. Five FOREACH formula regulations are presented to calculate the dimensions, size, multi-dimension array bounds, basic element size and scale of each dimension to reconstruct the array. The results are compared to 15 programs in CoreUtils tools which are compiled by the gcc compiler. The present method can reconstruct 16.3% more files than the IDA Pro Hex-ray plugin.

KW - Loop semantics

KW - Multi-dimension array

KW - Type reconstruction

UR - https://www.scopus.com/pages/publications/84871147440

M3 - 文章

AN - SCOPUS:84871147440

SN - 1000-0054

VL - 52

SP - 1329

EP - 1334

JO - Qinghua Daxue Xuebao/Journal of Tsinghua University

JF - Qinghua Daxue Xuebao/Journal of Tsinghua University

IS - 10

ER -

Array type abstraction reconstruction in binary code

Abstract

Keywords

Other files and links

Fingerprint

Cite this