Static Detection of Disassembly Errors
Static disassembly is a crucial first step in reverse engineering executable files, and there is a consider- able body of work in reverse-engineering of binaries, as well as areas such as semantics-based security anal- ysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine- learning-based approach, using decision trees, for stat- ically identifying possible errors in a static disassem- bly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental re- sults using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1006322
- Report Number(s):
- PNNL-SA-67642; TRN: US201105%%932
- Resource Relation:
- Conference: Proceedings of the 16th Working Conference on Reverse Engineering (WCRE 2009), October 13-16, 2009, Lille, France, 259-268
- Country of Publication:
- United States
- Language:
- English
Similar Records
Implementing error values in applicative languages
Performance Exploration Through Optimistic Static Program Annotations