Publication detail

Preprocessing of Binary Executable Files Towards Retargetable Decompilation

KŘOUSTEK, J. KOLÁŘ, D.

Original Title

Preprocessing of Binary Executable Files Towards Retargetable Decompilation

English Title

Preprocessing of Binary Executable Files Towards Retargetable Decompilation

Type

conference paper

Language

en

Original Abstract

The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features and missing information. Moreover, input files are often compressed or protected from any kind of analysis (up to 80% of malware samples). Therefore, accurate preprocessing of input files is one of the necessary prerequisites in order to achieve the best results. This paper presents a concept of a generic preprocessing system that consists of a precise signature-based compiler and packer detector, plugin-based unpacker, and converter into an internal platform-independent file format. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing platform-dependent tools.

English abstract

The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features and missing information. Moreover, input files are often compressed or protected from any kind of analysis (up to 80% of malware samples). Therefore, accurate preprocessing of input files is one of the necessary prerequisites in order to achieve the best results. This paper presents a concept of a generic preprocessing system that consists of a precise signature-based compiler and packer detector, plugin-based unpacker, and converter into an internal platform-independent file format. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing platform-dependent tools.

Keywords

reverse engineering, decompilation, packer detection, unpacking, executable file, Lissom

RIV year

2013

Released

21.07.2013

Publisher

International Academy, Research, and Industry Association

Location

Nice

ISBN

978-1-61208-283-7

Book

8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13)

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

259

Pages to

264

Pages count

6

URL

Documents

BibTex


@inproceedings{BUT103439,
  author="Jakub {Křoustek} and Dušan {Kolář}",
  title="Preprocessing of Binary Executable Files Towards Retargetable Decompilation",
  annote="The goal of retargetable machine-code decompilation is to analyze and reversely
translate platform-dependent executable files into a high level language (HLL)
representation. This process can be used for many different purposes, such as
legacy code reengineering, malware analysis, etc. Retargetable decompilation is
a complex task that must deal with a lot of different platform-specific features
and missing information. Moreover, input files are often compressed or protected
from any kind of analysis (up to 80% of malware samples). Therefore, accurate
preprocessing of input files is one of the necessary prerequisites in order to
achieve the best results. This paper presents a concept of a generic
preprocessing system that consists of a precise signature-based compiler and
packer detector, plugin-based unpacker, and converter into an internal
platform-independent file format. This approach has been adopted and tested in an
existing retargetable decompiler. According to our experimental results, the
proposed retargetable solution is fully competitive with existing
platform-dependent tools.",
  address="International Academy, Research, and Industry Association",
  booktitle="8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13)",
  chapter="103439",
  edition="NEUVEDEN",
  howpublished="online",
  institution="International Academy, Research, and Industry Association",
  year="2013",
  month="july",
  pages="259--264",
  publisher="International Academy, Research, and Industry Association",
  type="conference paper"
}