Publication detail

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

KŘOUSTEK, J. KOLÁŘ, D.

Original Title

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

English Title

Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Type

journal article - other

Language

en

Original Abstract

Program comprehension and reverse engineering are two large domains of computer science that have one common goal - analysis of existing programs and understanding their behavior. In present, methods of source-code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable-code analysis are rare because of their complexity. In this paper, we present a complex platform-independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain exploits several previously designed methods and it can be used for debugging user's applications as well as malware analysis, etc. We illustrate its usage on several real-world scenarios. The toolchain is developed within the Lissom project.

English abstract

Program comprehension and reverse engineering are two large domains of computer science that have one common goal - analysis of existing programs and understanding their behavior. In present, methods of source-code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable-code analysis are rare because of their complexity. In this paper, we present a complex platform-independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain exploits several previously designed methods and it can be used for debugging user's applications as well as malware analysis, etc. We illustrate its usage on several real-world scenarios. The toolchain is developed within the Lissom project.

Keywords

debugger, decompiler, static and dynamic analysis, reverse engineering, Lissom

RIV year

2013

Released

31.05.2013

Publisher

NEUVEDEN

Location

NEUVEDEN

Pages from

18

Pages to

29

Pages count

12

URL

Documents

BibTex


@article{BUT103457,
  author="Jakub {Křoustek} and Dušan {Kolář}",
  title="Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis",
  annote="Program comprehension and reverse engineering are two large domains of computer
science that have one common goal - analysis of existing programs and
understanding their behavior. In present, methods of source-code analysis are
well established and used in practice by software engineers. On the other hand,
analysis of executable code is a more challenging task that is not fully covered
by existing tools. Furthermore, methods of retargetable executable-code analysis
are rare because of their complexity. In this paper, we present a complex
platform-independent toolchain for executable-code analysis that supports both
static and dynamic analysis. This toolchain exploits several previously designed
methods and it can be used for debugging user's applications as well as malware
analysis, etc. We illustrate its usage on several real-world scenarios. The
toolchain is developed within the Lissom project.",
  address="NEUVEDEN",
  chapter="103457",
  edition="NEUVEDEN",
  howpublished="online",
  institution="NEUVEDEN",
  number="1",
  volume="2",
  year="2013",
  month="may",
  pages="18--29",
  publisher="NEUVEDEN",
  type="journal article - other"
}