Publication detail

Generic detection of the statically linked code

ĎURFINA, L. KOLÁŘ, D.

Original Title

Generic detection of the statically linked code

English Title

Generic detection of the statically linked code

Type

conference paper

Language

en

Original Abstract

Detection of a statically linked code is an important step in a process of decompilation. It eliminates a code, which has to be processed by decompiler. It provides an additional information about recognized code as linked functions with the types and number of arguments and return values. The detection is based on signatures, which are generated from the static libraries. The signatures are composed of the first bytes of library modules, CRC codes, module sizes, and public symbols. A tree structure of signature improves performance by decreasing a number of compared bytes. Generic approach of detection is achieved by an usage of a common object file format. This ensures that the process is not restricted on specific architecture or file format. However, this lightly increases a number of functions, which cannot be distinguished.

English abstract

Detection of a statically linked code is an important step in a process of decompilation. It eliminates a code, which has to be processed by decompiler. It provides an additional information about recognized code as linked functions with the types and number of arguments and return values. The detection is based on signatures, which are generated from the static libraries. The signatures are composed of the first bytes of library modules, CRC codes, module sizes, and public symbols. A tree structure of signature improves performance by decreasing a number of compared bytes. Generic approach of detection is achieved by an usage of a common object file format. This ensures that the process is not restricted on specific architecture or file format. However, this lightly increases a number of functions, which cannot be distinguished.

Keywords

statically linked code, signature, detection

RIV year

2013

Released

05.11.2013

Publisher

Faculty of Electrical Engineering and Informatics, University of Technology Košice

Location

Spišská Nová Ves

ISBN

978-80-8143-127-2

Book

Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

157

Pages to

161

Pages count

5

URL

Documents

BibTex


@inproceedings{BUT103577,
  author="Lukáš {Ďurfina} and Dušan {Kolář}",
  title="Generic detection of the statically linked code",
  annote="Detection of a statically linked code is an important step in a process of
decompilation. It eliminates a code, which has to be processed by decompiler. It
provides an additional information about recognized code as linked functions with
the types and number of arguments and return values. The detection is based on
signatures, which are generated from the static libraries. The signatures are
composed of the first bytes of library modules, CRC codes, module sizes, and
public symbols. A tree structure of signature improves performance by decreasing
a number of compared bytes. Generic approach of detection is achieved by an usage
of a common object file format. This ensures that the process is not restricted
on specific architecture or file format. However, this lightly increases a number
of functions, which cannot be distinguished.",
  address="Faculty of Electrical Engineering and Informatics, University of Technology Košice",
  booktitle="Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013",
  chapter="103577",
  edition="NEUVEDEN",
  howpublished="print",
  institution="Faculty of Electrical Engineering and Informatics, University of Technology Košice",
  year="2013",
  month="november",
  pages="157--161",
  publisher="Faculty of Electrical Engineering and Informatics, University of Technology Košice",
  type="conference paper"
}