Publication detail

Accurate Retargetable Decompilation Using Debug Information

KŘOUSTEK, J. MATULA, P. KONČICKÝ, J. KOLÁŘ, D.

Original Title

Accurate Retargetable Decompilation Using Debug Information

English Title

Accurate Retargetable Decompilation Using Debug Information

Type

conference paper

Language

en

Original Abstract

In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a  recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

English abstract

In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a  recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

Keywords

decompilation, debugging information, PDB, DWARF, Lissom

RIV year

2012

Released

19.08.2012

Publisher

International Academy, Research, and Industry Association

Location

Rome

ISBN

978-1-61208-209-7

Book

Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12)

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

79

Pages to

84

Pages count

6

Documents

BibTex


@inproceedings{BUT96959,
  author="Jakub {Křoustek} and Peter {Matula} and Jaromír {Končický} and Dušan {Kolář}",
  title="Accurate Retargetable Decompilation Using Debug Information",
  annote="In this paper, we present an extension of an existing automatically generated
retargetable decompiler that is capable to parse, process, and utilize
compiler-generated debugging information. This tool can be used for dealing with
several security-related issues (e.g., forensics, malware analysis, vulnerability
detection). Additional debugging information is used for an accurate
reconstruction of platform-dependent binary applications into a well-readable
high-level-language representation. The proposed solution is platform and
debugging-format independent. In present, two major debugging formats - DWARF and
Microsoft PDB - are supported; the extracted information is used for a  recovery
of several high-level constructions (e.g., variables, functions and their
arguments). The proposed concept was validated by experimental results.",
  address="International Academy, Research, and Industry Association",
  booktitle="Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12)",
  chapter="96959",
  edition="NEUVEDEN",
  howpublished="electronic, physical medium",
  institution="International Academy, Research, and Industry Association",
  year="2012",
  month="august",
  pages="79--84",
  publisher="International Academy, Research, and Industry Association",
  type="conference paper"
}