Detail publikace

Accurate Retargetable Decompilation Using Debug Information

Originální název

Accurate Retargetable Decompilation Using Debug Information

Anglický název

Accurate Retargetable Decompilation Using Debug Information

Jazyk

en

Originální abstrakt

In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a  recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

Anglický abstrakt

In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a  recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

BibTex


@inproceedings{BUT96959,
  author="Jakub {Křoustek} and Peter {Matula} and Jaromír {Končický} and Dušan {Kolář}",
  title="Accurate Retargetable Decompilation Using Debug Information",
  annote="In this paper, we present an extension of an existing automatically generated
retargetable decompiler that is capable to parse, process, and utilize
compiler-generated debugging information. This tool can be used for dealing with
several security-related issues (e.g., forensics, malware analysis, vulnerability
detection). Additional debugging information is used for an accurate
reconstruction of platform-dependent binary applications into a well-readable
high-level-language representation. The proposed solution is platform and
debugging-format independent. In present, two major debugging formats - DWARF and
Microsoft PDB - are supported; the extracted information is used for a  recovery
of several high-level constructions (e.g., variables, functions and their
arguments). The proposed concept was validated by experimental results.",
  address="International Academy, Research, and Industry Association",
  booktitle="Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12)",
  chapter="96959",
  edition="NEUVEDEN",
  howpublished="electronic, physical medium",
  institution="International Academy, Research, and Industry Association",
  year="2012",
  month="august",
  pages="79--84",
  publisher="International Academy, Research, and Industry Association",
  type="conference paper"
}