Title :
Recovery of jump table case statements from binary code
Author :
Cifuentes, Cristina ; Van Emmerik, Mike
Author_Institution :
Dept. of Comput. Sci. & Electr. Eng., Queensland Univ., Brisbane, Qld., Australia
Abstract :
One of the fundamental problems with the analysis of binary (executable) code is that of recognizing, in a machine-independent way, the target addresses of n-conditional branches implemented via a jump table. Without these addresses, the decoding of the machine instructions for a given procedure is incomplete, as well as any analysis on that procedure. We present a technique for recovering jump tables and their target addresses in a machine and compiler independent way. The technique is based on slicing and expression substitution. The assembly code of a procedure that contains an indexed jump is transformed into a normal form which allows us to determine where the jump table is located and what information it contains (e.g. offsets from the table or absolute addresses). The technique has been tested on SPARC and Pentium code generated by C, C++, Fortran and Pascal compilers. Our tests show that up to 90% more of the code in a text segment can be found by using this technique
Keywords :
program control structures; program slicing; reverse engineering; C; C++; Fortran; Pascal compilers; Pentium code; SPARC; absolute addresses; assembly code; binary code; decoding; expression substitution; indexed jump; jump table case statement recovery; machine instructions; n-conditional branches; program slicing; target addresses; text segment; Binary codes; Computer aided software engineering; Computer science; Decoding; Electronic switching systems; Read only memory; Software debugging; Software tools; Target recognition; Testing;
Conference_Titel :
Program Comprehension, 1999. Proceedings. Seventh International Workshop on
Conference_Location :
Pittsburgh, PA
Print_ISBN :
0-7695-0180-x
DOI :
10.1109/WPC.1999.777758
