Title :
REcompile: A decompilation framework for static analysis of binaries
Author :
Yakdan, Khaled ; Eschweiler, Sebastian ; Gerhards-Padilla, Elmar
Author_Institution :
Inst. of Comput. Sci. 4, Univ. of Bonn, Bonn, Germany
Abstract :
Reverse engineering of binary code is an essential step for malware analysis. However, it is a tedious and time-consuming task. Decompilation facilitates this process by transforming machine code into a high-level representation that is more concise and easier to understand. This paper describes REcompile, an efficient and extensible decompilation framework. REcompile uses the static single assignment form (SSA) as its intermediate representation and performs three main classes of analysis. Data flow analysis removes machine-specific details from code and transforms it into a concise high-level form. Type analysis finds variable types based on how those variables are used in code. Control flow analysis identifies high-level control structures such as conditionals, loops, and switch statements. These steps enable REcompile to produce well-readable decompiled code. The overall evaluation, using real programs and malware samples, shows that REcompile achieves a comparable and in many cases better performance than state-of-the-art decompilers.
Keywords :
data flow analysis; invasive software; reverse engineering; REcompile; SSA; binary code; control flow analysis; data flow analysis; decompilation framework; high-level control structure; machine code; machine-specific detail; malware analysis; reverse engineering; static analysis; static single assignment form; type analysis; Algorithm design and analysis; Control systems; Malware; Semantics; Software; Standards; Transforms;
Conference_Titel :
Malicious and Unwanted Software: "The Americas" (MALWARE), 2013 8th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4799-2534-6
DOI :
10.1109/MALWARE.2013.6703690
