Library functions identification in binary code by using graph isomorphism testings

Author

Jing Qiu ; Xiaohong Su ; Peijun Ma

Author_Institution

Sch. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China

fYear

2015

fDate

2-6 March 2015

Firstpage

261

Lastpage

270

Abstract

Library functions identification is a key technique in reverse engineering. Discontinuity and polymorphism of inline and optimized library functions in binary code create a difficult challenge for library functions identification. To solve this problem, a novel approach is developed to identify library functions. First, we introduce execution dependence graphs (EDGs) to describe the behavior characteristics of binary code. Then, by finding similar EDG subgraphs in target functions, we identify both full and inline library functions. Experimental results from the prototype tool show that the proposed method is not only capable of identifying inline functions but is also more efficient and precise than the current methods for identifying full library functions.

Keywords

graph theory; reverse engineering; software libraries; source code (software); EDG subgraph; binary code; execution dependence graph; graph isomorphism testing; library function identification; reverse engineering; Binary codes; Libraries; Optimization; Registers; Reverse engineering; Semantics; Testing; Binary code analysis; graph isomorphism; library functions identification;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on

Conference_Location

Montreal, QC

Type

conf

DOI

10.1109/SANER.2015.7081836

Filename

7081836