October 13, 2009
Conference Paper

Static Detection of Disassembly Errors

Abstract

Static disassembly is a crucial ?rst step in reverse engineering executable ?les, and there is a consider- able body of work in reverse-engineering of binaries, as well as areas such as semantics-based security anal- ysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine- learning-based approach, using decision trees, for stat- ically identifying possible errors in a static disassem- bly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental re- sults using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.

Revised: February 21, 2011 | Published: October 13, 2009

Citation

Krishnamoorthy N., S. Debray, and A.K. Fligg. 2009. Static Detection of Disassembly Errors. In Proceedings of the 16th Working Conference on Reverse Engineering (WCRE 2009), October 13-16, 2009, Lille, France, 259-268. Los Alamitos, California:IEEE Computer Society. PNNL-SA-67642. doi:10.1109/WCRE.2009.16