Static disassembly is a crucial ?rst step in reverse engineering executable ?les, and there is a consider- able body of work in reverse-engineering of binaries, as well as areas such as semantics-based security anal- ysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine- learning-based approach, using decision trees, for stat- ically identifying possible errors in a static disassem- bly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental re- sults using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.
Revised: February 21, 2011 |
Published: October 13, 2009
Citation
Krishnamoorthy N., S. Debray, and A.K. Fligg. 2009.Static Detection of Disassembly Errors. In Proceedings of the 16th Working Conference on Reverse Engineering (WCRE 2009), October 13-16, 2009, Lille, France, 259-268. Los Alamitos, California:IEEE Computer Society.PNNL-SA-67642.doi:10.1109/WCRE.2009.16