Datalog Disassembly

06/07/2019
by   Antonio Flores-Montoya, et al.
0

Disassembly is fundamental to binary analysis and rewriting. We present a novel disassembly technique that takes a stripped binary and produces reassembleable assembly code. The resulting assembly code has accurate symbolic information providing cross-references for analysis and enabling adjustment of code and data pointers to accommodate rewriting. Our technique features multiple static analyses and heuristics in a combined Datalog implementation. We argue that Datalog's inference process is particularly well suited for disassembly and the required analyses. Our implementation and experiments supports this claim. We have implemented our approach into an open-source tool called Ddisasm. In extensive experiments in which we rewrite thousands of x64 binaries we find Ddisasm is both faster and more accurate than the current state-of-the-art binary reassembling tool, Ramblr.

READ FULL TEXT

Authors

page 1

page 2

page 3

page 4

09/04/2019

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

We present a new approach that bridges binary analysis techniques with m...
07/16/2021

A method for decompilation of AMD GCN kernels to OpenCL

Introduction: Decompilers are useful tools for software analysis and sup...
03/15/2019

Get rid of inline assembly through trustable verification-oriented lifting

Formal methods for software development have made great strides in the l...
07/16/2012

MARFCAT: Transitioning to Binary and Larger Data Sets of SATE IV

We present a second iteration of a machine learning approach to static c...
09/09/2020

Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

The continuing use of proprietary cryptography in embedded systems acros...
02/18/2018

Efficient Gradual Typing

Gradual typing combines static and dynamic typing in the same program. O...
05/13/2022

dewolf: Improving Decompilation by leveraging User Surveys

Analyzing third-party software such as malware or firmware is a crucial ...

Code Repositories

ddisasm

A fast and accurate disassembler


view repo

ddisasm

Datalog driven disassembly of binary executables


view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.