SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask

by   Chengbin Pang, et al.

Disassembly of binary code is hard, but necessary for improving the security of binary software. Over the past few decades, research in binary disassembly has produced many tools and frameworks, which have been made available to researchers and security professionals. These tools employ a variety of strategies that grant them different characteristics. The lack of systematization, however, impedes new research in the area and makes selecting the right tool hard, as we do not understand the strengths and weaknesses of existing tools. In this paper, we systematize binary disassembly through the study of nine popular, open-source tools. We couple the manual examination of their code bases with the most comprehensive experimental evaluation (thus far) using 3,788 binaries. Our study yields a comprehensive description and organization of strategies for disassembly, classifying them as either algorithm or else heuristic. Meanwhile, we measure and report the impact of individual algorithms on the results of each tool. We find that while principled algorithms are used by all tools, they still heavily rely on heuristics to increase code coverage. Depending on the heuristics used, different coverage-vs-correctness trade-offs come in play, leading to tools with different strengths and weaknesses. We envision that these findings will help users pick the right tool and assist researchers in improving binary disassembly.


page 1

page 19


Binary Lifter Evaluation

Binary rewriting gives software developers, consumers, attackers, and de...

Automated Test Generation for REST APIs: No Time to Rest Yet

Modern web services routinely provide REST APIs for clients to access th...

PREPRINT: Can the OpenSSF Scorecard be used to measure the security posture of npm and PyPI?

The OpenSSF Scorecard project is an automated tool to monitor the securi...

GTIRB: Intermediate Representation for Binaries

GTIRB is an intermediate representation for binary analysis and transfor...

Optimizing Binary Code Produced by Valgrind (Project Report on Virtual Execution Environments Course - AVExe)

Valgrind is a widely used framework for dynamic binary instrumentation a...

Shedding Light on Static Partitioning Hypervisors for Arm-based Mixed-Criticality Systems

In this paper, we aim to understand the properties and guarantees of sta...

Please sign up or login with your details

Forgot password? Click here to reset