Intrinsic function recognition method based on sub-graph isomorphism matching algorithm in decompilation

Abstract

The invention discloses an intrinsic function recognition method based on a sub-graph isomorphism matching algorithm in decompilation, and belongs to the technical field of decompilation. According to the method, an intrinsic function template library is established, sub-graph isomorphism matching is conducted on intrinsic function templates and target assembling files generated through decompilation on the basis of a control flow diagram, and intrinsic functions which are subjected to compiler optimization and inline expansion in target programs of the target assembling files are positioned. According to the intrinsic function recognition method, inline intrinsic functions in the decomplation process can be recognized automatically, meanwhile, the templates and prototypes of the intrinsic functions are analyzed, the function names, returned values, returned value types and function parameters of the intrinsic functions are recovered, and thus the purpose of promoting the semantics of the inline intrinsic functions is achieved. More type information is provided for type analysis in decompilation through the promoted inline intrinsic functions, the complexity of data flow analysis and control flow analysis is lowered, the level of abstraction of intermediate codes is improved, and the readability of decompilation results is enhanced.

Description

technical field [0001] The invention belongs to the technical field of decompilation, and relates to a method for identifying inline intrinsic functions in decompilation, in particular to a method for identifying intrinsic functions in decompilation based on a subgraph isomorphism matching algorithm. Background technique [0002] Decompilation technology first appeared in the 1960s, mainly to realize cross-platform porting of code, and has been widely used in various aspects such as program understanding, source code recovery, program debugging, and security analysis. Decompilation software includes front-end, middle-end and back-end. The front end includes loader, software parsing unit and decoder. The loader loads the executable file, disassembles to obtain the assembly code, and then the decompilation software organizes the assembly program into corresponding data structures, such as symbol table, symbol address table, process body entry address table, instruction chain ...

AI Technical Summary

Problems solved by technology

For example, the common library functions strlen, strcpy, strcmp, and memcmp in C language are also used as intrinsic functions of the compiler. Under the compiler optimization option, the function body statement is expanded inline at the function call point, and the Flirt algorithm is constructed. The signature of the byte stream function cannot effectively represent the control flow relationship between instruction statements, and cannot efficiently identify such functions, resulting in incomplete decompilation results of intrinsic functions, which affects the readability of the final high-level code sex

Images