Intrinsic function identification method based on subgraph isomorphism matching algorithm in decompilation

Abstract

The invention discloses an intrinsic function identification method based on a subgraph isomorphism matching algorithm in decompilation, and belongs to the technical field of decompilation. By establishing an intrinsic function template library, the present invention performs subgraph isomorphism matching on the intrinsic function template and the target assembly file based on the control flow graph generated by decompilation, and locates the compiled optimized and inline expanded objects in the target assembly file in the target program. intrinsic function. The invention realizes the automatic identification of the inline intrinsic function in the process of decompilation, and at the same time, by analyzing the template and prototype of the intrinsic function, the function name, return value, return value type and function parameters of the intrinsic function are restored, so as to achieve the inline function. Purpose of intrinsic function semantic promotion. The improved inline intrinsic function provides more type information for type analysis in decompilation, reduces the complexity of data flow analysis and control flow analysis, improves the abstraction level of intermediate code, and enhances the reliability of decompilation results. readability.

Description

technical field [0001] The invention belongs to the technical field of decompilation, and relates to a method for identifying inline intrinsic functions in decompilation, in particular to a method for identifying intrinsic functions in decompilation based on a subgraph isomorphism matching algorithm. Background technique [0002] Decompilation technology first appeared in the 1960s, mainly to realize cross-platform porting of code, and has been widely used in various aspects such as program understanding, source code recovery, program debugging, and security analysis. Decompilation software includes front-end, middle-end and back-end. The front end includes loader, software parsing unit and decoder. The loader loads the executable file, disassembles to obtain the assembly code, and then the decompilation software organizes the assembly program into corresponding data structures, such as symbol table, symbol address table, process body entry address table, instruction chain ...

AI Technical Summary

Problems solved by technology

For example, the common library functions strlen, strcpy, strcmp, and memcmp in C language are also used as intrinsic functions of the compiler. Under the compiler optimization option, the function body statement is expanded inline at the function call point, and the Flirt algorithm is constructed. The signature of the byte stream function cannot effectively represent the control flow relationship between instruction statements, and cannot efficiently identify such functions, resulting in incomplete decompilation results of intrinsic functions, which affects the readability of the final high-level code sex

Images