Large binary firmware parameter number identification method under simplified instruction set

A technology that simplifies instruction sets and firmware parameters. It is applied in software maintenance/management, program code conversion, reverse engineering, etc. It can solve problems such as poor recognition effect, unexplained simplification of instruction sets, and poor processing of large binary programs. The effect of accuracy

Active Publication Date: 2020-12-11
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because dynamic analysis cannot obtain comprehensive information, the recognition effect is poor
[0005] Khaled et al. proposed a method for rewriting binary programs under the x86 instruction set, and proposed a recovery method for function prototypes. This method analyzes the parameters of functions by improving VSA (Value Set Analysis), which is better for small applications. But it is less effective for large binary programs, and it is not stated whether it is suitable for RISC
[0006] radare2 is the latest binary analysis tool. It has powerful analysis functions and supports disassembly of languages ​​with different architectures. In the "aaa" command, it realizes the function of analyzing binary functions. When analyzing, it is found that the recognition effect of the number of function parameters is relatively poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Large binary firmware parameter number identification method under simplified instruction set
  • Large binary firmware parameter number identification method under simplified instruction set
  • Large binary firmware parameter number identification method under simplified instruction set

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Embodiment 1: This embodiment aims to make up for the poor recognition effect of existing methods, and provides a method for identifying the number of parameters suitable for binary programs under a large reduced instruction set. By performing static analysis on large binary programs, the function calls are extracted Relationships and parameter passing, and identify the number of parameters based on the voting mechanism by analyzing all calls, thereby identifying the number of parameters of the binary function.

[0039] The overall flowchart of the Findargs method is as follows figure 1 As shown, by performing static analysis on large-scale streamlined binary files and identifying the number of function parameters, static analysis is more comprehensive than dynamic analysis, so the combination of the proposed Findargs has a higher accuracy rate. The processing flow is: first extract the binary executable instructions according to the header information of the executable...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a large-scale binary firmware parameter number identification method under a simplified instruction set, which is used for carrying out static analysis on the whole large-scalebinary firmware, and comprises the following steps of: firstly, extracting a calling relationship of a function, and designing a function parameter number identification method based on a voting mechanism according to the calling relationship of the function and a parameter transfer rule; and identifying the number of parameters of the functiond, so that subsequent function prototype recovery isfacilitated. According to the method, the executable code of the whole binary firmware is statically analyzed to obtain the global function call relationship, each function call is analyzed to obtainthe number of the parameters of the sub-function, and the most accurate number of the function parameters is obtained according to the voting mechanism, so that the influence of compiler optimizationis avoided, the accuracy of function parameter number recognition is improved, and the method has good applicability.

Description

technical field [0001] The invention belongs to the technical field of binary firmware parameter analysis, and in particular relates to a method for identifying the number of large binary firmware parameters under a simplified instruction set. Background technique [0002] Binary analysis is of great significance in security research, and its applications in security analysis mainly include: binary code audit, control flow integrity analysis, taint analysis, symbolic execution, vulnerability repair, code reuse, vulnerability mining, etc. In a high-level language, information such as the function name, the number of parameters of the function, the parameter type, and the return value of the function can effectively help understand the function of the function. After the source code is compiled by the compiler, information such as data type, data structure, semantics and control structure in the high-level language C / C++ is lost, which has caused many obstacles for researchers...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F8/74G06F8/41
CPCG06F8/74G06F8/41
Inventor 尹小康蔡瑞杰肖睿卿何杰朱肖雅胡安详刘胜利
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap