Supercharge Your Innovation With Domain-Expert AI Agents!

Reverse analysis method for executable binary file format

A binary file, reverse analysis technology, applied in the field of reverse analysis of executable binary file format, can solve problems such as increasing the difficulty of reverse engineering, unable to directly implement reverse analysis of executable binary files, etc., to reduce dependencies, strong practicability, application wide range of effects

Pending Publication Date: 2022-05-20
BEIJING WATCH DATA SYST
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the descriptor component does not exist, the detailed information of each component does not exist, which increases the difficulty of reverse engineering and cannot directly implement reverse analysis of executable binary files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reverse analysis method for executable binary file format
  • Reverse analysis method for executable binary file format
  • Reverse analysis method for executable binary file format

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] as Figure 1 As shown, the present invention discloses a reversed analysis method of performing binary file formats, comprising the following steps:

[0055] S10, the executable binary content is obtained by streaming, split according to its file structure, and reencapsulated into component content.

[0056] asFigure 2 as shown, recapsulating the executable binary content into constant pool component content, class component content, method component content, export component content, and app component content.

[0057] S11, collect the method offset contained in the method component in the component content, and form a list of method offsets.

[0058] The size and starting offset of each method are not stated in the Method component, and the method offset contained in the Method component is collected, and the method size is calculated from adjacent offsets.

[0059] as Figure 3 As shown, offsets are obtained from references in the constant pool component that describe the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an executable binary file format reverse analysis method, which comprises the following steps of: obtaining the content of an executable binary file, splitting a file structure and repackaging the file structure into component content; collecting method offsets contained in the method component, and cutting the method component by using two adjacent offsets; traversing an instruction for accessing a field variable in the method, and inferring a field type according to the meaning of the instruction; searching a static method and setting the static method as a static state, initializing a method access permission, and linking a method of the interface with a method in the implementation class through an index value; an instruction in the method is executed through stack simulation, the instruction is analyzed to obtain descriptor information of the method, and reverse analysis of the executable binary file is achieved according to the descriptor information of the method. By adopting the executable binary file format reverse analysis method disclosed by the invention, the dependency of a file reverse analysis process on a descriptor component is reduced, a foundation is laid for file format conversion, and the executable binary file format reverse analysis method is wide in application range and high in practicability.

Description

Technical field [0001] The present invention belongs to the field of document analysis techniques, specifically relates to an executable binary file format reverse analysis method. Background [0002] At present, reverse technology has been developed relatively maturely, but it still needs to be adapted to local conditions in the specific application process. When you format convert an executable binary, you need to reverse parse the executable binary file format to restore the file structure. Executable binary structures typically contain constant pool components, class components, method components, export components, descriptor components, and so on. Where the descriptor component records the details of each component, and if the descriptor component exists, the file structure can be restored by reverse engineering. If the descriptor component does not exist, the details of the individual components do not exist, making it more difficult to reverse engineer and make it impossi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/178G06F16/16G06F16/13
CPCG06F16/1794G06F16/16G06F16/13
Inventor 时霞
Owner BEIJING WATCH DATA SYST
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com