24,220 research outputs found
Reverse Engineering from Assembler to Formal Specifications via Program Transformations
The FermaT transformation system, based on research carried out over the last
sixteen years at Durham University, De Montfort University and Software
Migrations Ltd., is an industrial-strength formal transformation engine with
many applications in program comprehension and language migration. This paper
is a case study which uses automated plus manually-directed transformations and
abstractions to convert an IBM 370 Assembler code program into a very
high-level abstract specification.Comment: 10 page
dynStruct: An automatic reverse engineering tool for structure recovery and memory use analysis
In computer security, reverse engineering is understanding how a program work. It can be used for multiple purposes, like malware analysis or security audit of a program. Reverse engineering is possible even without the source of the program. In this case, knowing what data structures are used by the program is a considerable help. But recovering these structures is di cult and time consuming. Also, at the time of writing, no tool doing this recovery has been publicly released.
This paper introduces dynStruct, an open source structure recovery tool. dynStruct recovers structures in two steps. First a data gatherer executes the program and monitors it. The list of all memory accesses made by the program is written to a Json file. Afterwards a script analyzes this Json file to recover the structures. dynStruct also provides a powerful web interface. This interface, in addition to displaying e ciently the structures and raw data from the data gatherer, links the raw data and the recovered structures to allow a quick and powerful exploitation of all this information.
The tests shows that dynStruct can analyze complex program like emacs or xterm. The tests also show that the recovered structures are similar to the original ones. This ensures dynStruct can provide quick and useful information to help reverse engineers in their task
Software-Architecture Recovery from Machine Code
In this paper, we present a tool, called Lego, which recovers object-oriented software architecture from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) group the functions in the binary into classes, and (ii) identify inheritance and composition relationships between the inferred classes. The information obtained by Lego can be used for reengineering legacy software, and for understanding the architecture of software systems that lack documentation and source code. Our experiments show that the class hierarchies recovered by Lego have a high degree of agreement---measured in terms of precision and recall---with the hierarchy defined in the source code
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
CrocoPat 2.1 Introduction and Reference Manual
CrocoPat is an efficient, powerful and easy-to-use tool for manipulating
relations of arbitrary arity, including directed graphs. This manual provides
an introduction to and a reference for CrocoPat and its programming language
RML. It includes several application examples, in particular from the analysis
of structural models of software systems.Comment: 19 pages + cover, 2 eps figures, uses llncs.cls and
cs_techrpt_cover.sty, for downloading the source code, binaries, and RML
examples, see http://www.software-systemtechnik.de/CrocoPat
- …