Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis

Program comprehension and reverse engineering are two large domains of computer science that have one common goal – analysis of existing programs and understanding their behaviour. In present, methods of source code analysis are well established and used in practice by software engineers. On the other hand, analysis of executable code is a more challenging task that is not fully covered by existing tools. Furthermore, methods of retargetable executable code analysis are rare because of their complexity. In this paper, we present a complex platform independent toolchain for executable-code analysis that supports both static and dynamic analysis. This toolchain, developed within the Lissom project, exploits several previously designed methods and it can be used for debugging user’s applications as well as malware analysis, etc. The main contribution of this paper is to interconnect the existing methods and illustrate their usage on the real world scenarios. Furthermore, we introduce a concept of a new retargetable method – the hybrid analysis. It can eliminate the shortcomings of the static and dynamic analysis in future

Design and Simulation of High Performance Parallel Architectures Using the ISAC Language

Most of modern embedded systems for multimediaand network applications are based on parallel data streamprocessing. The data processing can be done using very longinstruction word processors (VLIW), or using more than onehigh performance application-specific instruction set processor(ASIPs), or even by their combination on single chip.Design and testing of these complex systems is time-consumingand iterative process. Architecture description languages (ADLs)are one of the most effective solutions for single processor design.However, support for description of parallel architectures andmulti-processor systems is very low or completely missing innowadays ADLs. This article presents utilization of newextensions for existing architecture description language ISAC.These extensions are used for easy and fast prototyping andtesting of parallel based systems and processors

Code Analysis and Transformation To a High-Level Language

This paper describes methods and procedures used for code analysis and transformation. It contains basic information of a science discipline called reverse engineering and its use in information technologies. The primary objective is a construction of a generic reverse compiler or decompiler, i.e. tool that can recompile from binary form (optionally from symbolic machine code) to a high level language. This operation is highly dependent on the concrete instruction set and processor architecture. This problem is solved with description of semantic of each instruction by a special language designed for this use. The output is the high level language code and is functionally equivalent to the input. The program is therefore able to work with each instruction set and code written by it can be transformed into the chosen high level language. This proposal is implemented in practice as a part of project Lissom. Generic decompiler is completely new idea. The thesis contains entirely new techniques from theory of compilers and optimizations made by the author

Retargetable Analysis of Machine Code

Analýza softwaru je metodologie, jejímž účelem je analyzovat chování daného programu. Jednotlivé metody této analýzy je možné využít i v dalších oborech, jako je zpětné inženýrství, migrace kódu apod. V této práci se zaměříme na analýzu strojového kódu, na zjištění nedostatků existujících metod a na návrh metod nových, které umožní rychlou a přesnou rekonfigurovatelnou analýzu kódu (tj. budou nezávislé na konkrétní cílové platformě). Zkoumány budou dva typy analýz - dynamická (tj. analýza za běhu aplikace) a statická (tj. analýza aplikace bez jejího spuštění). Přínos této práce v rámci dynamické analýzy je realizován jako rekonfigurovatelný ladicí nástroj a dále jako dva typy tzv. rekonfigurovatelného translátovaného simulátoru. Přínos v rámci statické analýzy spočívá v navržení a implementování rekonfigurovatelného zpětného překladače, který slouží pro transformaci strojového kódu zpět do vysokoúrovňové reprezentace. Všechny tyto nástroje jsou založeny na nových metodách navržených autorem této práce. Na základě experimentálních výsledků a ohlasů od uživatelů je možné usuzovat, že tyto nástroje jsou plně srovnatelné s existujícími (komerčními) nástroji a nezřídka dosahují i lepších výsledků

Code Analysis and Transformation

This paper describes methods and procedures used for code analysis and transformation. It contains basic information of a science discipline called reverse engineering and its use in information technologies. The primary objective is a construction of tool that can disassemble from binary form to symbolic machine code. This operation is highly dependent on the concrete instruction set, and it has to be used for a beforehand known processor architecture. This problem is solved with patterns, plug-ins, and modularity of disassembler. These features provide users the ability to add new instruction sets into this disassembler. The output is the text representation of instructions and is functionally equivalent to the in-put. The thesis demonstrates usual methods of disassembly as well as the methods made by the author