Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.

Published byQuincy Duggan Modified over 9 years ago

Similar presentations

Presentation on theme: "Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny."— Presentation transcript:

1 Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny Chan

2 Overview Usage of decompiler Phases of the decompiler Front-end, UDM, Back-end The decompiling system Signature generator Conclusion Discussion

3 Perform inverse process of a compiler Usage: Maintenance of Code Lost code recovery Migration of application to new HW platform. Translation of the obsolete code into new code. Software Security Malicious code detection Reverse Compiler Binary codeHLL program

4 Note in advance: Decompiler in this article: Experimental decompiler for the DOS OS Intel i80286 architecture Read.com and.exe files Produce C programs as output.

5 Decompiler Structure Binary Program Front-end (machine dependent) UDM (analysis) Back-end (language dependent) HLL program

6 The Front-end Binary Program Virtual Memory LoaderParser 1. Low-level Intermediate code 2. Control flow graph Semantic Analysis

7 The Semantic Analysis Performs idiom analysis e.g. type propagation. E.g. long variable found at –1 to –4. neg dx neg ax sbb dx, 0 neg dx:ax [bp-2] … [bp-4] merged[bp-2]:[bp-4]

8 The Universal Decompiling Machine (UDM) 1. Low-level Intermediate code 2. Control flow graph UDM Data Flow Analysis Control Flow Analysis 1. High-level Intermediate code 2. Structured control flow graph

9 The Back-end 1. High-level Intermediate code 2. Structured control flow graph Restructuring HLL Code Generation HLL Program

10 The HLL code generation Defines: Global variables Emits code for each function In each function: Comments of such procedures Variables and procedures named in loc1, proc2, etc.

11 The Decompiling System Decompiler (dcc) Signature Generator (dccSign)

12 Signature Database Signature Generator (dccSign) Signature Database Compiler Signatures Library Signatures Decompiler (dcc) Extract Signatures e.g. printf(), scanf() If a library function matched, replaced by the library name instead of analyzed by dcc.

13 Signatures Library Signature A series of instructions that identifies library function for a compiler. Compiler Signature A series of instructions that identifies a particular version of a compiler.

14 Signature Checker Determined if known compiler is used. Check first n bytes of instructions with pattern-matching Decompiler (dcc) Signature Checker

15 Conclusion Present one way for decompiling binary program. Prove the feasibility of writing a decompiler for a contemporary machine architecture.

16 Discussion Is decompilation legal?

Download ppt "Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny."

Similar presentations

Decompilation of.NET bytecode Stephen Horne Trinity Hall 10 th February 2004 Computer Science Part II Project Progress Report

Decompilation of.NET bytecode Stephen Horne Trinity Hall 10 th February 2004 Computer Science Part II Project Progress Report
Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.
Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.

Software & Services Group, Developer Products Division Copyright© 2010, Intel Corporation. All rights reserved. *Other brands and names are the property.
8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.

8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.
Systems Software.

Systems Software.
COE Computer Organization & Assembly Language

COE Computer Organization & Assembly Language
CPSC 325 - Compiler Tutorial 9 Review of Compiler.

CPSC Compiler Tutorial 9 Review of Compiler.
Telescoping Languages: A Compiler Strategy for Implementation of High-Level Domain-Specific Programming Systems Ken Kennedy Rice University.

Telescoping Languages: A Compiler Strategy for Implementation of High-Level Domain-Specific Programming Systems Ken Kennedy Rice University.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
Reference Book: Modern Compiler Design by Grune, Bal, Jacobs and Langendoen Wiley 2000.

Reference Book: Modern Compiler Design by Grune, Bal, Jacobs and Langendoen Wiley 2000.
1 Key Concepts:  Why C?  Life Cycle Of a C program,  What is a computer program?  A program statement?  Basic parts of a C program,  Printf() function?

1 Key Concepts:  Why C?  Life Cycle Of a C program,  What is a computer program?  A program statement?  Basic parts of a C program,  Printf() function?
Data Structure and Algorithm 1 Yingcai Xiao. You Me The Course (http://www.cs.uakron.edu/~xiao/dsa1/index.html)

Data Structure and Algorithm 1 Yingcai Xiao. You Me The Course (
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.

Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Types of software. Sonam Dema..

Types of software. Sonam Dema..
Introduction to High-Level Language Programming

Introduction to High-Level Language Programming
Introduction 01_intro.ppt

Introduction 01_intro.ppt
Chapter 17 Programming Tools The Architecture of Computer Hardware and Systems Software: An Information Technology Approach 3rd Edition, Irv Englander.

Chapter 17 Programming Tools The Architecture of Computer Hardware and Systems Software: An Information Technology Approach 3rd Edition, Irv Englander.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Similar presentations

Ads by Google