Preprocessing of Binary Executable Files Towards Retargetable Decompilation

article in a collection out of WoS and Scopus

English

The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features and missing information. Moreover, input files are often compressed or protected from any kind of analysis (up to 80% of malware samples). Therefore, accurate preprocessing of input files is one of the necessary prerequisites in order to achieve the best results. This paper presents a concept of a generic preprocessing system that consists of a precise signature-based compiler and packer detector, plugin-based unpacker, and converter into an internal platform-independent file format. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing platform-dependent tools.

reverse engineering, decompilation, packer detection, unpacking, executable file, Lissom

KŘOUSTEK, J.; KOLÁŘ, D.

2013

21. 7. 2013

International Academy, Research, and Industry Association

Nice

978-1-61208-283-7

8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13)

259

264

6

http://www.thinkmind.org/index.php?view=article&articleid=iccgi_2013_13_10_10061