Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
PEPM
2010
ACM
2010
ACM
Context-sensitive analysis of obfuscated x86 executables
A method for context-sensitive analysis of binaries that may have obfuscated procedure call and return operations is presented. Such binaries may use operators to directly manipulate stack instead of using native call and ret instructions to achieve equivalent behavior. Since definition of context-sensitivity and algorithms for contextsensitive analysis have thus far been based on the specific semantics associated to procedure call and return operations, classic interprocedural analyses cannot be used reliably for analyzing programs in which these operations cannot be discerned. A new notion of context-sensitivity is introduced that is based on the state of the stack at any instruction. While changes in ‘calling’-context are associated with transfer of control, and hence can be reasoned in terms of paths in an interprocedural control flow graph (ICFG), the same is not true of changes in ‘stack’-context. An abstract interpretation based framework is developed to reason about...
Real-time TrafficAnalysis General Terms | Context-sensitive Analysis | Context-sensitive Version | PEPM 2010 | Software Engineering |
| Added | 17 Mar 2010 |
| Updated | 17 Mar 2010 |
| Type | Conference |
| Year | 2010 |
| Where | PEPM |
| Authors | Arun Lakhotia, Davidson R. Boccardo, Anshuman Singh, Aleardo Manacero |
Comments (0)
Researcher Info
|
