article

Practical analysis of stripped binary code

Authors:

Laune C. Harris,

Barton P. MillerAuthors Info & Claims

ACM SIGARCH Computer Architecture News, Volume 33, Issue 5

Pages 63 - 68

https://doi.org/10.1145/1127577.1127590

Published: 01 December 2005 Publication History

Abstract

Executable binary code is the authoritative source of information about program content and behavior. The compile, link, and optimize steps can cause a program's detailed execution behavior to differ substantially from its source code. Binary code analysis is used to provide information about a program's content and structure, and is therefore a foundation of many applications, including binary modification[3,12,22,31], binary translation[5,29], binary matching[30], performance profiling[13,16,18], debugging, extraction of parameters for performance modeling, computer security[7,8] and forensics[23,26]. Ideally, binary analysis should produce information about the content of the program's code (instructions, basic blocks, functions, and modules), structure (control and data flow), and data structures (global and stack variables). The quality and availability of this information affects applications that rely on binary analysis.

References

[1]

V. Bala, E. Duesterwald and S. Banerjia, "Dynamo: A Transparent Dynamic Optimization System", ACM SIGPLAN '00 Conference on Programming Language Design and Implementation (PLDI), June 2000.

Digital Library

[2]

Bruening, D., Garnett, T., Amarasinghe, S. "An Infrastructure for Adaptive Dynamic Optimization". First Annual International Symposium on Code Generation and Optimization, March 2003.

Digital Library

[3]

B. Buck and J. K. Hollingsworth, "An API for Runtime Code Patching", International Journal of High Performance Computing Applications14, 4, pp. 317--329, Winter 2000.

Digital Library

[4]

C. Cifuentes and M. Van Emmerik, "Recovery of Jump Case Statements from Binary Code", 7th International Workshop on Program Comprehension, Washington, DC, May 1999.

Digital Library

[5]

C. Cifuentes, M. Van Emmerik, and N. Ramsey, "The Design of a Resourceable and Retargetable Binary Translator", Sixth Working Conference on Reverse Engineering, Atlanta, October 1999.

Digital Library

[6]

Executable and linking format, http://www.skyfree.org/linux/references/ELF_Format.pdf

[7]

J. T. Giffin, S. Jha, and B. P. Miller, "Detecting Manipulated Remote Call Streams", 11th USENIX Security Symposium, San Francisco, California, August 2002

Digital Library

[8]

J. T. Giffin, S. Jha, and B. P. Miller, "Efficient Context-Sensitive Intrusion Detection", 11th Network and Distributed System Security Symposium, San Diego, California, February 2004

[9]

HI-PVM, http://www.parasys.co.uk/

[10]

IDAPro, http://www.datarescue.com/idabase/overview.htm.

[11]

C. Cruegel, W. Robertson, F. Valeur, and G. Vigna, "Static Disassembly of Obfuscated Binaries", 13th USENIX Security Symposium, August 2004

Digital Library

[12]

J.R. Larus and E. Schnarr, "Eel: Machine-independent executable editing", SIGPLAN '95 Conference on Programming Language Design and Implementation (PLDI), June 1995.

Digital Library

[13]

J.R. Larus and T. Bal, "Rewriting Executable Files to Measure Program Behavior", Software-Practice and Experience4, 2, February 1994.

Digital Library

[14]

C. Linn and S. Debray, "Obfuscation of executable code to improve resistance to static disassembly", 10th ACM Conference on Computer Communications and Security (CCS), October 2003.

Digital Library

[15]

J. Maebe, M. Ronsse, K. De Bosschere, "DIOTA: Dynamic Instrumentation, Optimization and Transformation of Applications", WBT-2002: Workshop on Binary Translation, Charlottesville, Virginia, September 2002.

[16]

B. P. Miller, M. D. Callaghan, J. M. Cargille, J. K. Hollingsworth, R. B. Irvin, K. L. Karavanic, K. Kunchithapadam and T. Newhall, "The Paradyn Parallel Performance Measurement Tool", IEEE Computer28, 11, November 1995, pp. 37--46.

Digital Library

[17]

A. V. Mirgorodskiy and B. P. Miller, "CrossWalk: A Tool for Performance Profiling Across the User-Kernel Boundary", International Conference on Parallel Computing (ParCo), Dresden, Germany, September 2003.

[18]

A. V. Mirgorodskiy and B. P. Miller, "Autonomous Analysis of Interactive Systems with Self-Propelled Instrumentation", Multimedia Computing and Networking Conference, San Jose, California, January 2005.

[19]

Microsoft Portable Executable and Common Object File Format Specification, http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx.

[20]

A. Orso, M. J. Harrold, and G. Vigna, "MASSA: Mobile Agents Security through Static/Dynamic Analysis", First ICSE Workshop on Software Engineering and Mobility (WSEM 2001), Toronto, Canada, April 2001.

[21]

J. Pierce, J. and T. Mudge, "IDtrace - A Tracing Tool for i486 Simulation", University of Michigan Tech. Report CSE-TR-203-94. 1994.

[22]

M. Prasad and T. Chiueh, "A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks", USENIX Annual Technical Conference, June 2003.

[23]

Project Fenris: http://lcamtuf.coredump.cx/fenris/whatis.shtml

[24]

C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, K. Hazelwood, "Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation", Programming Language Design and Implementation (PLDI), Chicago, Illinois, June 2005.

Digital Library

[25]

T. Romer, G. Voelker, D. Lee, A. Wolman, W. Wong, H. Levy, B. Chen, and B. Bershad. Instrumentation and Optimization of Win32/Intel Executables Using Etch. USENIX Windows NT Workshop, August 1997.

Digital Library

[26]

K. Rozinov, "Reverse Code Engineering: An In-Depth Analysis of the Bagle Virus", Bell Labs - Government Communication Laboratory - Internet Research, August 2004.

[27]

B. Schwarz, S. K. Debray, and G. R. Andrews, "Disassembly of executable code revisited", IEEE Ninth Working Conference on Reverse Engineering, Richmond, October 2002.

Digital Library

[28]

B. Schwarz, S. Debray, and G. Andrews. "PLTO: A Link-Time Optimizer for the Intel IA-32 Architecture". 2001 Workshop on Binary Translation (WBT-2001)", Barcelona, Spain, Sept. 2001.

[29]

R. L. Sites, A. Chernoff, M. B. Kirk, M. P. Marks, and S. G. Robinson, "Binary Translation", Digital Tech. Journal4, 4, 1992

[30]

Z. Wang, K. Pierce, S. McFarling, "BMAT - A Binary Matching Tool", Feedback-Directed Optimization (FDO2), Haifa, Israel, November 1999.

[31]

L. Xun, "A linux executable editing library", Masters Dissertation, National University of Singapore, 1999. http://www.geocities.com/fasterlu/leel.htm

[32]

XCOFF File Format, http://www.unet.univie.ac.at/aix/files/aixfiles/XCOFF.htm

Cited By

Nguyen HPriyadarshan SSekar RChristakis MPradel M(2024)Scalable, Sound, and Accurate Jump Table AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680301(541-552)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680301
Huang JYang KWang GShi ZLv SSun LBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)TaiE: Function Identification for Monolithic FirmwareProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644407(403-414)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644407
Takeda TMasuda S(2024)Software Bug Prediction Model using Graph Neural Network2024 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)10.1109/ICSTW60967.2024.00035(122-127)Online publication date: 27-May-2024
https://doi.org/10.1109/ICSTW60967.2024.00035
Show More Cited By

Index Terms

Practical analysis of stripped binary code

Recommendations

The poset structures admitting the extended binary Golay code to be a perfect code

Brualdi et al. [Codes with a poset metric, Discrete Math. 147 (1995) 57-72] introduced the concept of poset codes, and gave an example of poset structure which admits the extended binary Golay code to be a 4-error-correcting perfect P-code. In this ...
The poset structures admitting the extended binary Hamming code to be a perfect code

Brualdi et al. introduced the concept of poset codes, and gave an example of poset structure which admits the extended binary Hamming code to be a double-error-correcting perfect P-code. Our study is motivated by this example. In this paper we classify ...
Code automorphisms and permutation decoding of certain Reed-Solomon binary images

We consider primitive Reed-Solomon (RS) codes over the field F₂^m of length n = 2^m - 1. Building on Lacan et al.'s results for the case of binary extension fields, we show that the binary images of certain two-parity symbol RS [n, n - 2,3] code, have a ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGARCH Computer Architecture News

ACM SIGARCH Computer Architecture News Volume 33, Issue 5

Special issue on the 2005 workshop on binary instrumentation and application

December 2005

93 pages

ISSN:0163-5964

DOI:10.1145/1127577

Issue’s Table of Contents

Copyright � 2005 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2005

Published in�SIGARCH�Volume 33, Issue 5

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

66
Total Citations
View Citations
1,779
Total Downloads

Downloads (Last 12 months)83
Downloads (Last 6 weeks)7

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nguyen HPriyadarshan SSekar RChristakis MPradel M(2024)Scalable, Sound, and Accurate Jump Table AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680301(541-552)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680301
Huang JYang KWang GShi ZLv SSun LBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)TaiE: Function Identification for Monolithic FirmwareProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644407(403-414)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644407
Takeda TMasuda S(2024)Software Bug Prediction Model using Graph Neural Network2024 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)10.1109/ICSTW60967.2024.00035(122-127)Online publication date: 27-May-2024
https://doi.org/10.1109/ICSTW60967.2024.00035
Priyadarshan SNguyen HChouhan RSekar RCalandrino JTroncoso C(2023)SAFERProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620319(1451-1468)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620319
Yang SDong CXiao YCheng YShi ZLi ZSun L(2023)Asteria-Pro: Enhancing Deep Learning-based Binary Code Similarity Detection by Incorporating Domain KnowledgeACM Transactions on Software Engineering and Methodology10.1145/360461133:1(1-40)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604611
Zhang Y(2022)Leveraging Artificial Intelligence on Binary Code ComprehensionProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3559564(1-3)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3559564
Samhi JGao JDaoudi NGraux PHoyez HSun XAllix KBissyand� TKlein JDwyer MDamian DZeller A(2022)JuCifyProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3512766(1232-1244)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3512766
Takeda TMasuda STsuda K(2022)Software Bug Prediction Model Based on Mathematical Graph Features Metrics2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)10.1109/ICSTW55395.2022.00047(229-235)Online publication date: Apr-2022
https://doi.org/10.1109/ICSTW55395.2022.00047
Salehi MBorger GHughes DCrispo B(2022)NemesisGuard: Mitigating interrupt latency side channel attacks with static binary rewritingComputer Networks10.1016/j.comnet.2021.108744(108744)Online publication date: Jan-2022
https://doi.org/10.1016/j.comnet.2021.108744
Priyanga SSuresh RRomana SShankar Sriram V(2022)The Good, The Bad, and The Missing: A Comprehensive Study on the Rise of Machine Learning for Binary Code AnalysisComputational Intelligence in Data Mining10.1007/978-981-16-9447-9_31(397-406)Online publication date: 7-May-2022
https://doi.org/10.1007/978-981-16-9447-9_31
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents