Publication Details
Preprocessing of Binary Executable Files Towards Retargetable Decompilation
reverse engineering, decompilation, packer detection, unpacking, executable file, Lissom
The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features and missing information. Moreover, input files are often compressed or protected from any kind of analysis (up to 80% of malware samples). Therefore, accurate preprocessing of input files is one of the necessary prerequisites in order to achieve the best results. This paper presents a concept of a generic preprocessing system that consists of a precise signature-based compiler and packer detector, plugin-based unpacker, and converter into an internal platform-independent file format. This approach has been adopted and tested in an existing retargetable decompiler. According to our experimental results, the proposed retargetable solution is fully competitive with existing platform-dependent tools.
@INPROCEEDINGS{FITPUB10200,
author = "Jakub K\v{r}oustek and Du\v{s}an Kol\'{a}\v{r}",
title = "Preprocessing of Binary Executable Files Towards Retargetable Decompilation",
pages = "259--264",
booktitle = "8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13)",
year = 2013,
location = "Nice, FR",
publisher = "International Academy, Research, and Industry Association",
ISBN = "978-1-61208-283-7",
language = "english",
url = "https://www.fit.vut.cz/research/publication/10200"
}