Result Details

Accurate Retargetable Decompilation Using Additional Debugging Information

KŘOUSTEK, J.; MATULA, P.; KONČICKÝ, J.; KOLÁŘ, D. Accurate Retargetable Decompilation Using Additional Debugging Information. Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12). Rome: International Academy, Research, and Industry Association, 2012. p. 79-84. ISBN: 978-1-61208-209-7.

Type

conference paper

Language

English

Authors

Křoustek Jakub, Ing., Ph.D., DIFS (FIT)
Matula Peter, Ing.
Končický Jaromír, Ing.
Kolář Dušan, doc. Dr. Ing., DIFS (FIT)

Abstract

In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

Keywords

decompilation, debugging information, PDB, DWARF, Lissom

Published

2012

Pages

79–84

Proceedings

Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12)

Conference

The Sixth International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2012

ISBN

978-1-61208-209-7

Publisher

International Academy, Research, and Industry Association

Place

Rome

BibTeX

@inproceedings{BUT96959,
  author="Jakub {Křoustek} and Peter {Matula} and Jaromír {Končický} and Dušan {Kolář}",
  title="Accurate Retargetable Decompilation Using Additional Debugging Information",
  booktitle="Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12)",
  year="2012",
  pages="79--84",
  publisher="International Academy, Research, and Industry Association",
  address="Rome",
  isbn="978-1-61208-209-7"
}

Projects

Advanced recognition and presentation of multimedia data, BUT, Vnitřní projekty VUT, FIT-S-11-2, start: 2011-01-01, end: 2013-12-31, completed
Centrum excelence IT4Innovations, MŠMT, Operační program Výzkum a vývoj pro inovace, ED1.1.00/02.0070, start: 2011-01-01, end: 2015-12-31, completed
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, start: 2007-01-01, end: 2013-12-31, running
System for Support of Platform Independent Malware Analysis in Executable Files, TAČR, Program aplikovaného výzkumu a experimentálního vývoje ALFA, TA01010667, start: 2011-01-01, end: 2013-12-31, completed

Research groups

Hardware-Software Codesign research group (RG LISSOM)

Departments

Department of Information Systems (DIFS)