Static Disassembly Of Stripped Binaries

Thumbnail Image
Issue Date
Ayyangar, Arvind Narasimhan
The Graduate School, Stony Brook University: Stony Brook, NY.
Disassembly of binaries plays an important role in computer security.Tools for binary analysis and reverse engineering rely heavily on staticdisassembly. Current disassemblers are not able to reliably disassembleexecutables or libraries that contain data (or junk bytes) in the midst ofcode, or make extensive use of indirect jumps or calls. These features cancause these tools to fail silently, thus making them inappropriate forapplications that critically depend on correct disassembly, e.g., binaryinstrumentation. An incorrectly disassembled binary can lead to incorrectinstrumentation, which can in turn cause the instrumented program to fail,or more generally, exhibit differences in behavior from the originalbinary. In this thesis, we analyze existing disassembly approaches, theirshortcomings, and propose a technique to overcome these shortcomings. Weinvestigate the use of static data flow analysis and type analysis toovercome the many challenges posed by disassembly of commercial off-the-shelfsoftware binaries.