Skip to Main content Skip to Navigation

Reverse-engineering of binaries in a single execution : a lightweight function-grained dynamic analysis

Abstract : In this thesis, we propose a new dynamic approach to analyze binary programs. The context of this work is reverse-engineering binaries with motivations related to security: understanding malwares, detecting vulnerabilities, etc. Concretely, we focus on retrieving high-level information from a binary in a single execution: function prototypes, a new notion we name coupling, and memory allocators. The proposed approach is based on heuristics to analyze efficiently large programs, and experimental results show that with an approach leads to accurate results.The three main objectives of the approach are: 1) universality - hypothesis on the program to analyze are as weak as possible (no recompilation, no source code, possibly stripped), 2) scalability - the analysis aims to be lightweight enough to handle large programs, 3) soundness - we aim to minimize false positives in the results (e.g., detecting parameters of functions that actually do not exist).The thesis is divided in three parts: a first part presenting the context of reverse-engineering we work in, a second part in which we present our approach, and a third part to describe our implementation and numeric results.
Document type :
Complete list of metadatas

Cited literature [89 references]  Display  Hide  Download
Contributor : Abes Star :  Contact
Submitted on : Thursday, July 12, 2018 - 11:29:10 AM
Last modification on : Wednesday, October 7, 2020 - 3:02:45 AM
Long-term archiving on: : Monday, October 15, 2018 - 1:01:34 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01836311, version 1



Franck De Goër de Herve. Reverse-engineering of binaries in a single execution : a lightweight function-grained dynamic analysis. Programming Languages [cs.PL]. Université Grenoble Alpes, 2017. English. ⟨NNT : 2017GREAM058⟩. ⟨tel-01836311⟩



Record views


Files downloads