基于IDA-Pro的软件逆向分析方法  被引量:4

Reverse Analysis of Software Based on IDA-Pro

在线阅读下载全文

作  者:秦青文[1] 王戟[1] 孙旭光[2] 梅文华[2] 

机构地区:[1]国防科技大学计算机学院,长沙410073 [2]北京航空工程技术研究中心,北京100076

出  处:《计算机工程》2008年第22期86-88,99,共4页Computer Engineering

摘  要:二进制程序转换作为软件逆向分析的主要手段发挥着积极作用。该文给出一种程序转换方法,应用软件二进制程序经IDA Pro反汇编得汇编语言程序,依据下推自动机原理设计汇编文法识别该汇编文件、制定相应的转换规则和优化措施将汇编语言转换成中间语言。转换所得中间语言可读性较强,具有通用性且易于理解。该方法达到了较高的自动化程度,缩小了目标程序的代码量,其应用可有效地减少软件分析和调试人员在追踪代码时所需的时间和工作量。给出应用上述方法进行程序转换的实例。Binary program transformation has played an important role in reverse program analysis. This paper proposes a program transformation method. In the method, machine code is first disassembled by IDA Pro. Along with rules and optimizing strategies, the program is transformed to intermediate language. The deterministic finite automata and context-free grammars are designed to parse assembly language, and the code optimization theory is also included in dataflow analysis. The intermediate language has a good readability, generality and comprehensibility. After transformation, the code contracts dramatically. The technique described can run automatically, which effectively reduce the amount of time in solving software analysis problems and debugging executable programs. A transform instance using this technique is presented.

关 键 词:逆向分析 程序转换 中间语言 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象