检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]解放军信息工程大学信息工程学院,郑州450002
出 处:《计算机科学》2012年第7期302-304,316,共4页Computer Science
基 金:国家863项目核心芯片安全缺陷发现及其逆向分析模拟仿真系统(2009AA01Z434)资助
摘 要:反汇编是固件代码逆向分析的重要研究内容,其正确性直接影响固件代码逆向分析的准确性。固件代码结构具有特殊性,针对上层应用程序的反汇编算法大都不能直接用于固件代码的反汇编。中断向量表是固件代码的重要组成部分,从中断向量开始对中断服务子程序进行反汇编,可提高固件代码反汇编的精度。通过对固件代码结构特点的研究分析,介绍了中断向量表的重构方法,提出了一种基于中断向量表重构的固件代码反汇编技术。经测试分析,与传统的静态反汇编技术相比,基于中断向量表重构的固件代码反汇编技术不仅能够对固件代码中的主函数进行反汇编,还能够对中断服务子程序进行反汇编,反汇编精度平均提高了8.72%。Disassembly is an important part of firmware reverse engineering analysis, whose correctness directly influ- ences the precision of FREA. At present, most of the disassembly methods focus on practical program. However, these methods could not be directly used in firm-code disassembly due to its particularity. IVT (Interrupt Vector Table) is the core of firm-code. Effective interrupt vectors are available by reconstructing the IVT. The more interrupt vectors we ob- tain, the more precise the disassembly result is. The structural characteristics of firm-code were studied, and the IVT re- construction method was introduced. Moreover, a disassembly technology based on the reconstruction of IVT was pro- posed. The experimental results show that the proposed technology can effectively improve the precision of firm-code disassembly, by which both of main function and interrupt subprograms could be disassembled, compared with traditional static disassembly methods. The disassembly precision is increased by 8. 72% in average.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.149.249.140