反汇编工具中间接跳转表求解算法分析与测试  

作　　者：庞成宾 徐雪兰 张天泰 茅兵 PANG Cheng-Bin;XU Xue-Lan;ZHANG Tian-Tai;MAO Bing(State Key Laboratory for Novel Software Technology(Nanjing University),Nanjing 210023,China;Department of Computer Science and Technology,Nanjing University,Nanjing 210023,China)

机构地区：[1]计算机软件新技术国家重点实验室(南京大学),江苏南京210023 [2]南京大学计算机科学与技术系,江苏南京210023

出　　处：《软件学报》2024年第10期4623-4641,共19页Journal of Software

基　　金：国家自然科学基金(62032010,62172201)。

摘　　要：二进制反汇编是困难的,但是对于提高二进制软件的安全性至关重要.造成二进制反汇编比较困难的一大原因是编译器为了提高效率会在二进制代码中引入很多间接跳转表.为了求解间接跳转表,主流反汇编工具采用了各种策略.然而,这些策略的具体实现以及策略的效果不得而知.为了帮助研究人员理解反汇编工具的算法实现以及性能,首先系统总结反汇编工具求解间接跳转表的策略;然后构建自动化测试间接跳转表框架,基于该框架,可以大规模地生成关于间接跳转表的测试集(包含2410455个跳转表);最后,在该测试集上,对反汇编工具求解间接跳转表的性能进行评估,并人工分析反汇编工具的每个策略引入的错误.另外,得益于针对反汇编工具算法实现的系统性总结,发现6个反汇编工具实现上的bugs.Disassembly of binary codes is hard but necessary for improving the security of binary software.One of the major reasons for the difficult binary disassembly is that the compilers create many indirect jump tables in the binary code for efficiency.In order to solve the targets of the indirect jump table,mainstream disassembly tools use various strategies.However,the details of the implementation of these strategies and their effectiveness are not well studied.To help researchers to well understand the algorithm implementation and performance of disassembly tools,this study first systematically summarizes the strategies used by disassembly tools to solve indirect jump tables;then the study builds an automatic framework for testing indirect jump tables,based on which a large-scale testsuite on indirect jump tables(2410455 jump tables)can be generated.Lastly,this study evaluates the performance of the disassembly tools in solving indirect jump tables on the testsuite and manually analyzes the errors introduced by each strategy of the disassembly tools.In addition,this study finds six bugs in the implementation of the disassembly tools benefiting from the systematic summary of the implementation of the disassembly tool algorithm.

关 键 词：二进制反汇编 控制流 间接跳转表 值集分析 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]