基于静态逆向的工控软件函数调用获取技术  

作　　者：官斌 GUAN Bin(No.709 Canglong Avenue,Jiangxia Distinct,Wuhan 430205)

机构地区：[1]武汉市江夏区藏龙大道709号,武汉430205

出　　处：《计算机与数字工程》2024年第9期2745-2751,2777,共8页Computer & Digital Engineering

摘　　要：针对代码非开源的工控软件,论文提出了基于静态逆向分析的软件函数调用关系获取方法,为后续进行软件缺陷、后门和恶意代码检测提供分析依据。分为以下三个步骤:采用识别调用/跳转指令的方法提取程序的函数调用关系和调用次序,并将其可视化为函数调用图;将函数调用关系以总分表的结构形式进行存储,支持快速查找单个函数的调用关系分表,实现函数调用关系的存储备份;此外,采用关键词对函数列表进行筛选,并提取关键函数的函数调用关系,将全局函数调用关系图简化为关键函数调用关系图,以便降低内部函数调用的复杂程度对于逆向分析的影响,提高逆向分析的效率。实验结果表明,通过论文方法获得的函数调用关系较为准确和全面,可为基于逆向分析的后门和恶意代码检测提供较好的支撑。Aiming at industrial control software with non-open source code,this paper proposes a method to obtain software function call relationship based on static reverse analysis,which provides an analysis basis for subsequent software defect,backdoor and malicious code detection.It includes three parts,which are the extraction,visualization and storage of function call relationship by identifying call/jump instructions to extract the function call relationship and call sequence of the program,and they are visualized as a function call graph.This method stores the function call relationship in the database in the form of a total-sub table,which supports quick search of the call relationship sub-table of a single function,and realizes the storage and backup of the function call relationship.In addition,this method uses keywords to filter the function list and extract the function call relationship of key functions,and the huge global function call relationship diagram is simplified into a key function call relationship diagram,which can reduce the influence of the complexity of internal function calls on the reverse analysis and improve the efficiency of the reverse analysis.The experimental results show that the function call relationship obtained by this method is more accurate and comprehensive.

关 键 词：逆向分析 反汇编 工控软件 关键函数调用 

分 类 号：TP39[自动化与计算机技术—计算机应用技术]