2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) (2017)
Urbana, IL, USA
Oct. 30, 2017 to Nov. 3, 2017
Thomas Rupprecht , University of Bamberg, Germany
Xi Chen , Microsoft, Canada
David H. White , University of Bamberg, Germany
Jan H. Boockmann , University of Bamberg, Germany
Gerald Luttgen , University of Bamberg, Germany
Herbert Bos , Vrije Universiteit Amsterdam, The Netherlands
Reverse engineering binary code is notoriously difficult and, especially, understanding a binary's dynamic data structures. Existing data structure analyzers are limited wrt. program comprehension: they do not detect complex structures such as skip lists, or lists running through nodes of different types such as in the Linux kernel's cyclic doubly-linked list. They also do not reveal complex parent-child relationships between structures. The tool DSI remedies these shortcomings but requires source code, where type information on heap nodes is available. We present DSIbin, a combination of DSI and the type excavator Howard for the inspection of C/C++ binaries. While a naive combination already improves upon related work, its precision is limited because Howard's inferred types are often too coarse. To address this we auto-generate candidates of refined types based on speculative nested-struct detection and type merging; the plausibility of these hypotheses is then validated by DSI. We demonstrate via benchmarking that DSIbin detects data structures with high precision.
Tools, Shape, Data structures, Linux, Kernel, Benchmark testing, Merging
T. Rupprecht, X. Chen, D. H. White, J. H. Boockmann, G. Luttgen and H. Bos, "DSIbin: Identifying dynamic data structures in C/C++ binaries," 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), Urbana, IL, USA, 2017, pp. 331-341.