Computer and Information Science, ACIS International Conference on (2008)
May 14, 2008 to May 16, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICIS.2008.84
Variable-argument functions, such as printf(), are broadly used in C programs because of its flexible usage of pointers. However, the recovery of such a function from a binary executable is not an easy task in the field of reverse compilation. The first problem is how to distinguish a variable-argument function from other functions in binary code. The second is how to implement avariable-argument function in a target program. The aim of this paper is to deal with these problems for IA-64 binary executables. We analyzed a large number of is assembled C programs to see how to implement variable-argument functions in machine code. According to calling conventions on IA-64/Linux platform, we abstracted some instruction patterns to recognize variable-argument functions from binary executables. Besides that, we put forward a normalization method to recover variable-argumentlists. We use an example compiled by GCC with -O0 option for demonstration, but our methods are not limited to any particular compiler and compiling option.
variable-argument function, reverse compilation, IA-64, calling convention, instruction pattern
Rongcai Zhao, Wen Fu, Jianmin Pang, Jingbo Zhang, "Recovering Variable-Argument Functions from Binary Executables", Computer and Information Science, ACIS International Conference on, vol. 00, no. , pp. 545-550, 2008, doi:10.1109/ICIS.2008.84