Recovering Variable-Argument Functions from Binary Executables

May 14-May 16

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICIS.2008.84

Seventh IEEE/ACIS International Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wen Fu Articles by Rongcai Zhao Articles by Jianmin Pang Articles by Jingbo Zhang

	ASCII Text	x
	Wen Fu, Rongcai Zhao, Jianmin Pang, Jingbo Zhang, "Recovering Variable-Argument Functions from Binary Executables," Computer and Information Science, ACIS International Conference on, pp. 545-550, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008), 2008.

	BibTex	x
	@article{ 10.1109/ICIS.2008.84, author = {Wen Fu and Rongcai Zhao and Jianmin Pang and Jingbo Zhang}, title = {Recovering Variable-Argument Functions from Binary Executables}, journal ={Computer and Information Science, ACIS International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3131-1}, pages = {545-550}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICIS.2008.84}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer and Information Science, ACIS International Conference on TI - Recovering Variable-Argument Functions from Binary Executables SN - 978-0-7695-3131-1 SP545 EP550 A1 - Wen Fu, A1 - Rongcai Zhao, A1 - Jianmin Pang, A1 - Jingbo Zhang, PY - 2008 KW - variable-argument function KW - reverse compilation KW - IA-64 KW - calling convention KW - instruction pattern VL - 0 JA - Computer and Information Science, ACIS International Conference on ER -

Wen Fu

Rongcai Zhao

Jianmin Pang

Jingbo Zhang

Variable-argument functions, such as printf(), are broadly used in C programs because of its flexible usage of pointers. However, the recovery of such a function from a binary executable is not an easy task in the field of reverse compilation. The first problem is how to distinguish a variable-argument function from other functions in binary code. The second is how to implement avariable-argument function in a target program. The aim of this paper is to deal with these problems for IA-64 binary executables. We analyzed a large number of??is assembled C programs to see how to implement variable-argument functions in machine code. According to calling conventions on IA-64/Linux platform, we abstracted some instruction patterns to recognize variable-argument functions from binary executables. Besides that, we put forward a normalization method to recover variable-argumentlists. We use an example compiled by GCC with -O0 option for demonstration, but our methods are not limited to any particular compiler and compiling option.

Index Terms:

variable-argument function, reverse compilation, IA-64, calling convention, instruction pattern

Citation:

Wen Fu, Rongcai Zhao, Jianmin Pang, Jingbo Zhang, "Recovering Variable-Argument Functions from Binary Executables," icis, pp.545-550, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.