Title :
Recovering Variable-Argument Functions from Binary Executables
Author :
Fu, Wen ; Zhao, Rongcai ; Pang, Jianmin ; Zhang, Jingbo
Author_Institution :
China Nat. Digital Switching Syst. Eng. & Technol. Res. Center, Zhengzhou
Abstract :
Variable-argument functions, such as printf(), are broadly used in C programs because of its flexible usage of pointers. However, the recovery of such a function from a binary executable is not an easy task in the field of reverse compilation. The first problem is how to distinguish a variable-argument function from other functions in binary code. The second is how to implement a variable-argument function in a target program. The aim of this paper is to deal with these problems for IA-64 binary executables. We analyzed a large number of disassembled C programs to see how to implement variable-argument functions in machine code. According to calling conventions on IA-64/Linux platform, we abstracted some instruction patterns to recognize variable-argument functions from binary executables. Besides that, we put forward a normalization method to recover variable-argument lists. We use an example compiled by GCC with -O0 option for demonstration, but our methods are not limited to any particular compiler and compiling option.
Keywords :
Linux; program compilers; system recovery; GCC; IA-64-Linux platform; binary executable task; disassembled C program; reverse compilation; variable-argument function recovering; Binary codes; Computer bugs; High level languages; Information science; Linux; Pattern recognition; Program processors; Switching systems; Systems engineering and theory; Testing; IA-64; calling convention; instruction pattern; reverse compilation; variable-argument function;
Conference_Titel :
Computer and Information Science, 2008. ICIS 08. Seventh IEEE/ACIS International Conference on
Conference_Location :
Portland, OR
Print_ISBN :
978-0-7695-3131-1
DOI :
10.1109/ICIS.2008.84
