Title :
Equational Reasoning on x86 Assembly Code
Author :
Coogan, Kevin ; Debray, Saumya
Author_Institution :
Dept. of Comput. Sci., Univ. of Arizona, Tucson, AZ, USA
Abstract :
Analysis of software is essential to addressing problems of correctness, efficiency, and security. Existing source code analysis tools are very useful for such purposes, but there are many instances where high-level source code is not available for software that needs to be analyzed. A need exists for tools that can analyze assembly code, whether from disassembled binaries or from handwritten sources. This paper describes an equational reasoning system for assembly code for the ubiquitous Intel x86 architecture, focusing on various problems that arise in low-level equational reasoning, such as register-name aliasing, memory indirection, condition-code flags, etc. Our system has successfully been applied to the problem of simplifying execution traces from obfuscated malware executables.
Keywords :
instruction sets; invasive software; condition-code flags; equational reasoning system; malware executables; memory indirection; register-name aliasing; software analysis; source code analysis tools; ubiquitous Intel x86 architecture; x86 assembly code; Assembly; Cognition; Computer architecture; Equations; Mathematical model; Registers; Software; equational reasoning; static and dynamic analysis; x86 assembly;
Conference_Titel :
Source Code Analysis and Manipulation (SCAM), 2011 11th IEEE International Working Conference on
Conference_Location :
Williamsburg, VI
Print_ISBN :
978-1-4577-0932-6
DOI :
10.1109/SCAM.2011.15
