Title :
The library function recognition algorithm of PE file disassembler research and implementation
Author :
Qing Su ; Si, Si ; Wei-Ming Wu ; Jian-wei Huang ; Wei-feng Fan ; Xiao-Feng Li
Author_Institution :
Dept. of Comput. Sci., Guangdong Univ. of Technol., Guangzhou, China
Abstract :
In order to solve the problem of static library function recognition of Windows PE (Portable Execute) in the field of software reverse engineering, a new extraction algorithm based on the library function signature is presented. The algorithm extracts the library function signature of lib suffix to the files, then the disassembler identifies the functions with the library function signature and return the address and the corresponding library function name in the disassembly phase of PE files. The results show that the recognition algorithm is able to efficiently identify the library function address, and library function blocks.
Keywords :
file organisation; operating systems (computers); program assemblers; reverse engineering; software libraries; Windows PE file disassembler; disassembly phase; extraction algorithm; library function address identification; library function block identification; library function signature; portable execute file; software reverse engineering; static library function recognition; Algorithm design and analysis; Arrays; Data mining; Databases; Libraries; Software; Software algorithms; Portable Execute file; disassembly; feature code; library function identify; obfuscation;
Conference_Titel :
IT in Medicine and Education (ITME), 2011 International Symposium on
Conference_Location :
Cuangzhou
Print_ISBN :
978-1-61284-701-6
DOI :
10.1109/ITiME.2011.6132073
