Sciweavers

WCRE
2006
IEEE

Extracting Output Formats from Executables

14 years 6 months ago
Extracting Output Formats from Executables
We describe the design and implementation of FFE/x86 (File-Format Extractor for x86), an analysis tool that works on stripped executables (i.e., neither source code nor debugging information need be available) and extracts output data formats, such as file formats and network packet formats. We first construct a Hierarchical Finite State Machine (HFSM) that over-approximates the output data format. An HFSM defines a language over the operations used to generate output data. We use Value-Set Analysis (VSA) and Aggregate Structure Identification (ASI) to annotate HFSMs with information that partially characterizes some of the output data values. VSA determines an over-approximation of the set of addresses and integer values that each data object can hold at each program point, and ASI analyzes memory accesses in the program to recover information about the structure of aggregates. A series of filtering operations is performed to over-approximate an HFSM with a finite-state machine...
Junghee Lim, Thomas W. Reps, Ben Liblit
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where WCRE
Authors Junghee Lim, Thomas W. Reps, Ben Liblit
Comments (0)