| 基于IDA-Pro的软件逆向分析方法 |
| |
| 引用本文: | 秦青文,王戟,孙旭光,梅文华.基于IDA-Pro的软件逆向分析方法[J].计算机工程,2008,34(22):86-88. |
| |
| 作者姓名: | 秦青文 王戟 孙旭光 梅文华 |
| |
| 作者单位: | 1. 国防科技大学计算机学院,长沙,410073
2. 北京航空工程技术研究中心,北京,100076 |
| |
| 摘 要: | 二进制程序转换作为软件逆向分析的主要手段发挥着积极作用。该文给出一种程序转换方法,应用软件二进制程序经IDA Pro反汇编得汇编语言程序,依据下推自动机原理设计汇编文法识别该汇编文件、制定相应的转换规则和优化措施将汇编语言转换成中间语言。转换所得中间语言可读性较强,具有通用性且易于理解。该方法达到了较高的自动化程度,缩小了目标程序的代码量,其应用可有效地减少软件分析和调试人员在追踪代码时所需的时间和工作量。给出应用上述方法进行程序转换的实例。
|
| 关 键 词: | 逆向分析 程序转换 中间语言 |
| 修稿时间: | |
Reverse Analysis of Software Based on IDA-Pro |
| |
| QIN Qing-wen,WANG Ji,SUN Xu-guang,MEI Wen-hua.Reverse Analysis of Software Based on IDA-Pro[J].Computer Engineering,2008,34(22):86-88. |
| |
| Authors: | QIN Qing-wen WANG Ji SUN Xu-guang MEI Wen-hua |
| |
| Affiliation: | (1. School of Computer, National University of Defense Technology, Changsha 410073;2. Beijing Aeronautical Technology Research Center, Beijing 100076 ) |
| |
| Abstract: | Binary program transformation has played an important role in reverse program analysis. This paper proposes a program transformation method. In the method, machine code is first disassembled by IDA Pro. Along with rules and optimizing strategies, the program is transformed to intermediate language. The deterministic finite automata and context-free grammars are designed to parse assembly language, and the code optimization theory is also included in dataflow analysis. The intermediate language has a good readability, generality and comprehensibility. After transformation, the code contracts dramatically. The technique described can run automatically, which effectively reduce the amount of time in solving software analysis problems and debugging executable programs. A transform instance using this technique is presented. |
| |
| Keywords: | reverse analysis program transformation intermediate language |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
