逆向工程中反射植入的研究

逆向工程辅助程序理解，而动态分析是理解面向对象软件系统的一种重要手段，通过植入，才能准确提取系统运行时的信息，常见的植入方法中，植入代码和目标代码处于同一计算层次，在植入过程中，需要对目标代码进行除编译分析之外的额外语法分析。该文提出反射植入思想，将植入的软件触发器和被植入的目标系统作为两个计算层次来处理，通过反射层元对象干预编译过程，实现源代码的植入；首先详细描述反射植入核心算法及识别调用方元信息和对象标识的思路，然后在扩充开放编译器的基础上实现了全局函数和系统调用语句前植入代码的算法，最后对该植入机制进行系统的实验研究。结果表明，反射植入机制不会破坏源代码本身的执行逻辑，能正确有效地植入代码并收集到系统运行时的信息。同时，多次植入的对比数据也证明了反射植入算法的收敛性。

Study of Reflection Instrumentation in Reverse Engineering

Dynamic analysis is an important approach for users to comprehend object-oriented software system. Run-time information of software system can be extracted by instrumentation mechanism. In conventional approaches, instrumented codes stand at the same level with source codes. Based on reflection principle and techniques, this paper provides the approach of reflection instrumentation, in which the instrumented codes and source codes are placed at different two levels. Through the approach, meta-object at meta-level can intervene compiling process, and thus change the behavior of object at base level. First, the algorithm of reflection instrumentation and the approach of identifying object ID are given. Second, the algorithm of instrumentation in front of the call statements of global function and system call is implemented by extending the open compiler. Finally, a case study is given to show the principle and effectiveness of reflection instrumentation. The results indicate that the reflection instrumentation mechanism can instrument codes into source codes of software system accurately and effectually, not destroying the business logic of the source system. The convergence of the algorithms for reflection instrumentation can also be proven by the data collected from multi-instrumentation.