基于混合分析的二进制程序控制流图构建方法

构建控制流图（CFG）是二进制程序分析的基础工作，针对静态构建方法无法处理间接跳转，动态构建方法效率低、不适用于大规模程序的问题，提出结合静态分析和动态分析的混合分析方法. 使用静态分析获得基础的控制流信息；采用模糊测试生成测试用例以进行动态分析，利用动态插桩获得间接跳转信息；融合静态分析和动态分析结果生成控制流图. 基于该混合分析方法，设计并实现了面向x86平台二进制程序的控制流图构建工具CFGConstructor. 分别在示例程序和CGC数据集上进行实验，评估该工具的有效性和性能. 实验结果表明CFGConstructor相比于静态分析能够构建更加完备的控制流图，相比于动态分析分析效率更高，能够适用于大规模程序.

Construction approach for control flow graph from binaries using hybrid analysis

The construction of control flow graph (CFG) was the basis of binary program analysis. A hybrid analysis approach combining static and dynamic analysis techniques was proposed, for the problems that the static construction method cannot handle the indirect jump cases and dynamic construction methods were inefficient and not suitable for large-scale programs. The static analysis technique was used to obtain the basic control flow of the target program. Test cases generated by fuzz testing were used to dynamically analyze the target program, during which a dynamic binary instrumentation technique was used to obtain information of indirect jumps. Finally, the analysis results in the former two steps were integrated to generate CFGs. A CFG construction system CFGConstructor targeting on x86 binaries was designed and implemented based on the proposed hybrid analysis method. Experiments were carried out on the sample programs and CGC dataset to evaluate the effectiveness and efficiency. Results show that the proposed approach can construct more complete CFGs than static analysis do, and is more efficient than dynamic analysis, capable to analyze large programs.