Home // SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies // View article

Accurate Retargetable Decompilation Using Additional Debugging Information

Authors:
Jakub Křoustek
Peter Matula
Jaromír Končický
Dušan Kolář

Keywords: decompilatiom; debugging information; PDB; DWARF; Lissom

Abstract:
In this paper, we present an extension of an existing automatically generated retargetable decompiler that is capable to parse, process, and utilize compiler-generated debugging information. This tool can be used for dealing with several security-related issues (e.g., forensics, malware analysis, vulnerability detection). Additional debugging information is used for an accurate reconstruction of platform-dependent binary applications into a well-readable high-level-language representation. The proposed solution is platform and debugging-format independent. In present, two major debugging formats - DWARF and Microsoft PDB - are supported; the extracted information is used for a recovery of several high-level constructions (e.g., variables, functions and their arguments). The proposed concept was validated by experimental results.

Pages: 79 to 84

Copyright: Copyright (c) IARIA, 2012

Publication date: August 19, 2012

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-209-7

Location: Rome, Italy

Dates: from August 19, 2012 to August 24, 2012