Analyzing Memory Accesses in x86 Executables

  • Gogul Balakrishnan
  • Thomas Reps
Conference paper

DOI: 10.1007/978-3-540-24723-4_2

Volume 2985 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Balakrishnan G., Reps T. (2004) Analyzing Memory Accesses in x86 Executables. In: Duesterwald E. (eds) Compiler Construction. CC 2004. Lecture Notes in Computer Science, vol 2985. Springer, Berlin, Heidelberg

Abstract

This paper concerns static-analysis algorithms for analyzing x86 executables. The aim of the work is to recover intermediate representations that are similar to those that can be created for a program written in a high-level language. Our goal is to perform this task for programs such as plugins, mobile code, worms, and virus-infected code. For such programs, symbol-table and debugging information is either entirely absent, or cannot be relied upon if present; hence, the technique described in the paper makes no use of symbol-table/debugging information. Instead, an analysis is carried out to recover information about the contents of memory locations and how they are manipulated by the executable.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Gogul Balakrishnan
    • 1
  • Thomas Reps
    • 1
  1. 1.Comp. Sci. Dept.University of Wisconsin