Advertisement

Automatically Resolving Virtual Function Calls in Binary Executables

  • Tao Wei
  • Runpu Wu
  • Tielei Wang
  • Xinjian Zhao
  • Wei Zou
  • Weihong Zheng
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 157)

Abstract

Call graph plays an important role in interprocedural program analysis methods. However, due to the common exist of function pointers and virtual functions in large programs, call graphs used in current program analysis systems are usually incomplete and imprecise, especially in analysis systems for binary executables. In this paper, we present a scalable and effective approach to automatically resolve virtual-function calls in executables. For the benchmark used in previous studies, our approach resolved almost 100% of reachable virtual function call-sites, whereas CodeSurfer/x86 resolved about 82%.

Keywords

Symbolic Execution Intermediate Representation Call Graph Virtual Function Binary Translator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Uqbt:a resourceable and retargetable binary translator, http://www.itee.uq.edu.au/~cristina/uqbt.html
  3. 3.
    Balakrishnan, G., Reps, T.: Recency-abstraction for heap-allocated storage. In: Proc. Static Analysis Symposium, pp. 221–239 (2006)Google Scholar
  4. 4.
    Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: Proc. the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 213–223 (2005)Google Scholar
  5. 5.
    King, J.C.: Symbolic execution and program testing. Communications of the ACM 19(7) (1976)Google Scholar
  6. 6.
    Pande, H.D., Ryder, B.G.: Data-flow-based virtual function resolution. In: Proc. Static Analysis Symposium, pp. 238–254 (1996)Google Scholar
  7. 7.
    Wang, T., Wei, T., Lin, Z., Zou, W.: Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In: Proc. 16th Annual Network & Distributed System Security Symposium (2009)Google Scholar
  8. 8.
    Wei, T., Mao, J., Zou, W., Chen, Y.: A new algorithm for identifying loops in decompilation. In: Proc. Static Analysis Symposium, pp. 170–183 (2007)Google Scholar
  9. 9.
    Wei, T., Mao, J., Zou, W., Chen, Y.: Structuring 2-way branches in binary executables. In: Proc. 31st Annual International Computer Software and Applications Conference, pp. 115–118 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tao Wei
    • 1
  • Runpu Wu
    • 2
  • Tielei Wang
    • 1
  • Xinjian Zhao
    • 1
  • Wei Zou
    • 1
  • Weihong Zheng
    • 2
  1. 1.Peking UniversityBeijingChina
  2. 2.China Information Technology Security Evaluation CenterBeijingChina

Personalised recommendations