Generic detection of the statically linked code

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F13%3APU106437" target="_blank" >RIV/00216305:26230/13:PU106437 - isvavai.cz</a>

Výsledek na webu

<a href="http://informatics.kpi.fei.tuke.sk/" target="_blank" >http://informatics.kpi.fei.tuke.sk/</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Generic detection of the statically linked code

Popis výsledku v původním jazyce

Detection of a statically linked code is an important step in a process of decompilation. It eliminates a code, which has to be processed by decompiler. It provides an additional information about recognized code as linked functions with the types and number of arguments and return values. The detection is based on signatures, which are generated from the static libraries. The signatures are composed of the first bytes of library modules, CRC codes, module sizes, and public symbols. A tree structure of signature improves performance by decreasing a number of compared bytes. Generic approach of detection is achieved by an usage of a common object file format. This ensures that the process is not restricted on specific architecture or file format. However, this lightly increases a number of functions, which cannot be distinguished.

Název v anglickém jazyce

Generic detection of the statically linked code

Popis výsledku anglicky

Detection of a statically linked code is an important step in a process of decompilation. It eliminates a code, which has to be processed by decompiler. It provides an additional information about recognized code as linked functions with the types and number of arguments and return values. The detection is based on signatures, which are generated from the static libraries. The signatures are composed of the first bytes of library modules, CRC codes, module sizes, and public symbols. A tree structure of signature improves performance by decreasing a number of compared bytes. Generic approach of detection is achieved by an usage of a common object file format. This ensures that the process is not restricted on specific architecture or file format. However, this lightly increases a number of functions, which cannot be distinguished.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/TA01010667" target="_blank" >TA01010667: Systém pro podporu platformě nezávislé analýzy škodlivého kódu ve spustitelných souborech</a><br>

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013

ISBN

978-80-8143-127-2

ISSN

—

e-ISSN

—

Počet stran výsledku

5

Strana od-do

157-161

Název nakladatele

Faculty of Electrical Engineering and Informatics, University of Technology Košice

Místo vydání

Spišská Nová Ves

Místo konání akce

Spišská Nová Ves

Datum konání akce

5. 11. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—