|
|
Decompilation from Selected Object File Formats
Bandzi, Michal ; Láznička, Stanislav (referee) ; Matula, Peter (advisor)
Object files contain machine code that can be executed by processor unit. Structure of an object file is defined by its file format. In order to decompile an object file, it is necessary to process and convert file data to internal representation of decompiler. This thesis discusses design and implementation of new modules for file format processing that will be part of the Retargetable Decompiler project. The goal of this work is to add support for Intel HEX and Mach-O file formats and new implementation of already supported Portable Executable file format. Implementation of modules for file formats Intel HEX and Mach-O was successful and it is possible to use them for reverse compilation. Processing of PE file format is not possible in sufficient quality due to errors in used LLVM library.
|
|
|
Binary-Code Decoding to a High-Level Representation
Macko, Lukáš ; Soukup, Ondřej (referee) ; Matula, Peter (advisor)
The thesis deals with reverse techniques in software engineering. It presents practical application of software reverse engineering, used tools and approaches. The topic of instruction decoding is discussed in detail. Two basic methods are presented-linear sweep and recursive descent. Their strengths and weaknesses are highlighted. Subsequently a decompiler developed by AVG Technologies is introduced. The decompiler is retargetable. This feature allows to decompile applications of multiple platforms into various target languages. The aim of the thesis is to design and implement algorithm for decoding binary files into high-level representation. The designed algorithm is based on modified recursive descent algorithm, which uses control flow information. In order to achieve more accurate decoding results, symbol table records and other additional information are used. The proposed algorithm was implemented for the AVG Technologies retargetable decompiler. The tests showed that the implemented algorithm improved the function detection in decoded programs. Furthermore, the implemented solution allows to decode files that could not be analysed using the previous version of the decompiler.
|
|
|
Graphical User Interface of Retargetable Decompiler
Jánský, Jiří ; Zemek, Petr (referee) ; Matula, Peter (advisor)
P { margin-bottom: 0.21cm; direction: ltr; color: rgb(0, 0, 0); line-height: 150%; widows: 2; orphans: 2; }P.western { font-family: "Times New Roman",serif; font-size: 11pt; }P.cjk { font-family: "Times New Roman",serif; font-size: 11pt; }P.ctl { font-family: "Times New Roman",serif; font-size: 12pt; } The thesis deals with creating a graphic interface for disassembler of project Lissom, which is controlled from command line. The dissasembler produces a translated code and graphs of functions calling and flow control. The mentioned outputs of the disassembler shows, functionally connects and adds to each representations of outputs useful features.
|
|
|
Tools for Executable File Format Conversions
Matula, Peter ; Husár, Adam (referee) ; Hruška, Tomáš (advisor)
This paper describes methods and procedures used for object file format conversions. It introduces several commonly used formats (ELF, PE, E32Image, DEX) and project Lissom's object file format (LOFF). It contains basic information about libraries manipulating these formats and a description of a new library managing E32Image. The primary objective is to implement a program converting files between common formats and LOFF. This problem is solved by mapping all critical information from one format structures to another. To accomplish this task, it was necessary to modify and extend some features of Lissom object format. The result is the plugin based application capable of creating valid and runnable executable files in mentioned formats.
|
|
|
Analysis of C Code for Testing of Decompilation
Dítě, Viktor ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
The goal of this thesis is to extend framework for creation of regression tests with new functionality for analysis of C code. This framework is created in Python language and uses clang compiler for analysis of source code. The thesis contains description of area of reverse engineering and decompiler developed in AVG company. Then the area of software testing and C language are briefly introduced. Following chapters describe proposed and implemented extensions. These extensions are presented in sample tests. Summary of the results can be found in conclusion.
|
|
|
System for Pattern Recognition in Binary Files
Milkovič, Marek ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
Malicious software spreads really fast in the age of the Internet and it harms users and their data. Therefore, it is necessary to improve methods of how we deal with its analysis, so we can protect potential victims. This thesis deals with design and implementation of system for generating patterns out of executable files in cooperation with AVG Technologies. The goal of this work is to create a tool that generates a detection pattern from the set of binary files. This work further proposes new types of analyses for extraction of information out of executable files. Designed and implemented system is used in practice for analysis of new malicious code and it is integrated into the clustering system.
|
|
|
Generic Unpacker of Executable Files
Milkovič, Marek ; Hynek, Jiří (referee) ; Matula, Peter (advisor)
Executable files packing is a process used for compression or protection of these files. The behavior of the packed executable file is difficult to analyze, therefore the packed file needs to be unpacked at first. This work deals with the design and implementation of a generic unpacker that is part of the decompilation chain in the AVG's Retargetable Decompiler. The goal of this work is to create the generic unpacker of executable files, which would be easily extensible, platform and architecture independent, and its ouput would be decompilable. The heuristic analyses are proposed and implemented to achieve the decompilability of the ouput. The results are comparable with the other unpackers used in practice.
|
|
|
Binary-Code Decoding to a High-Level Representation
Macko, Lukáš ; Soukup, Ondřej (referee) ; Matula, Peter (advisor)
The thesis deals with reverse techniques in software engineering. It presents practical application of software reverse engineering, used tools and approaches. The topic of instruction decoding is discussed in detail. Two basic methods are presented-linear sweep and recursive descent. Their strengths and weaknesses are highlighted. Subsequently a decompiler developed by AVG Technologies is introduced. The decompiler is retargetable. This feature allows to decompile applications of multiple platforms into various target languages. The aim of the thesis is to design and implement algorithm for decoding binary files into high-level representation. The designed algorithm is based on modified recursive descent algorithm, which uses control flow information. In order to achieve more accurate decoding results, symbol table records and other additional information are used. The proposed algorithm was implemented for the AVG Technologies retargetable decompiler. The tests showed that the implemented algorithm improved the function detection in decoded programs. Furthermore, the implemented solution allows to decode files that could not be analysed using the previous version of the decompiler.
|
|
|
LLVM IR Optimizations for Decompilation
Kollár, Jaroslav ; Chaloupka, Jan (referee) ; Matula, Peter (advisor)
This master's thesis describes the design and implementation of optimizations in the middle-end part of a retargetable decompiler developed by AVG Technologies. The purpose of these optimizations is to improve readability of the produced source code and improve existing optimizations in the back-end part. In the introduction, basic information about reverse engineering and decompilation is provided. Then, a description of state of the retargetable decompiler before this work is given. After that, the main part of this work is presented, which describes the design and implementation of the proposed optimizations. Then, the techniques that were used for testing are described. This description is followed by a summary of the achieved results. The present work is concluded by a discussion of possible future development.
|
|
|
Decompilation of High-Level Constructions in C++ Binaries
Jakub, Dušan ; Křivka, Zbyněk (referee) ; Matula, Peter (advisor)
The thesis addresses the decompilation of high-level object-oriented C++ language from a machine code. The term reverse engineering is defined and existing decompilers are described with emphasis on their ability to reconstruct C++. AVG decompiler project is introduced, to which this thesis contributes. C++ language is analysed, both on a logical level and in the machine code and existing methods of decompilation are described. On this basis a novel method is introduced, capable of decompiling classes, their hierarchy, constructors, destructors and definitions and usages of virtual methods. The method is implemented, tested and evaluated. In the conclusion, several suggestions for future development of this project are presented.
|
guest ::
RSS feed.