|
|
Retargetable Analysis of Machine Code
Křoustek, Jakub ; Janoušek, Jan (referee) ; Návrat,, Pavol (referee) ; Kolář, Dušan (advisor)
Analýza softwaru je metodologie, jejímž účelem je analyzovat chování daného programu. Jednotlivé metody této analýzy je možné využít i v dalších oborech, jako je zpětné inženýrství, migrace kódu apod. V této práci se zaměříme na analýzu strojového kódu, na zjištění nedostatků existujících metod a na návrh metod nových, které umožní rychlou a přesnou rekonfigurovatelnou analýzu kódu (tj. budou nezávislé na konkrétní cílové platformě). Zkoumány budou dva typy analýz - dynamická (tj. analýza za běhu aplikace) a statická (tj. analýza aplikace bez jejího spuštění). Přínos této práce v rámci dynamické analýzy je realizován jako rekonfigurovatelný ladicí nástroj a dále jako dva typy tzv. rekonfigurovatelného translátovaného simulátoru. Přínos v rámci statické analýzy spočívá v navržení a implementování rekonfigurovatelného zpětného překladače, který slouží pro transformaci strojového kódu zpět do vysokoúrovňové reprezentace. Všechny tyto nástroje jsou založeny na nových metodách navržených autorem této práce. Na základě experimentálních výsledků a ohlasů od uživatelů je možné usuzovat, že tyto nástroje jsou plně srovnatelné s existujícími (komerčními) nástroji a nezřídka dosahují i lepších výsledků.
|
|
|
Code Analysis and Transformation
Křoustek, Jakub ; Masařík, Karel (referee) ; Meduna, Alexandr (advisor)
This paper describes methods and procedures used for code analysis and transformation. It contains basic information of a science discipline called reverse engineering and its use in information technologies. The primary objective is a construction of tool that can disassemble from binary form to symbolic machine code. This operation is highly dependent on the concrete instruction set, and it has to be used for a beforehand known processor architecture. This problem is solved with patterns, plug-ins, and modularity of disassembler. These features provide users the ability to add new instruction sets into this disassembler. The output is the text representation of instructions and is functionally equivalent to the in-put. The thesis demonstrates usual methods of disassembly as well as the methods made by the author.
|
|
|
Windows Software Protection Against Reverse Engineering
Korvas, Pavol ; Ďurfina, Lukáš (referee) ; Hruška, Tomáš (advisor)
This thesis deals with familiarization with the reverse engineering, the modalities of its use and misuse in practice and becoming familiar with existing tools to protect software and tools developed within the Lissom project. It also focuses on the analysis of existing methods of security breaches and the proposal of protection for Lissom project applications in collaboration with the license server for operating system Windows.
|
|
|
Interactive Disassembler
Mrva, Milan ; Přikryl, Zdeněk (referee) ; Křoustek, Jakub (advisor)
This thesis describes procedures and tools of reverse engineering in terms of software development. There are introduces different techniques of protection against decomposition of executables. The work also mentions some programs used for decomposition analysis. Furthermore it contains information about architecture of processing units, with emphasis on microprocessors Intel and Motorola. Variety of executable formats is shown. Generic retargetable disassembler was implemented. There is a description of its structure and plugins. These plugins represents three algorithms used for disassembling a program. One of them applies a multi-process parsing engine, which is an own design by author of the thesis. At the end, these techniques are compared and further development is outlined.
|
|
|
Enhancement of Decompilation Results
Končický, Jaromír ; Ďurfina, Lukáš (referee) ; Křoustek, Jakub (advisor)
As a part of the Lissom project, a retargetable decompiler is being developed. Its main purpose is to decompile programs for any particular microprocessor architecture into any high-level programming language. At this thesis's beginning time, its results are not optimal because the decompiler doesn't utilize all program's additional information during decompilation that can improve the results. In this thesis, reverse engineering and Lissom decompiler is described. Techniques of using additional information to enhance decompilation results are proposed. These are data section content analysis and debug information analysis (specifically the debug information in PDB format which is proprietary format). Exploration of internal PDB structure and its content is a part of this thesis. The implementation of data section analysis and debug information utilizing is described and in the end, final decompilation results are discussed.
|
|
|
Java Bytecode Disassembler
Macháček, Ondřej ; Letko, Zdeněk (referee) ; Fiedor, Jan (advisor)
This thesis focus on the structure of Java class file and disassembling bytecode instructions of Java language. Part of this thesis is a library, for disassembling Java class files. With this library one can explore the structure of a disassembled class file. Another part is a graphical application, which shows how to work with library.
|
|
|
Windows PE Transformation into Control Flow Graph
Jirák, Ota ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
This thesis is interested in format of executable files EXE. It is focused on parts relevant for reverse engineering. It is interested in assembler, binary representation of instruction and disassembling. Follow I introduce converting from executables to control flow graph, basic structures (branches, cycles) detection.
|
|
|
Implementation of General Disassembler
Přikryl, Zdeněk ; Masařík, Karel (referee) ; Lukáš, Roman (advisor)
This thesis presents the process of creating disassembler for new designed processors. We demand automatic generation of the disassembler. Instruction set for processor is modeled by specialized language ISAC, which offers resources for description of the instruction set. For example it describes format of instruction in the assembly language or format of instruction in the binary form or behavior of this instruction. Internal model is coupled finite automata, which describes relation of textual form of the instruction and binary form of the instruction in formal way. The code of disassembler is generated from the internal model. This disassembler accepts program in binary code at the input and generate equivalent program in assembly language at the output.
|
|
|
Code Analysis and Transformation To a High-Level Language
Křoustek, Jakub ; Masařík, Karel (referee) ; Meduna, Alexandr (advisor)
This paper describes methods and procedures used for code analysis and transformation. It contains basic information of a science discipline called reverse engineering and its use in information technologies. The primary objective is a construction of a generic reverse compiler or decompiler, i.e. tool that can recompile from binary form (optionally from symbolic machine code) to a high level language. This operation is highly dependent on the concrete instruction set and processor architecture. This problem is solved with description of semantic of each instruction by a special language designed for this use. The output is the high level language code and is functionally equivalent to the input. The program is therefore able to work with each instruction set and code written by it can be transformed into the chosen high level language. This proposal is implemented in practice as a part of project Lissom. Generic decompiler is completely new idea. The thesis contains entirely new techniques from theory of compilers and optimizations made by the author.
|
|
|
Enhancement of Decompilation by Using Dynamic Code Analysis
Končický, Jaromír ; Zemek, Petr (referee) ; Ďurfina, Lukáš (advisor)
As a part of the Lissom project, a retargetable decompiler is being developed. Its main purpose is to decompile programs for a particular microprocessor architecture into a high-level programming language. In present, methods of dynamic code analysis are not used during decompilation. However, we can significantly improve the decompilation results by using these methods. Design of dynamic-analysis methods is the main task of this thesis. In this thesis, reverse engineering and Lissom decompiler are described. Furthermore, general dynamic analysis methods, such as instrumentation and emulation, are described. The information we can obtain by using dynamic analysis and its usage during decompilation is proposed.
|
guest ::
