|
|
Interactive Disassembler
Mrva, Milan ; Přikryl, Zdeněk (referee) ; Křoustek, Jakub (advisor)
This thesis describes procedures and tools of reverse engineering in terms of software development. There are introduces different techniques of protection against decomposition of executables. The work also mentions some programs used for decomposition analysis. Furthermore it contains information about architecture of processing units, with emphasis on microprocessors Intel and Motorola. Variety of executable formats is shown. Generic retargetable disassembler was implemented. There is a description of its structure and plugins. These plugins represents three algorithms used for disassembling a program. One of them applies a multi-process parsing engine, which is an own design by author of the thesis. At the end, these techniques are compared and further development is outlined.
|
|
|
Enhancement of Decompilation Results
Končický, Jaromír ; Ďurfina, Lukáš (referee) ; Křoustek, Jakub (advisor)
As a part of the Lissom project, a retargetable decompiler is being developed. Its main purpose is to decompile programs for any particular microprocessor architecture into any high-level programming language. At this thesis's beginning time, its results are not optimal because the decompiler doesn't utilize all program's additional information during decompilation that can improve the results. In this thesis, reverse engineering and Lissom decompiler is described. Techniques of using additional information to enhance decompilation results are proposed. These are data section content analysis and debug information analysis (specifically the debug information in PDB format which is proprietary format). Exploration of internal PDB structure and its content is a part of this thesis. The implementation of data section analysis and debug information utilizing is described and in the end, final decompilation results are discussed.
|
|
|
Java Bytecode Disassembler
Macháček, Ondřej ; Letko, Zdeněk (referee) ; Fiedor, Jan (advisor)
This thesis focus on the structure of Java class file and disassembling bytecode instructions of Java language. Part of this thesis is a library, for disassembling Java class files. With this library one can explore the structure of a disassembled class file. Another part is a graphical application, which shows how to work with library.
|
|
|
Windows PE Transformation into Control Flow Graph
Jirák, Ota ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
This thesis is interested in format of executable files EXE. It is focused on parts relevant for reverse engineering. It is interested in assembler, binary representation of instruction and disassembling. Follow I introduce converting from executables to control flow graph, basic structures (branches, cycles) detection.
|
|
|
Implementation of General Disassembler
Přikryl, Zdeněk ; Masařík, Karel (referee) ; Lukáš, Roman (advisor)
This thesis presents the process of creating disassembler for new designed processors. We demand automatic generation of the disassembler. Instruction set for processor is modeled by specialized language ISAC, which offers resources for description of the instruction set. For example it describes format of instruction in the assembly language or format of instruction in the binary form or behavior of this instruction. Internal model is coupled finite automata, which describes relation of textual form of the instruction and binary form of the instruction in formal way. The code of disassembler is generated from the internal model. This disassembler accepts program in binary code at the input and generate equivalent program in assembly language at the output.
|
|
|
Code Analysis and Transformation To a High-Level Language
Křoustek, Jakub ; Masařík, Karel (referee) ; Meduna, Alexandr (advisor)
This paper describes methods and procedures used for code analysis and transformation. It contains basic information of a science discipline called reverse engineering and its use in information technologies. The primary objective is a construction of a generic reverse compiler or decompiler, i.e. tool that can recompile from binary form (optionally from symbolic machine code) to a high level language. This operation is highly dependent on the concrete instruction set and processor architecture. This problem is solved with description of semantic of each instruction by a special language designed for this use. The output is the high level language code and is functionally equivalent to the input. The program is therefore able to work with each instruction set and code written by it can be transformed into the chosen high level language. This proposal is implemented in practice as a part of project Lissom. Generic decompiler is completely new idea. The thesis contains entirely new techniques from theory of compilers and optimizations made by the author.
|
|
|
Enhancement of Decompilation by Using Dynamic Code Analysis
Končický, Jaromír ; Zemek, Petr (referee) ; Ďurfina, Lukáš (advisor)
As a part of the Lissom project, a retargetable decompiler is being developed. Its main purpose is to decompile programs for a particular microprocessor architecture into a high-level programming language. In present, methods of dynamic code analysis are not used during decompilation. However, we can significantly improve the decompilation results by using these methods. Design of dynamic-analysis methods is the main task of this thesis. In this thesis, reverse engineering and Lissom decompiler are described. Furthermore, general dynamic analysis methods, such as instrumentation and emulation, are described. The information we can obtain by using dynamic analysis and its usage during decompilation is proposed.
|
|
|
Translation of x86 Binary Code To a High-Level Language
Jurík, Marián ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The purpose of this MSc thesis is to create design and implementation of program for translation of x86 binary code to a high-level programming language. There is described PE file format for executables used in MS Windows operating systems in the first part of work. This document contains general information about instruction set IA-32, especially a way of decoding binary code to assembly language. There are described typical program constructions, which are being used in compilers. Design of creation high-level programming language was inspired by existing programming languages. Conclusion is made about advantages and disadvantages of approach used in this thesis.
|
|
|
Java Bytecode Disassembler
Hřibal, Jaromír ; Kučera, Jiří (referee) ; Křivka, Zbyněk (advisor)
The first part of this thesis studies the fundamental principles of Java Virtual Machine and presents in depth look at its instruction set and . class file format, both together well known as bytecode . The next part presents an overview of the existing tools for bytecode manipulation . The last part of this work describes the development of a new plugin for Eclipse IDE . This plugin allows the user to get more comfortable view of the given bytecode and to see the original source code from which the bytecode was generated . The plugin requires the source code to be accessible so it is not a typical decompilation tool .
|
|
|
Malware analysis and reverse engineering
Šváb, Martin ; Čermák, Igor (advisor) ; Hlaváč, Jindřich (referee)
Focus of this thesis is reverse engineering in information technology closely linked with the malware analysis. It explains fundamentals of IA-32 processors architecture and basics of operating system Microsoft Windows. Main part of this thesis is dedicated to the malware analysis, including description of creating a tool for simplification of static part of the analysis. In Conclusion various approaches to the malware analysis, which were described in previous part of the thesis, are practically demonstrated on unknown malware sample.
|
guest ::
