|
|
Graphical User Interface of Retargetable Decompiler
Jánský, Jiří ; Zemek, Petr (referee) ; Matula, Peter (advisor)
P { margin-bottom: 0.21cm; direction: ltr; color: rgb(0, 0, 0); line-height: 150%; widows: 2; orphans: 2; }P.western { font-family: "Times New Roman",serif; font-size: 11pt; }P.cjk { font-family: "Times New Roman",serif; font-size: 11pt; }P.ctl { font-family: "Times New Roman",serif; font-size: 12pt; } The thesis deals with creating a graphic interface for disassembler of project Lissom, which is controlled from command line. The dissasembler produces a translated code and graphs of functions calling and flow control. The mentioned outputs of the disassembler shows, functionally connects and adds to each representations of outputs useful features.
|
|
|
Tools for Executable File Format Conversions
Matula, Peter ; Husár, Adam (referee) ; Hruška, Tomáš (advisor)
This paper describes methods and procedures used for object file format conversions. It introduces several commonly used formats (ELF, PE, E32Image, DEX) and project Lissom's object file format (LOFF). It contains basic information about libraries manipulating these formats and a description of a new library managing E32Image. The primary objective is to implement a program converting files between common formats and LOFF. This problem is solved by mapping all critical information from one format structures to another. To accomplish this task, it was necessary to modify and extend some features of Lissom object format. The result is the plugin based application capable of creating valid and runnable executable files in mentioned formats.
|
|
|
Analysis of C Code for Testing of Decompilation
Dítě, Viktor ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
The goal of this thesis is to extend framework for creation of regression tests with new functionality for analysis of C code. This framework is created in Python language and uses clang compiler for analysis of source code. The thesis contains description of area of reverse engineering and decompiler developed in AVG company. Then the area of software testing and C language are briefly introduced. Following chapters describe proposed and implemented extensions. These extensions are presented in sample tests. Summary of the results can be found in conclusion.
|
|
|
LLVM IR Optimizations for Decompilation
Kollár, Jaroslav ; Chaloupka, Jan (referee) ; Matula, Peter (advisor)
This master's thesis describes the design and implementation of optimizations in the middle-end part of a retargetable decompiler developed by AVG Technologies. The purpose of these optimizations is to improve readability of the produced source code and improve existing optimizations in the back-end part. In the introduction, basic information about reverse engineering and decompilation is provided. Then, a description of state of the retargetable decompiler before this work is given. After that, the main part of this work is presented, which describes the design and implementation of the proposed optimizations. Then, the techniques that were used for testing are described. This description is followed by a summary of the achieved results. The present work is concluded by a discussion of possible future development.
|
|
|
Generic Reverse Compilation to Recognize Specific Behavior
Ďurfina, Lukáš ; Šaloun, Petr (referee) ; Zahradnický,, Tomáš (referee) ; Kolář, Dušan (advisor)
Práce je zaměřena na rozpoznávání specifického chování pomocí generického zpětného překladu. Generický zpětný překlad je proces, který transformuje spustitelné soubory z různých architektur a formátů objektových souborů na stejný jazyk na vysoké úrovni. Tento proces se vztahuje k nástroji Lissom Decompiler. Pro účely rozpoznání chování práce zavádí Language for Decompilation -- LfD. LfD představuje jednoduchý imperativní jazyk, který je vhodný pro srovnávaní. Konkrétní chování je dáno známým spustitelným souborem (např. malware) a rozpoznání se provádí jako najítí poměru podobnosti s jiným neznámým spustitelným souborem. Tento poměr podobnosti je vypočítán nástrojem LfDComparator, který zpracovává dva vstupy v LfD a rozhoduje o jejich podobnosti.
|
|
|
Code Structuring in Decompiler Back-End
Porwolik, Tomáš ; Kučera, Jiří (referee) ; Matula, Peter (advisor)
This thesis deals with a decompilation tool which converts low-level binary code to a high-level representation. This tool is being developed by AVG Technologies. The aim of this work is to design and implement a method for code structuring in the decompiler back-end. The designed method works by traversing the control-flow graph with matching of predefined patterns. It is not always possible to structure code using conditional statements and loops. Sometimes also goto statements must be used. The implemented solution is compared with the original solution in the decompiler. According to the results the new solution is faster, better tested, but in greater number of test cases generates invalid code. From the viewpoint of structuring the results are different and sometimes the code is structured better, but sometimes worse.
|
|
|
Advanced Analysis of Control Flow in Malware
Porwolik, Tomáš ; Matula, Peter (referee) ; Ďurfina, Lukáš (advisor)
This thesis deals with the tool for decompilation of binary code to high-level programming language. This tool is being developed within the project Lissom. The aim of this work is the implementation of advanced analysis in control flow. This work is focused on reconstruction the switch statement and calling function through pointer. These problems are solved by adding new methods to control flow analysis. They are described in detail and solution is proposed, implemented and tested. Created solution allows reconstruct the switch statement in most cases and calling function through pointer in simpler cases. The contribution of this work is an improvement of the tool for decompilation in case that decompiled programs use these advanced structures.
|
|
|
Extension of Tool for Executable-File Analysis
Zavoral, Milan ; Ďurfina, Lukáš (referee) ; Matula, Peter (advisor)
This work deals with extension of a tool for executable-files analysis, which is a~part of a retargetable decompiler developed within the Lissom project. This thesis has two main goals. Firstly, it is necessary to analyze the original implementation of this tool and to find its drawbacks. Secondly, we have to implement a whole new tool without the lacks of its predecessor. This solution must be a full-featured analyzer of executable files. Within this thesis, we also focus on accuracy of compiler and packer detection. Among others, this task is achieved by using special heuristics technics of detection that can also recognize polymorphic packers. In the conclusion, the achieved results of this work and their contribution for the retargetable decompiler are discussed.
|
|
|
Decompilation of PowerPC Applications
Mišák, Ján ; Matula, Peter (referee) ; Ďurfina, Lukáš (advisor)
This bachelor thesis deals with the implementing of decompilation of PowerPC applications feature into a decompiler´s front-end. It also contains basic information about PowerPC architecture and information about the Lissom decompiler, especially its front-end. The goal of this work is to implement a feature into the front-end of the decompiler, which provides decompilation of PowerPC binaries. As a result of this bachelor thesis I have created and implemented a couple of analyses as a C++ classes and I have also fixed some earlier implemented code to achieve the required functionality.
|
|
|
Utilization of Compiler Information in Decompilation
Rudolf, Josef ; Ďurfina, Lukáš (referee) ; Křoustek, Jakub (advisor)
This thesis deals with the tool for decompilation of binary code into a higher level language, which is being developed as a part of the Lissom project. In this thesis, we present a method to improve efficiency of extraction of information from binary files, based on the detected compiler. Namely the extraction of parameters, return types and names of function from symbol names via the so-called demangling. As a part of this thesis, differences between mangling schemes of different compilers are compared. Afterwards, the implementation of the demangler is described and finally, demangler is tested and demangling success rate is compared for mangled names created by different compilers. The subsequent task is to propose and implement better integration of tools in preprocessing and front-end parts of the Lissom decompiler and optimize parameter distribution among them.
|
guest ::
