|
|
Decompilation of Specialized and Advanced Instruction Sets
Holub, Juraj ; Kolář, Dušan (referee) ; Křivka, Zbyněk (advisor)
V dnešnej dobe je proces analýzy nebezpečného softvéru dôležitou súčasťou informačných technológií. Jedna z kľúčových techník je spätný preklad škodlivých binárnych programov. Spätný preklad je komplexný proces, ktorý rieši niekoľko projektov. Projekt RetDec sa zameriava na flexibilný návrh a riešenie spätného prekladača s možnosťou znovupoužiteľnosti. Cieľom tejto práce je zlepšenie spätného prekladu pokročilých inštrukčných sád pre architektúru x86. Bola navrhnutá nová optimalizácia pre FPU registrový zásobník. Bola rozšírená podpora prekladu inštrukčných sád jednotiek FPU a SSE. Nové rozšírenia boli implementované a otestované z hľadiska efektivity a kvality spätného prekladu.
|
|
|
Data Type Reconstruction Improvements in RetDec Decompiler
Venger, Adam ; Ryšavý, Ondřej (referee) ; Kolář, Dušan (advisor)
New malware is being continuosly developed. For its effective analysis and fight against it, tools such as decompilers are needed. Decompilation, however, is difficult problem to solve. For the improvement of its results, all of the information contained in binary files needs to be used. Some programming languages require encoding of some symbols in order to be compiled correctly. For example, when compiling functions, the parameter data types and the calling convention are encoded to the function name. This process is called mangling. Thesis deals with reverse process called demangling and its utilization for improvement of the RetDec decompiler. Created library allows demangling of symbols created by popular C++ and Delphi compilers. It combines custom solution with an existing one in the form of LLVM project demangler. Existing demangler library in RetDec was replaced with the new one, results of which are much more reliable. The reconstruction of data types was expanded to use the information obtained from encoded symbols, which resulted in more accurate decompilation.
|
|
|
Decompilation of AArch64 Binaries in RetDec Decompiler
Kašťák, Matej ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The goal of this thesis is to propose and implement a decompiler for the AArch64 architecture. The thesis firstly introduces the concept of reverse engineering, then analyzes the ARM processor platform and architecture of RetDec decompiler from Avast company. In the next chapters, we describe the design and implementation of a module for RetDec. The~purpose of this module is to decompile machine code into LLVM IR instructions which are further processed by LLVM passes. This leads to decompilation to a higher level language.
|
|
|
Decompilation of x86-64 Binaries in RetDec Decompiler
Kubov, Peter ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The goal of this thesis is to implement support for decompilation of x64 binary files in the RetDec decompiler. The thesis analyses different approaches to reverse engineering, mainly from the view of information technology. After a general classification of decompilers, thesis brings to attention one particular decompiler from Avast company-RetDec. The thesis also deals with the description of broadly used architecture x86, and it's descendant architecture x86-64. In result, the thesis provides new and extends existing classes in C++ to provide missing functionality.
|
|
|
Improving Extraction of Information From Executable Files
Hájek, Karel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.
|
|
|
Improving Extraction of Information From Executable Files
Hájek, Karel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.
|
|
|
Decompilation of Specialized and Advanced Instruction Sets
Holub, Juraj ; Kolář, Dušan (referee) ; Křivka, Zbyněk (advisor)
V dnešnej dobe je proces analýzy nebezpečného softvéru dôležitou súčasťou informačných technológií. Jedna z kľúčových techník je spätný preklad škodlivých binárnych programov. Spätný preklad je komplexný proces, ktorý rieši niekoľko projektov. Projekt RetDec sa zameriava na flexibilný návrh a riešenie spätného prekladača s možnosťou znovupoužiteľnosti. Cieľom tejto práce je zlepšenie spätného prekladu pokročilých inštrukčných sád pre architektúru x86. Bola navrhnutá nová optimalizácia pre FPU registrový zásobník. Bola rozšírená podpora prekladu inštrukčných sád jednotiek FPU a SSE. Nové rozšírenia boli implementované a otestované z hľadiska efektivity a kvality spätného prekladu.
|
|
|
Data Type Reconstruction Improvements in RetDec Decompiler
Venger, Adam ; Ryšavý, Ondřej (referee) ; Kolář, Dušan (advisor)
New malware is being continuosly developed. For its effective analysis and fight against it, tools such as decompilers are needed. Decompilation, however, is difficult problem to solve. For the improvement of its results, all of the information contained in binary files needs to be used. Some programming languages require encoding of some symbols in order to be compiled correctly. For example, when compiling functions, the parameter data types and the calling convention are encoded to the function name. This process is called mangling. Thesis deals with reverse process called demangling and its utilization for improvement of the RetDec decompiler. Created library allows demangling of symbols created by popular C++ and Delphi compilers. It combines custom solution with an existing one in the form of LLVM project demangler. Existing demangler library in RetDec was replaced with the new one, results of which are much more reliable. The reconstruction of data types was expanded to use the information obtained from encoded symbols, which resulted in more accurate decompilation.
|
|
|
Decompilation of AArch64 Binaries in RetDec Decompiler
Kašťák, Matej ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The goal of this thesis is to propose and implement a decompiler for the AArch64 architecture. The thesis firstly introduces the concept of reverse engineering, then analyzes the ARM processor platform and architecture of RetDec decompiler from Avast company. In the next chapters, we describe the design and implementation of a module for RetDec. The~purpose of this module is to decompile machine code into LLVM IR instructions which are further processed by LLVM passes. This leads to decompilation to a higher level language.
|
|
|
Decompilation of x86-64 Binaries in RetDec Decompiler
Kubov, Peter ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The goal of this thesis is to implement support for decompilation of x64 binary files in the RetDec decompiler. The thesis analyses different approaches to reverse engineering, mainly from the view of information technology. After a general classification of decompilers, thesis brings to attention one particular decompiler from Avast company-RetDec. The thesis also deals with the description of broadly used architecture x86, and it's descendant architecture x86-64. In result, the thesis provides new and extends existing classes in C++ to provide missing functionality.
|
guest ::
