|
|
Generic Reverse Compilation to Recognize Specific Behavior
Ďurfina, Lukáš ; Šaloun, Petr (referee) ; Zahradnický,, Tomáš (referee) ; Kolář, Dušan (advisor)
Práce je zaměřena na rozpoznávání specifického chování pomocí generického zpětného překladu. Generický zpětný překlad je proces, který transformuje spustitelné soubory z různých architektur a formátů objektových souborů na stejný jazyk na vysoké úrovni. Tento proces se vztahuje k nástroji Lissom Decompiler. Pro účely rozpoznání chování práce zavádí Language for Decompilation -- LfD. LfD představuje jednoduchý imperativní jazyk, který je vhodný pro srovnávaní. Konkrétní chování je dáno známým spustitelným souborem (např. malware) a rozpoznání se provádí jako najítí poměru podobnosti s jiným neznámým spustitelným souborem. Tento poměr podobnosti je vypočítán nástrojem LfDComparator, který zpracovává dva vstupy v LfD a rozhoduje o jejich podobnosti.
|
|
|
Graphical User Interface of Retargetable Decompiler
Jánský, Jiří ; Zemek, Petr (referee) ; Matula, Peter (advisor)
P { margin-bottom: 0.21cm; direction: ltr; color: rgb(0, 0, 0); line-height: 150%; widows: 2; orphans: 2; }P.western { font-family: "Times New Roman",serif; font-size: 11pt; }P.cjk { font-family: "Times New Roman",serif; font-size: 11pt; }P.ctl { font-family: "Times New Roman",serif; font-size: 12pt; } The thesis deals with creating a graphic interface for disassembler of project Lissom, which is controlled from command line. The dissasembler produces a translated code and graphs of functions calling and flow control. The mentioned outputs of the disassembler shows, functionally connects and adds to each representations of outputs useful features.
|
|
|
Code Transformation Applied to Decompilation
Šomlo, Ivan ; Bidlo, Radek (referee) ; Meduna, Alexandr (advisor)
This thesis discusses the decompilation process and its phases. Decompilation is the reverse process of compilation. Its goal is to transform input program, usually in machine code, into functionally equivalent form in some high level language. The thesis describes disassembling, intermediate code generation, basic block analysis, optimization, data flow analysis, code flow analysis and output code generation.
|
|
|
Tools for Executable File Format Conversions
Matula, Peter ; Husár, Adam (referee) ; Hruška, Tomáš (advisor)
This paper describes methods and procedures used for object file format conversions. It introduces several commonly used formats (ELF, PE, E32Image, DEX) and project Lissom's object file format (LOFF). It contains basic information about libraries manipulating these formats and a description of a new library managing E32Image. The primary objective is to implement a program converting files between common formats and LOFF. This problem is solved by mapping all critical information from one format structures to another. To accomplish this task, it was necessary to modify and extend some features of Lissom object format. The result is the plugin based application capable of creating valid and runnable executable files in mentioned formats.
|
|
|
Java AST Query Language
Bílek, Jiří ; Matula, Peter (referee) ; Křivka, Zbyněk (advisor)
The purpose of this thesis is to design a Java AST query language and implement tool that uses the query language. This work overviews graph databases and their libraries with focus on Neo4J and Titan. This thesis overviews tools Java bytecode analysis as well. Libraries Procyon and BCEL are described in detail. The work includes a proposal the query language and detailed description of the tool implementation, together with the detailed description of the way how Java entities are stored into the graph databases. In the end, the work deals with experiments and the evaluation of the time complexity of the library.
|
|
|
Analysis of C Code for Testing of Decompilation
Dítě, Viktor ; Kolář, Dušan (referee) ; Matula, Peter (advisor)
The goal of this thesis is to extend framework for creation of regression tests with new functionality for analysis of C code. This framework is created in Python language and uses clang compiler for analysis of source code. The thesis contains description of area of reverse engineering and decompiler developed in AVG company. Then the area of software testing and C language are briefly introduced. Following chapters describe proposed and implemented extensions. These extensions are presented in sample tests. Summary of the results can be found in conclusion.
|
|
|
Decompilation of High-Level Constructions in C++ Binaries
Jakub, Dušan ; Křivka, Zbyněk (referee) ; Matula, Peter (advisor)
The thesis addresses the decompilation of high-level object-oriented C++ language from a machine code. The term reverse engineering is defined and existing decompilers are described with emphasis on their ability to reconstruct C++. AVG decompiler project is introduced, to which this thesis contributes. C++ language is analysed, both on a logical level and in the machine code and existing methods of decompilation are described. On this basis a novel method is introduced, capable of decompiling classes, their hierarchy, constructors, destructors and definitions and usages of virtual methods. The method is implemented, tested and evaluated. In the conclusion, several suggestions for future development of this project are presented.
|
|
|
Code Structuring in Decompiler Back-End
Porwolik, Tomáš ; Kučera, Jiří (referee) ; Matula, Peter (advisor)
This thesis deals with a decompilation tool which converts low-level binary code to a high-level representation. This tool is being developed by AVG Technologies. The aim of this work is to design and implement a method for code structuring in the decompiler back-end. The designed method works by traversing the control-flow graph with matching of predefined patterns. It is not always possible to structure code using conditional statements and loops. Sometimes also goto statements must be used. The implemented solution is compared with the original solution in the decompiler. According to the results the new solution is faster, better tested, but in greater number of test cases generates invalid code. From the viewpoint of structuring the results are different and sometimes the code is structured better, but sometimes worse.
|
|
|
Decompilation of AArch64 Binaries in RetDec Decompiler
Kašťák, Matej ; Křivka, Zbyněk (referee) ; Kolář, Dušan (advisor)
The goal of this thesis is to propose and implement a decompiler for the AArch64 architecture. The thesis firstly introduces the concept of reverse engineering, then analyzes the ARM processor platform and architecture of RetDec decompiler from Avast company. In the next chapters, we describe the design and implementation of a module for RetDec. The~purpose of this module is to decompile machine code into LLVM IR instructions which are further processed by LLVM passes. This leads to decompilation to a higher level language.
|
|
|
Decompilation from Selected Object File Formats
Bandzi, Michal ; Láznička, Stanislav (referee) ; Matula, Peter (advisor)
Object files contain machine code that can be executed by processor unit. Structure of an object file is defined by its file format. In order to decompile an object file, it is necessary to process and convert file data to internal representation of decompiler. This thesis discusses design and implementation of new modules for file format processing that will be part of the Retargetable Decompiler project. The goal of this work is to add support for Intel HEX and Mach-O file formats and new implementation of already supported Portable Executable file format. Implementation of modules for file formats Intel HEX and Mach-O was successful and it is possible to use them for reverse compilation. Processing of PE file format is not possible in sufficient quality due to errors in used LLVM library.
|
guest ::
