Analyzing Memory Accesses in x86 Executables

Abstract

This paper concerns static-analysis algorithms for analyzing x86 executables. The aim of the work is to recover intermediate representations that are similar to those that can be created for a program written in a high-level language. Our goal is to perform this task for programs such as plugins, mobile code, worms, and virus-infected code. For such programs, symbol-table and debugging information is either entirely absent, or cannot be relied upon if present; hence, the technique described in the paper makes no use of symbol-table/debugging information. Instead, an analysis is carried out to recover information about the contents of memory locations and how they are manipulated by the executable.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2006
Accession Number
ADA449077

Entities

People

  • Gogul Balakrishnan
  • Thomas Reps

Organizations

  • University of Wisconsin Madison Department of Computer Science

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Abstracts
  • Addressing
  • Algorithms
  • Assembly
  • Boundaries
  • Compilers
  • Computer Programs
  • Computer Science
  • Concrete
  • Convex Sets
  • Debugging
  • Disassembly
  • Errors
  • High Level Languages
  • Instructions
  • Language
  • Machine Languages

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computer Programming and Software Development.
  • Cybersecurity.
  • Database Systems and Applications