Interactive function identification decreasing the effort of reverse engineering

Fatih Kilic, Hannes Laner, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Today’s software is growing in size and complexity. Consequently analysing closed-source binaries becomes time-consuming and labour-intensive. In the common use case, the analyst is only interested in specific functions of the given application. Identifying the relevant functions is difficult since no related meta information is given. In this paper we present a framework which speeds up the reverse-engineering process using interactive function identification. We use the benefits of Dynamic Binary Instrumentation as base to collect the executed function calls. We support the analyst in filtering the relevant functions for specific functionality. Our approach is divided into three process steps. Realtime data gathering, user defined information processing/filtering and graphical representation. We show a significant speed up in the reverse engineering process using our framework. We reduce the number of executed functions to be viewed by the analyst more than 90% and due to visual components we help the analyst pre-selecting the functions on an abstract level.

Original languageEnglish
Title of host publicationInformation Security and Cryptology - 11th International Conference, Inscrypt 2015, Revised Selected Papers
EditorsDongdai Lin, Xiao Feng Wang, Moti Yung
PublisherSpringer Verlag
Pages468-487
Number of pages20
ISBN (Print)9783319388977
DOIs
StatePublished - 2016
Event11th International Conference on Information Security and Cryptology, Inscrypt 2015 - Beijing, China
Duration: 1 Nov 20153 Nov 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9589
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference11th International Conference on Information Security and Cryptology, Inscrypt 2015
Country/TerritoryChina
CityBeijing
Period1/11/153/11/15

Keywords

  • IP protection
  • Information visualisation
  • Reverse engineering
  • Security

Fingerprint

Dive into the research topics of 'Interactive function identification decreasing the effort of reverse engineering'. Together they form a unique fingerprint.

Cite this