Paper Appeared at 14th Conference on Compiler Construction
Posted 20 May 2005
The paper Codesurfer/x86—A Platform for Analyzing x86
Executables by Gogul Balakrishnan (pictured at left), Radu
Gruian, Thomas Reps (pictured at right), and Tim Teitelbaum
appeared at the 14th International Conference on Compiler
Construction. The conference was held in April in Edinburgh,
Scotland. Gogul presented the paper at the conference.
CodeSurfer/x86 is a prototype system for analyzing x86 executables. It uses a static-analysis algorithm called value-set analysis (VSA) to recover intermediate representations that are similar to those that a compiler creates for a program written in a high-level language. A major challenge in building an analysis tool for executables is in providing useful information about operations involving memory. This is difficult when symbol-table and debugging information is absent or untrusted. CodeSurfer/x86 overcomes these challenges to provide an analyst with a powerful and flexible platform for investigating the properties and behaviors of potentially malicious code (such as COTS components, plugins, mobile code, worms, Trojans, and virus-infected code) using (i) CodeSurfer/x86's GUI, (ii) CodeSurfer/x86's scripting language, which provides access to all of the intermediate representations that CodeSurfer/x86 builds for the executable, and (iii) GrammaTech's Path Inspector, which is a tool that uses a sophisticated pattern-matching engine to answer questions about the flow of execution in a program.
