String analysis for x86 binaries

Mihai Christodorescu, Nicholas Kidd, and Wen-Han Goh.

In 6th Workshop on Program Analysis for Software Tools and Engineering (PASTE).

Lisbon, Portugal, March 2005.

All student authors.

Information about string values at key points in a program can help program understanding, reverse engineering, and forensics. We present a static-analysis technique for recovering possible string values in an executable program, when no debug information or source code is available. The result of our analysis is a regular language that describes a superset of the string values possible at a given program point. We also impart some of the lessons learned in the process of implementing our analysis as a tool for recovering C-style strings in x86 executables.

Paper: [pdf]

This page updated April 05, 2006.