Analyzing Memory Accesses in x86 Executables
Gogul Balakrishnan and Thomas Reps
This paper concerns static-analysis algorithms for analyzing x86
executables. The aim of the work is to recover intermediate
representations that are similar to those that can be created for a
program written in a high-level language. Our goal is to perform this
task for programs such as plugins, mobile code, worms, and
virus-infected code. For such programs, symbol-table and debugging
information is either entirely absent, or cannot be relied upon if
present; hence, the technique described in the paper makes no use of
symbol-table/debugging information. Instead, an analysis is carried
out to recover information about the contents of memory locations and
how they are manipulated. The analysis, called value-set analysis,
tracks address-valued and integer-valued quantities simultaneously.
(Click here to access the paper:
PostScript,
PDF;
talk: Powerpoint)
University of Wisconsin