• Title/Summary/Keyword: Binary Code Analysis

Search Result 125, Processing Time 0.032 seconds

Design and Implementation of Framework for Static Execution Flow Trace of Binary Codes (이진 코드의 정적 실행 흐름 추적을 위한 프레임워크 설계 및 구현)

  • Baek, Yeong-Tae;Kim, Ki-Tae;Jun, Sang-Pyo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.6
    • /
    • pp.51-59
    • /
    • 2011
  • In domestic, the binary code analysis technology is insufficient. In general, an executable file that is installed on your computer without the source code into an executable binary files is given only the most dangerous, or because it is unknown if the action is to occur. In this paper, static program analysis at the binary level to perform the design and implementation framework. In this paper, we create a control flow graph. We use the graph of the function call and determine whether dangerous. Through Framework, analysis of binary files is easy.

An LLVM-Based Implementation of Static Analysis for Detecting Self-Modifying Code and Its Evaluation (자체 수정 코드를 탐지하는 정적 분석방법의 LLVM 프레임워크 기반 구현 및 실험)

  • Yu, Jae-IL;Choi, Kwang-hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.171-179
    • /
    • 2022
  • Self-Modifying-Code is a code that changes the code by itself during execution time. This technique is particularly abused by malicious code to bypass static analysis. Therefor, in order to effectively detect such malicious codes, it is important to identify self-modifying-codes. In the meantime, Self-modify-codes have been analyzed using dynamic analysis methods, but this is time-consuming and costly. If static analysis can detect self-modifying-code it will be of great help to malicious code analysis. In this paper, we propose a static analysis method to detect self-modified code for binary executable programs converted to LLVM IR and apply this method by making a self-modifying-code benchmark. As a result of the experiment in this paper, the designed static analysis method was effective for the standardized LLVM IR program that was compiled and converted to the benchmark program. However, there was a limitation in that it was difficult to detect the self-modifying-code for the unstructured LLVM IR program in which the binary was lifted and transformed. To overcome this, we need an effective way to lift the binary code.

Static Control Flow Analysis of Binary Codes (이진 코드의 정적 제어 흐름 분석)

  • Kim, Ki-Tae;Kim, Je-Min;Yoo, Weon-Hee
    • The Journal of the Korea Contents Association
    • /
    • v.10 no.5
    • /
    • pp.70-79
    • /
    • 2010
  • We perform static program analysis for the binary code. The reason you want to analyze at the level of binary code, installed on your local computer, run the executable file without source code. And the reason we want to perform static analysis, static program analysis is to understand what actions to perform on your local computer. In this paper, execution flow graph representing information such as the execution order among functions and the flow of control is generated. Using graph, User can find execution flow of binary file and calls of insecure functions at the same time, and the graph should facilitate the analysis of binary files. In addition, program to be run is ensured the safety by providing an automated way to search the flow of execution, and program to be downloaded and installed from outside is determined whether safe before running.

Efficient Similarity Analysis Methods for Same Open Source Functions in Different Versions (서로 다른 버전의 동일 오픈소스 함수 간 효율적인 유사도 분석 기법)

  • Kim, Yeongcheol;Cho, Eun-Sun
    • Journal of KIISE
    • /
    • v.44 no.10
    • /
    • pp.1019-1025
    • /
    • 2017
  • Binary similarity analysis is used in vulnerability analysis, malicious code analysis, and plagiarism detection. Proving that a function is equal to a well-known safe functions of different versions through similarity analysis can help to improve the efficiency of the binary code analysis of malicious behavior as well as the efficiency of vulnerability analysis. However, few studies have been carried out on similarity analysis of the same function of different versions. In this paper, we analyze the similarity of function units through various methods based on extractable function information from binary code, and find a way to analyze efficiently with less time. In particular, we perform a comparative analysis of the different versions of the OpenSSL library to determine the way in which similar functions are detected even when the versions differ.

Design of DC-free and minimum bandwidth binary line codes by look-up table (조견표를 이용한 무직류 및 최소대역폭 이진선로부호의 설계)

  • 장창기;주언경
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.21 no.10
    • /
    • pp.2653-2659
    • /
    • 1996
  • In this paper, DC-free and minimum bandwidth binary line codes with look-up table are proposed and their performances are analyzed. As results of performance analysis, the proposed codes are shown to have spectral nulls at DC and Nyquist frequency. Among the proposed codes, binary line codes of which both codeword digital sum and alternating digital sum are zero have lower code rate but better spectral characteristics. Furthermore, binary line codes which consist of all codewords including those with nonzero digital sum and alternating digital sum have worese spectral characteristics but higher code rate.

  • PDF

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution (동적 기호 실행을 이용한 그래프 기반 바이너리 코드 실행 경로 탐색 플랫폼)

  • Kang, Byeongho;Im, Eul Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.437-444
    • /
    • 2014
  • In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

Optimum Inner and Outer Code Rates for Concatenated Codes in Gaussian Binary Symmetric Channels (가우시안 이진 대칭 채널에서 쇄상부호의 최적 내.외 부호율에 관한 연구)

  • Lee, Ye Hoon
    • Journal of Satellite, Information and Communications
    • /
    • v.9 no.2
    • /
    • pp.110-113
    • /
    • 2014
  • In this paper, we address a problem of finding the optimum inner and outer code rates for a concatenated code in Gaussian binary symmetric channels. Clearly, as the inner code rate decreases, the error detection capability of the inner code increases. However, decreasing the inner code rate implies a decrease in error-correction capability of the outer code when overall code rate is fixed. With this notion in mind, we examine the optimum distribution of redundancy on the outer and inner codes to achieve a maximum performance gain in the concatenated coding scheme. Our analysis shows that the maximum coding gain can be obtained when the inner code rate is maximized and the outer code rate is minimized under the constraint of total code rate is fixed.

Design and Analysis of a Minimum Bandwidth Binary Line Code MB34 (최소대역폭 2진 선로부호 MB34의 설계 및 분석)

  • 김정환;김대영
    • Journal of the Korean Institute of Telematics and Electronics A
    • /
    • v.29A no.8
    • /
    • pp.10-17
    • /
    • 1992
  • A new line code design technique based on the BUDA(Binary Unit DSV and ASV) concept is introduced. The new line code called MB34 and designed by this new technique is of the minimum bandwidth, dc-free, and runlength limited. To confirm the performance of the new code, its power spectrum and eye pattern are obtained, wherein spectral nulls at dc(f=0) and Nyguist frequency (f=1/2Ts) are clearly identified. It is also discussed how the transmission errors can be detected by monitoring the DSV, the ASV, and the runlength.

  • PDF

Design and Analysis of Binary Line Code MB46 (2진 선로부호 MB46의 설계 및 분석)

  • 김정환;김대영
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.17 no.9
    • /
    • pp.963-971
    • /
    • 1992
  • A (4,6) block binary line code is proposed. In addition to being de-free and runlength-limited, the new code called MB46 is strictly bandwidth-limited to the Nyquist frequency, thus achieving improved bandwidth efficiency over previously known binary line code. A technique specially employed in the design of the code is described in depth, and some performance measures including the eye pattern and the power spectrum are presented as obtained by simulation.

  • PDF