Binary Code Disassembly for Reverse Engineering

Marius Popa

Abstract


The disassembly of binary file is used to restore the software application code in a readable and understandable format for humans. Further, the assembly code file can be used in reverse engineering processes to establish the logical flows of the computer program or its vulnerabilities in real-world running environment. The paper highlights the features of the binary executable files under the x86 architecture and portable format, presents issues of disassembly process of a machine code file and intermediate code, disassembly algorithms which can be applied to a correct and complete reconstruction of the source file written in assembly language, and techniques and tools used in binary code disassembly.

Keywords


disassembly, reverse engineering, native and intermediate code.

Full Text:

PDF

References


Ashkbiz Danehkar, Inject your code to a Portable Executable file, 27 December 2005, http://www.codeproject.com

Cătălin Boja, Security Survey of Internet Browsers Data Managers, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 3, 2011, pp. 109 – 119

Cătălin Boja, Mihai Doinea, Security Assessment of Web Based Distributed Applications, Informatica Economică, vol. 14, no. 1, 2010, pp. 152 – 162

Cristian Toma, Security Issues for 2D Barcodes Ticketing Systems, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 1, 2011, pp. 34 – 53

Cristian Toma, Sample Development on Java Smart-Card Electronic Wallet Application, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 1, no. 2, 2009, pp. 60 – 80

Cullen Linn, Saumya Debray, Obfuscation of Executable Code to Improve Resistance to Static Disassembly, Proceedings of the 10th ACM Conference on Computer and Communications Security, ACM New York, NY, USA, 2003, pp. 290 – 299

Giovanni Vigna, Static Disassembly and Code Analysis, Malware Detection. Advances in Information Security, Springer, Heidelberg, vol. 35, 2007, pp. 19 – 42

Hardik Shah, Software Security and Reverse Engineering, http://www.infosecwriters.com/text_resources/pdf/software_security_and_reverse_engineering.pdf

Henrik Theiling, Extracting Safe and Precise Control Flow from Binaries, Proceedings of the Seventh International Conference on Real-Time Systems and Applications, IEEE Computer Society Washington, DC, USA, 2000, pp. 23 – 30

Marius Popa, Techniques of Program Code Obfuscation for Secure Software, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 4, 2011, pp. 205 – 219

Marius Popa, Characteristics of Program Code Obfuscation for Reverse Engineering of Software, Proceedings of the 4th International Conference on Security for Information Technology and Communications, Bucharest, 17 – 18 November 2011, ASE Publishing House, Bucharest, pp. 103 – 112

Matt Pietrek, An In-Depth Look into the Win32 Portable Executable File Format, msdn magazine, http://msdn.microsoft.com /en-us/magazine/cc301805.aspx

Microsoft Portable Executable and Common Object File Format Specification, Revision 8.2, 21 September 2010

Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu, and Bhavani Thuraisingham, Differentiating Code from Data in x86 Binaries, Proceedings of the 2011 European Conference on Machine Learning and Knowledge Discovery in Databases - Volume Part III, Springer-Verlag Berlin, Heidelberg, 2011, pp. 522 – 536

Roberto Paleari, Static disassembly and analysis of malicious code, 5 July 2007, http://roberto.greyhats.it/talks.html

The Wikibook of x86 Disassembly Using C and Assembly Language, Wikimedia Foundation Inc., 14 January 2008

http://en.wikipedia.org/wiki/

Reverse_engineering


Refbacks

  • There are currently no refbacks.


Journal of Mobile, Embedded and Distributed Systems (JMEDS) ISSN: 2067 – 4074 (online)