Binary Code Disassembly for Reverse Engineering
Keywords:
disassembly, reverse engineering, native and intermediate code.Abstract
The disassembly of binary file is used to restore the software application code in a readable and understandable format for humans. Further, the assembly code file can be used in reverse engineering processes to establish the logical flows of the computer program or its vulnerabilities in real-world running environment. The paper highlights the features of the binary executable files under the x86 architecture and portable format, presents issues of disassembly process of a machine code file and intermediate code, disassembly algorithms which can be applied to a correct and complete reconstruction of the source file written in assembly language, and techniques and tools used in binary code disassembly.References
Ashkbiz Danehkar, Inject your code to a Portable Executable file, 27 December 2005, http://www.codeproject.com
Cătălin Boja, Security Survey of Internet Browsers Data Managers, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 3, 2011, pp. 109 – 119
Cătălin Boja, Mihai Doinea, Security Assessment of Web Based Distributed Applications, Informatica Economică, vol. 14, no. 1, 2010, pp. 152 – 162
Cristian Toma, Security Issues for 2D Barcodes Ticketing Systems, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 1, 2011, pp. 34 – 53
Cristian Toma, Sample Development on Java Smart-Card Electronic Wallet Application, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 1, no. 2, 2009, pp. 60 – 80
Cullen Linn, Saumya Debray, Obfuscation of Executable Code to Improve Resistance to Static Disassembly, Proceedings of the 10th ACM Conference on Computer and Communications Security, ACM New York, NY, USA, 2003, pp. 290 – 299
Giovanni Vigna, Static Disassembly and Code Analysis, Malware Detection. Advances in Information Security, Springer, Heidelberg, vol. 35, 2007, pp. 19 – 42
Hardik Shah, Software Security and Reverse Engineering, http://www.infosecwriters.com/text_resources/pdf/software_security_and_reverse_engineering.pdf
Henrik Theiling, Extracting Safe and Precise Control Flow from Binaries, Proceedings of the Seventh International Conference on Real-Time Systems and Applications, IEEE Computer Society Washington, DC, USA, 2000, pp. 23 – 30
Marius Popa, Techniques of Program Code Obfuscation for Secure Software, Journal of Mobile, Embedded and Distributed Systems – JMEDS, vol. 3, no. 4, 2011, pp. 205 – 219
Marius Popa, Characteristics of Program Code Obfuscation for Reverse Engineering of Software, Proceedings of the 4th International Conference on Security for Information Technology and Communications, Bucharest, 17 – 18 November 2011, ASE Publishing House, Bucharest, pp. 103 – 112
Matt Pietrek, An In-Depth Look into the Win32 Portable Executable File Format, msdn magazine, http://msdn.microsoft.com /en-us/magazine/cc301805.aspx
Microsoft Portable Executable and Common Object File Format Specification, Revision 8.2, 21 September 2010
Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu, and Bhavani Thuraisingham, Differentiating Code from Data in x86 Binaries, Proceedings of the 2011 European Conference on Machine Learning and Knowledge Discovery in Databases - Volume Part III, Springer-Verlag Berlin, Heidelberg, 2011, pp. 522 – 536
Roberto Paleari, Static disassembly and analysis of malicious code, 5 July 2007, http://roberto.greyhats.it/talks.html
The Wikibook of x86 Disassembly Using C and Assembly Language, Wikimedia Foundation Inc., 14 January 2008
Reverse_engineering
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- The author(s) is responsible for the correctness and legality of the paper content.
- Papers that are copyrighted or published will not be taken into consideration for publication in JMEDS It is the author(s) responsibility to ensure that the paper does not cause any copyright infringements and other problems.
- It is the responsibility of the author(s) to obtain all necessary copyright release permissions for the use of any copyrighted materials in the paper prior to the submission.
- The Author(s) retains the right to reuse any portion of the paper, in future works, including books, lectures and presentations in all media, with the condition that the publication by JMEDS is properly credited and referenced.
JMEDS articles by Journal of Mobile, Embedded and Distributed Systems (JMEDS) is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at http://jmeds.eu.
Permissions beyond the scope of this license may be available at http://jmeds.eu/index.php/jmeds/about/submissions#copyrightNotice.
