Research On Function Identification And Recovery Technology In Static Binary Translation Basing On Software Conventions

Binary Translation is an important technique to resolve the problem of software migration. It has significant meanings in many fields, such as legacy code migration, program optimization and system security, and becomes popular in modern compiler technique research. Because of the limitations of static binary translation, most research efforts are put on dynamic binary translation methods or combining static and dynamic binary translation methods. The technique of pure static binary translation needs to be improved urgently.The dissertation introduces the research background and some means of binary translation first, then analyzes the traditional difficulties in static binary translation and the new ones that introduced by the new architecture: IA-64. Basing on the deep analysis on IA-64 software conventions, we discuss how to use software conventions to solve difficulties in static binary translation. Using the static binary translator ITA that developed by us as an experimental platform, the dissertation put forward some algorithms and strategies to solve some problems and difficulties that related to procedure identification and function recovery. The test results prove that by imposing software conventions, we can expand the ability of static binary translation significantly.The main contributes of the dissertation are:1. We analyze the new characteristices of IA-64 architecture and compiling technology, investigate their effect on static binary translation.2. We design and implement a static binary translator: ITA, with which we do our research on static binary translation, it can be used as the experimental platform for the deeper research on binary translation technique.3. We propose an algorithm to address the main entry point for ELF64 binary files. Basing on the loading mechanism of ELF64 binaries, and from the parameter passing conventions for_start routine and function _ libc_start_main, ITA can analyze and identify the entry point for function main aotumatically under the condition of no symbol information.4. We raised an algorithm to recover the name of IA-64 library functions. The innovation of the algorithm is from the IA-64 dynamic linking mechanism, by analyzing the relationships among multiple segments, construct the mapping between library function's name and the calling address.5. We propose a prologue identification strategy. Basing on lazy-excuting, we delayed the time of procedure identification. The strategy can be used to handle the binary code compiled by...