Research On Instruction Set Simulation Echnology For Binary Analysis

Binary Analysis plays an important role in guaranteeing system safety and availability, andInstruction Set Simulation is of great significance for dynamic analysis of binaries. Currently, thetrend of binaries to be analyzed is towards diverse in instruction set. However, most of existingsimulators can only deal with a specific instruction set, which makes research on instruction setsimulation for binary analysis imperative in practice.Taking the research on National “863” Project2009AA01Z434as background, this thesisstudies related theories and technologies of multi-target instruction set simulation based onvirtual instruction set, in the need of supporting binaries of various architectures. The maincontents and contributions of this thesis are as follows:1. After the studies on instruction set simulation strategies and muti-target instruction setsimulation technologies, a multi-target instruction set simulation framework based on virtualinstruction set is proposed. For current simulation frameworks have shortages, such asdependency on souce code, ignorance of self-modifying code, the proposed framework modifiessimulation strategy, translator structure and the position of decoder, etc.2. This thesis analyzes characteristics that the virtual instruction set architecture is supposedto have, and proposes a method for developing virtual instruction set. The method first builds theminimal complete instruction set, then expands it based on factors that influence simulationefficiency. In order to dispose achitecture differences and reduce simulator design redundancies,the Extensible Virtual Instruction Set Architecture EVISA is designed based on the method.3. This thesis gives state mapping scheme from target instruction sets to EVISA, introducesRule-Based Reasoning (RBR) into the virtual instruction translation, and designes andimplements a translator based on RBR. The translator takes results of instrucion decoder as theinput to match the instrucion translation rules, which takes full advantage of semanticinformation of target instruction, and makes the translator extensible.4. An instruction set simulator based on EVISA is designed and implemented, which cansimulate multiple instruction sets. Furthermore, the simulator contains debug module andinterface with other binary analysis tools, which maks it easy to use for binary analyzers.Through the tests on the translator and simulator, the correctness and validity of the usedapproaches and technologies have been well proved.The research achievement of the thesis has been applied to the muti-target firmware codeanalysis platform which was developed for the National “863” Project2009AA01Z434. Theplatform can analyze binaries of MCS-51, ARM and IA-32instruction set, and has gainedacceptance of the “863” Experts Group.