| As an important part of the software reverse engineering, decompilation is playing a key role.in support of the executable code analyzing and maintaining. The research started in 1960, when the decompiler tools were developed for software transportation, which was aiming at the specified software for a special purpose. , With the development of the software technology, it increasingly becomes more important for studying, understanding, altering, maintaining and reusing of the existing software. In the case of not invading the copyright (or haying been licensed), it has good and wide prospects in digesting, absorbing and localizing of those introducing software. Nowadays software-reusing technology is widely adopted with a great deal of third-party component and mid-ware, and it would potentially threaten those critical security systems. Decompilation system will find out a new application area.Decompilation is the recognition process of high-degree intelligence and the inference process from incomplete information. The research of it began early, but no one can build a systemic theory and method by now. Besides, the target and its content are changing with the development of computer science and technology. Especially in those security area, such as war industry and aerospace science, some important software must.be consistent by verifying with source file and binary code, by the way of de-compiling.Based/upon above reason, the author has been exploring and researching on the theories, methods and technologies of de-compilation for recent years, especially on some, key question affecting the practicability of de-compilation system. By introducing to A.I., pattern-matching and program-transforming technology, deeply analyzing and synthesizing were making in many ways. Not only obvious creative achievements were obtained in several new research area but also some improved solving methods and technologies to some existing key problem were proposed. Those achievement are:1. A method for recognizing user lib-function is proposed, which are more difficult and complex than system lib-function, and built a model of user lib-function recognition. In the .past, there are few research reports about the resumingand recognizing of user lib-function. The cause may be in many ways, but mostly it is related to the difficulty of obtaining some necessary information of user lib-function, such as the name of function, or the type of parameter. The process of recognizing can be split into two. phases based on organizational structure and program characteristic of user lib-function. Firstly, we can translate the middle-code of user lib-function into the middle-language program that, can-be de-compiled, after., that, resume corresponding functions name, parameters number, parameters type by-existing methods and technologies. Secondly, according to those, resuming, information we can construct templates of user lib-function and recognize, by the method and technology on system lib-function. These methods were used in certain military software, and got good effects.2 A method for recover of switch structure of changing semi-automatic into automation in decompiletion is proposed. It is not only important but also very difficult/This paper analyses the form and the feature and the expression of C language switch structure in executable file. A pattern .language is defined to describe the recognition pattern of switch structure boot. The design principle and the realization method are introduced about the recognition program and the recovery program of switch structure. Using these patterns , the recognition program can recognize the type of switch structure boot and obtain relating information. The recovery program using it can translate different switch structures into intermediate code in the same form . With this method a new.pattern can be easily added in decompilation system according to a new compiler or a new version.3. A new method of data types recovery by features introduced in this paper. Various, kinds o...
|
PDF Full Text Request