Research On Completeness Of Static Binary Translation And Analysis Of Code

Binary translation is an important means to migrate code from one platform to another.Static binary translation has the advantages of high execution performance, good reusability ofthe generated program and low expansion rate of code; however, dynamic or a combination ofstatic and dynamic binary translation is being focus in the domain of binary translation. The mainreason is that static binary translation has some problems of its completeness, such as it cannotdeal with indirect jump, indirect call and self-modifying code well.The completeness of static binary translation is not only a hotspot but also a difficulty inthis area. Many researchers have committed themselves to it for nearly half a century. Thisdissertation is mainly applied to resolve the problems that block the development of static binarytranslation. It aims to solve the problem of determining targets of indirect jump or indirect call,to deal with self-modifying code. In addition, it tends to recover data types and distinguishbetween library function and user function which has the same name with the library function.The main contributions of this dissertation are as follows:1. We propose and design a sub-static binary translation framework and use it to resolve theproblems that block the development of static binary translation. The translator used in theframework needs a control and guide file as its input besides the original input. In other words,the input of the translator is a mixture of a binary executable, which needs to be translated, and acorresponding control and guide file of the binary executable. When the binary executable istranslated, the information provided by the control and guide file is used to resolve the problemsinduced by indirect jump, indirect call and self-modifying code.2. A new conception of function block is presented. Function block is a concept of programpartition based on the description of code’s function, and it is proposed with the aim offacilitating program analysis. Due to program analysis technologies which based on basic blockare not conducive to extract the targets of indirect branch instruction, this dissertation raises ananalysis method based on function block for determining targets of indirect jump or indirect callinstructions.3. A technology of reverse construction of execution path is proposed. Using this reverseconstruction technology, an execution path, which starts at the entry point and ends at an indirectbranch instruction, can be constructed. This can effectively decrease the complexity andconsumption of space and time for obtaining targets of indirect branch instructions.4. A data type recovery technology, which based on memory operation codes and debugginginformation, is presented. Based on memory access operations and simulation of stack and datasection, this thesis proposes an algorithm for data type recovery. Using this type recoveryalgorithm to deal with binaries, all elementary data types, pointer and string used in C languagecan be recovered successfully. In addition, an aggregate data type can be recovered as equivalentelementary data types.5. A technology is proposed to distinguish between library function and user function which has the same name with the library function. Since the fast library functions recognizingtechnology used in ITS binary translation system can not deal with user function which has alibrary function’s name, a new algorithm is presented in this dissertation to solve the problemcaused by user function which has a same name with library function.6. An algorithm is raised to process self-modifying code. It integrates snapshot and datacoherency maintenance technologies to execute a program traversal, for the purpose ofidentifying self-modifying code and extracting corresponding execution code of them.We have tested all the technologies, which are described in this dissertation, against1800IA-64binary executables of SPEC2006, IEEE floating-point test software, Fortran78test suite,and so on. The test results verify the correctness and validity of all the technologies. Finally, itprovides a solid foundation for resolving the problems that block the development of staticbinary translation and the problems of code analysis.