Code Parse And Intermediate Language Translation Based On IDA

The reverse analysis of binary code plays an important role in program understanding. And it can be used in gaining multilevel abstract semantic representations for the program, which is of great help for algorithm identification, program structure analysis, program function recognization and later reseach of reverse analysis.Based on analyzing the traditional reverse analysis tools (such as: dcc and Boomerang) and reverse analysis tools based on IDA (such as: CodeSurfer/x86 and Hex-rays), we discover that the latter ones can simplify the analysis of the traditional reverse process, but can not get multilevel abstract semantic representations which can be generated in the traditional reverse process. In order to combine the advantages of both them above, this thesis designs the reverse analysis framework based on IDA, which support the analyzing on multilevel abstract semantic representations, and then realizes code parsing and intermediate language translation in the framework. In the process of code parsing, we analyze the information of disassembly result and inner data expression in the IDA, study the open developing framework, and define the information model of disassembly result and the algorithms based on IDA SDK function for extracting disassembly result. In the process of intermediate language translation, we define an intermediate language representation which is absolutely made of operators in the high level language, and also design an intermediate language translation dictionary, then introduce a method which can directly form every intermediate language describing template in the dictionary, and finally realize the transformation of disassemble code exported from IDA into intermediate language codes.Finally, we implement the prototype tool (Reversesuite Frontier) including the code parsing model based on IDA and the intermediate language translation model, which serve the later data flow analysis model and algorithm identification system. And the result of test shows that: it achieves the purpose of code reverse analysis and algorithms identification on the multilevel abstract semantic representations.