Research On Library Function Identification Technology In Assemble Level Program Auxiliary Analysis

Assemble level program auxiliary analysis is an important way in existing software systems reverse analyzing. Identify the library function module and mark them can significantly improve the readability of reverse analysis results. It is also conductive to understand the intentions of the software better and analyze the software features easier. So it is important to do research on library function identification technology.First of all, the thesis analyzes traditional library function identification technologies. On this basis, a general system framework of library function identification is proposed. Because there are some differences between system library function and field library function in the field of complier relation and so on, the framework is divided into two parts as system library function identification and field library function identification. In this way the work of library function identification is done hierarchically. For system library function identification, a technique based on graph isomorphism theory is put forward. On the basis of extracting the control flow graph(CFG) of functions, determine whether the CFG of the function to be identified is isomorphic to the candidate library function by graph constant filtering,structural comparing. Supplemented with instruction graphical comparison, the thesis can realize function identification at the semantic level. For field library function identification, a technique based on coarse-grained match is proposed. By constructing the coarse-grained matching feature database, using coarse-grained matching to determine which field libraries are used in the files to be identified. At last, load the appropriate library signatures to complete the final precise identification.At last, designs and realizes a prototype system of library function identification. The system is tested with a group of open source soft wares which are under different platforms. The testing results show that the system can accomplish the library function identification work accurately and effectively. Comparing with traditional methods, the function identification rate and the identification accuracy have improved.