| Control flow analysis is an essential step for Software Reverse Engineering. The later analysis is also based on it. It can sort out the relationship of the program’s jump, which can clearly reflect the program’s general process and control structure.This article is a study of a radar DSP program’s control flow recovery, in which describes how to extract high-level control structures from a linear sequence of instructions, such as sequential structure、loop structure、branch structure and finally recovery the program’s control flow. The whole process is divided into front-end processing、intermediate processing,、and back-end processing. The key information is extracted from the assembly code in front-end stage. In intermediate stage, by identify jump keywords, assembly code is divided into basic blocks. These basic blocks are seen as a set of control flow graph’s nodes. According to the characteristics of basic blocks, the program jump relationship is added to the control flow graph as edges. Thus a control flow graph which reflects the program jump relations is established. Each node’s must pass through set can be obtained by traverse the control flow graph. Based on it, key elements to identify the branched structure and loop structure are given in this paper. During traversal, the branch structure is marked, according to the characteristics of the branch structure. Back edge and parentheses theorem is used to identify loop structure. The results of control flow recovery are processed in back-end stage.In this way, control flow graph of this DSP program and potential branch structure、loop structure are reconstructed. The test results show that this method is greatly improved the efficiency of software reverse analysis. |
PDF Full Text Request