| The quick locating of key functions is a valid method to improve the efficiency ofsoftware reverse analysis. It can not only narrow the scope of analysis but also reduce itscomplexity. In the field of software reverse engineering, locating key functions is mostlybased on manual analysis. There is no mature and general theory or tools until now. This thesissummarizes the existing manual analysis methods and then employs dynamic binary analysis(DBA) techniques to locate the key functions.This thesis first introduces the concept, significance and development status of locatingtechniques of key functions and analyzes the shortcomings of existing methods. Furthermorethis thesis proposes two kinds of key function locating methods. They are based on API callsanalysis and program execution trace comparison respectively. In the former method, thisthesis monitors the execution of running application using DBA and collects the informationof its API calls, threads, executable modules, string references and windows messages. Basedon this information, this thesis locates the key functions by analyzing API calls correlation andmessages. In the latter method, this thesis obtains the execution trace of programs in grain offunction call, and then locates key functions by comparing the function call set and callingsequence. In order to improve efficiency and precision of locating, a function clusteringalgorithm is applied to eliminating noise data in comparison result, as well as a biologicalsequence alignment technique is used in calling sequence alignment.Finally, this thesis designs and implements a key-functions-locating prototype systembased on Pin. The system is tested with various different applications and the results show thatit can locate the key functions quickly and accurately. |
PDF Full Text Request