| Decompilation is one of most important methods in the field of software reverse analysis,which goal is to generate a functionally equivalent high-level programming language from aprogram in a low-level language. It plays an important role in code translation, softwarecomprehension and maintenance. As the fleetly increment of software from internet, the effect ofdecompilation in software usability and safety becomes prominent. As the key step ofdecompilation, data type reconstruction has a great significance in improving the readability ofprogram.The dissertation proposes a method of type reconstruction based on the framework ofcombining of static and dynamic analysis. We first obtain the type of variables realated withparameters and returns of functions in the context, and then give the type extraction rulesaccording to the BIL intermediate language, which can help us extract the type of BILinstructions; According to the different operation style among statements, we infer the unknowntypes with the obtained ones through three properties of the type variable; Considering theambiguity between integer and pointer, a auxiliary determination method is presented.Meanwhile, a bidirectional type propagation technology based on the data flow analysisframework is proposed, the inferred type can be refined by solving the type equation; Accordingto the characteristics of addressing and storage of complex data structure, we can infer thememory layout of which by equivalence partitioning, and finally deduce the type of complexdata structure through the basic type.A prototype tool for type reconstruction is implemented in this dissertation, amounts of testsvalidate the effectiveness and correctness of our approaches mentioned above, which can providegratifying results for decompilation. |
PDF Full Text Request