Build Control Flow Graph In Binary Code Based On Graph Neural Network

Binary code analysis is a method for effective research and analysis of software when the source code is not available.For executable files,they are converted into assembly code through dynamic or static disassembly methods for easy analysis.Function is the most basic structure of a program.Because the binary code lacks high-level semantic information,the function cannot be found directly.Identifying the scope of functions and constructing control flow graphs based on the results of their disassembly are the basis for malicious code detection,vulnerability mining,and software optimization.The traditional binary code function control flow graph construction method needs to ensure the integrity of the binary code,so as to extract key information to construct the control flow graph.However,in network transmission,the intercepted traffic packet only contains part of the binary bytes of the malware,and lacks key file information,so it cannot be analyzed.In order to solve this problem,this paper combines the traditional linear scan and recursive traversal disassembly method,and proposes a method of constructing a code expansion selection network.First,take each byte of any byte sequence as the start of disassembly to force disassembly.Then,draw all the disassembly results into an extended control flow graph containing all possible assembly instructions according to the control flow.Finally,train a graph attention network to filter out the disassembly results corresponding to the source code in the extended control flow graph.This article uses this method to test the executable file generated by the compiler,the executable file generated by hand-written assembly code,the data file and the byte sequence intercepted from it.The experimental results show that the method in this paper can effectively construct a function control flow graph,effectively distinguish the code and data in it,and extract the byte corresponding to each instruction from any binary byte sequence.This method is valuable research for the construction of function control flow graph,the distinction between code and data,and the disassembly.