modular interpretive decompilation of low level code by
play

Modular Interpretive Decompilation of Low-Level Code by Partial - PowerPoint PPT Presentation

Sep 14, 2022 •127 likes •690 views

Modular Interpretive Decompilation of Low-Level Code by Partial Evaluation Elvira Albert 1 joint work with omez-Zamalloa 1 and Germ an Puebla 2 Miguel G (1) Complutense University of Madrid (Spain) (2) Technical University of Madrid (Spain)

  1. Modular Interpretive Decompilation of Low-Level Code by Partial Evaluation Elvira Albert 1 joint work with omez-Zamalloa 1 and Germ´ an Puebla 2 Miguel G´ (1) Complutense University of Madrid (Spain) (2) Technical University of Madrid (Spain) Beijing, September 2008 Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 1 / 15

  2. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  3. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Decompiling to intermediate representations: ◮ abstracts away particular language features. ◮ simplifies development of analyzers, model checkers, etc. ◮ variants: clause-based , BoogiePL , Soot , etc. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  4. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Decompiling to intermediate representations: ◮ abstracts away particular language features. ◮ simplifies development of analyzers, model checkers, etc. ◮ variants: clause-based , BoogiePL , Soot , etc. High-level (declarative) languages Convenient intermediate representation: ◮ iterative constructs (loops) ⇒ recursion. ◮ all variables in local scope of methods represented uniformly. Advanced tools (for declarative) languages re-used. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  5. Introduction Interpretive Decompilation Introduction Interpretive Decompilation Most of the approaches develop hand-written decompilers. Appealing alternative: interpretive decompilation PE allows specializing a program w.r.t. some part of its input. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 3 / 15

  6. Introduction Interpretive Decompilation Introduction Interpretive Decompilation Most of the approaches develop hand-written decompilers. Appealing alternative: interpretive decompilation PE allows specializing a program w.r.t. some part of its input. Definition (1st Futamura Projection) A program P written in L S can be compiled into another language L O by specializing an interpreter for L S written in L O w.r.t. P . Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 3 / 15

  7. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ static data ✖ ✕ (in1) ✗ ✔ ❄ program partial ✲ ✖ ✕ p evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ p ]] [ in1 , in2 ] = [[ [[ mix ]] [ p , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  8. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ static data ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  9. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  10. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized input program output ✲ ✒ ✑ ✍ ✌ args (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  11. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ decompiled input program ( LP ) output ✲ ✒ ✑ ✍ ✌ args (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  12. An Example of Interpretive Decompilation Example 1: Source code int gcd(int x,int y) { int res; while (y != 0) { res = x mod y; x = y; y = res; } return x; } Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  13. An Example of Interpretive Decompilation Example 1: Source code int gcd(int x,int y) { int res; while (y != 0) { res = x mod y; x = y; y = res; } return x; } bytecode 0:load(1) 7:store(0) 1:if0eq(11) 8:load(2) 2:load(0) 9:store(1) 3:load(1) 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  14. An Example of Interpretive Decompilation Example 1: Source code bytecode interpreter int gcd(int x,int y) { int res; main(Method,InArgs,Top) :- while (y != 0) { build s0(InArgs,S0), res = x mod y; step(push(X),S1,S2) :- execute(S0,Sf), x = y; S1 = st(PC,S,L)), Sf = st( ,[Top| ], )). y = res; } next(PC,PC2), return x; } S2 = st(PC2,[X|S],L)). execute(S1,Sf) :- S1 = st(PC, , )), step(store(X),S1,S2) :- bytecode bytecode(PC,Inst, ), S1 = st(PC,[I|S],LV)), step(Inst,S1,S2) , 0:load(1) next(PC,PC2), 7:store(0) execute(S2,Sf). 1:if0eq(11) localVar update(LV,X,I,LV2), 8:load(2) 2:load(0) S2 = st(PC2,S,LV2)). ...... 9:store(1) 3:load(1) ............. 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  15. An Example of Interpretive Decompilation Example 1: Source code bytecode interpreter int gcd(int x,int y) { int res; main(Method,InArgs,Top) :- while (y != 0) { build s0(InArgs,S0), res = x mod y; step(push(X),S1,S2) :- execute(S0,Sf), x = y; S1 = st(PC,S,L)), Sf = st( ,[Top| ], )). y = res; } next(PC,PC2), return x; } S2 = st(PC2,[X|S],L)). execute(S1,Sf) :- S1 = st(PC, , )), step(store(X),S1,S2) :- bytecode bytecode(PC,Inst, ), S1 = st(PC,[I|S],LV)), step(Inst,S1,S2) , 0:load(1) next(PC,PC2), 7:store(0) execute(S2,Sf). 1:if0eq(11) localVar update(LV,X,I,LV2), 8:load(2) 2:load(0) S2 = st(PC2,S,LV2)). ...... 9:store(1) 3:load(1) ............. 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Decompiled code main(gcd,[X,0],X). exec 1(Y,0,Y). main(gcd,[X,Y],Z) :- Y \ = 0, exec 1(Y,R,Z) :- R \ = 0, R is X rem Y, exec 1(Y,R,Z). R’ is Y rem R, exec 1(R,R’,Z). Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  16. Contributions in Interpretive Decompilation Contributions in Interpretive Decompilation Advantages w.r.t. dedicated (de-)compilers: flexibility: interpreter easier to modify; more reliable: easier to trust that the semantics preserved; easier to maintain: new changes easily reflected in interpreter; easier to implement: provided a partial evaluator is available. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 6 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising Compilers. It is really about program analysis and transformation . Decompilation is achieved through analysis and transformation of target code; the

408 views • 37 slides
Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about program analysis and transformation . Decompilation is achieved through analysis and transformation of target code; the transformations just work in the

650 views • 35 slides
Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen University of Cambridge TEITP 2010 The GCD program in ARM machine code: E1510002 B0422001 C0411002 01AFFFFFB Problems with machine code Formal

660 views • 46 slides
Decompilation, type inference and finding the code to decompile Alan Mycroft Computer

Decompilation, type inference and finding the code to decompile Alan Mycroft Computer

UNIVERSITY OF CAMBRIDGE Decompilation, type inference and finding the code to decompile Alan Mycroft Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/users/am/ 30 January 2012 Decompilation, type inference and finding

614 views • 34 slides
Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts

Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts

Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts to perform the inverse process of the compiler. Given an executable program compiled in any high-level language, the aim is to produce a high-level

803 views • 25 slides
The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary

The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary

10/13/2016 The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler, PhD, MDiv, MS, RN, FAAN 1 10/13/2016 To view: NursingWorld.org To purchase:

754 views • 29 slides
Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Advanced Programming Modular Programming in C Modular Programming Intro n It is not possible to create complex programs using a single source file: n Compiling is slow n Difficult reuse of functions n Impossible collaboration among

513 views • 17 slides
Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler,

Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler,

10/13/2016 The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler, PhD, MDiv, MS, RN, FAAN To view: NursingWorld.org To purchase: NursesBooks.org 1

502 views • 20 slides
RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU dependent and independent code Easy to Port Pluggable Scheduler Two level Interrupt Handling Small footprint Oskits Device

502 views • 19 slides
Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract

Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract

Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract A transformation between a high-level and a low-level model Two way Modular Employs reusability Implemented in Java

658 views • 26 slides
Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd.

Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd.

Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd. http://www.ablerex.com.tw Key Features Modular and easy to extend 3 Level Technology Space-saving high power density design Hot-scalable power modules

150 views • 13 slides
Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State Univ. At International Workshop on Modularity Across the System Stack (MASS) Mar 14 th , 2016, Malaga, Spain Cyber Insecurity 2 Blame the

804 views • 54 slides
Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A single language construct can have many implementations many-to-many mappings from high-level source language to low-level target machine language

560 views • 16 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal

BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal

LONGSHED BUILDING Canalside Interpretive Structures Buffalo, New York BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal Harbor Development Corporation December 18, 2018 Canals (c.1905) LONGSHED

813 views • 24 slides
Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

OOPSLA 18 Boston Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National Univ. Chung-Kil Hur MPI-SWS Ralf Jung Zhengyang Liu University of Utah John Regehr Nuno P. Lopes Microsoft Research

1.3k views • 127 slides
Interpre'ng and Compiling Intex Intex programs are simple arithme'c expressions on integers that

Interpre'ng and Compiling Intex Intex programs are simple arithme'c expressions on integers that

A New Mini-Language: Intex Interpre'ng and Compiling Intex Intex programs are simple arithme'c expressions on integers that can refer to integer arguments. Intex is the first in a sequence of mini-languages that can be extended to culminate in

425 views • 6 slides
A Reactive Measurement Framework Mark Allman, Vern Paxson International Computer Science

A Reactive Measurement Framework Mark Allman, Vern Paxson International Computer Science

A Reactive Measurement Framework Mark Allman, Vern Paxson International Computer Science Institute Passive and Active Measurement Conference April 2008 This town, buddy, has done its share of shovin This town taught me that its

361 views • 20 slides
REVISED 10 CFR PART 35: MEDICAL USE OF BYPRODUCT MATERIAL Subpart M: Reports This new subpart

REVISED 10 CFR PART 35: MEDICAL USE OF BYPRODUCT MATERIAL Subpart M: Reports This new subpart

REVISED 10 CFR PART 35: MEDICAL USE OF BYPRODUCT MATERIAL Subpart M: Reports This new subpart contains all the reporting requirements necessary to implement the requirements in revised Part 35 P This subpart contains three reporting

187 views • 18 slides
Length and tone in the morphophonology of transitive verbs in Shilluk Bert Remijsen Cynthia L.

Length and tone in the morphophonology of transitive verbs in Shilluk Bert Remijsen Cynthia L.

Length and tone in the morphophonology of transitive verbs in Shilluk Bert Remijsen Cynthia L. Miller Leoma G. Gilley Otto Gwado Ayoker U. of Edinburgh U. of Wisconsin SIL International Shilluk Language Council Introduction Shilluk is

940 views • 42 slides
Multiplication and Division CMSC 301 Prof. Szajda Administrative Read Ch. 3.1-3.4, C.11

Multiplication and Division CMSC 301 Prof. Szajda Administrative Read Ch. 3.1-3.4, C.11

Multiplication and Division CMSC 301 Prof. Szajda Administrative Read Ch. 3.1-3.4, C.11 Program #1 due 10/24 HW #5 assigned w Due Monday, 10/21, at 5pm Review What is slow in a ripple carry adder? What makes a carry

1.04k views • 59 slides
Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Outline Part 1: Weakest Precondition for Program Analysis and Verification Part 2: Polynomial Invariant Generation (TACAS08, LPAR10) Part 3:

1.34k views • 118 slides
Paolo Tonella tonella@fbk.eu Web testing Crawler Matteo Biagiola, Filippo Ricca, Paolo Tonella:

Paolo Tonella tonella@fbk.eu Web testing Crawler Matteo Biagiola, Filippo Ricca, Paolo Tonella:

Search Based Testing of Web Applications Paolo Tonella tonella@fbk.eu Web testing Crawler Matteo Biagiola, Filippo Ricca, Paolo Tonella: Search Based Path and Input Data Generation for Web Application Testing . 9th Int. Symposium on Search

645 views • 21 slides
Convergence in Distribution Undergraduate version of central limit theo- rem: if X 1 , . . . , X

Convergence in Distribution Undergraduate version of central limit theo- rem: if X 1 , . . . , X

Convergence in Distribution Undergraduate version of central limit theo- rem: if X 1 , . . . , X n are iid from a population with mean and standard deviation then n 1 / 2 ( X ) / has approximately a normal dis- tribution. Also

640 views • 26 slides

More recommend