Theses and Dissertations Collection

With the rapid increase and complexity of cyber-attacks, there is a need to analyze and understand software programs, not only the source code, but also the binary executable. We might encounter situations where source code and debugging symbols are not available, thus we need to analyze low-level executables. The variable types, function parameters and indirect memory access provide the fundamental semantics of a program. Generally, when we compile an executable, the critical information related to variables, types and parameters is lost. This leads to conservative static analysis at the binary-level. A large amount of research has been carried out for decades on binary code type inference, a challenging task that aims to infer typed variables [1].

To improve our ability to perform static and dynamic analysis, the goal of this thesis is to develop a novel algorithm for finding the parameters of a function, the local variables of a function, and the parameter used as a pointer. The purpose of this algorithm is to explore applications in the context of program understanding and to provide useful information about function parameters, even in the absence of debugging information [2]. The approach is not fully sound, which means that there could be false positives or false negatives. The designed algorithm is a step towards determining critical information of any function. The algorithm has been tested over 444 functions in total for GCC and 200 for Clang from stripped binaries compiled on both Intel 32-bit and 64-bit with both O0 and O2 optimizations levels with a success rate of approx. 100% for finding the parameters, 78% and 66% for local variables and 85.5% and 77% for finding parameters as pointers in both GCC and Clang, respectively. We developed it on both 32-bit and 64-bit with O0 and O2 optimization levels. Based on the current development and analysis, we conclude with suggestions for future work and provide some insight into some preliminary ideas to solve such problems.