文章基本信息

标题：Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis
本地全文：下载
作者：Lukáš Ďurfina ; Jakub Křoustek ; Petr Zemek 等
期刊名称：International Journal of Security and Its Applications
印刷版ISSN：1738-9976
出版年度：2011
卷号：5
期号：4
出版社：SERSC
摘要：Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platformspecific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application—the architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.
关键词：decompilation; reverse engineering; malware; LLVM; Lissom; ISAC