meaningful variable names for decompiled code a machine
play

Meaningful Variable Names for Decompiled Code: A Machine - PowerPoint PPT Presentation

Aug 30, 2023 •175 likes •736 views

Meaningful Variable Names for Decompiled Code: A Machine Translation Approach Alan Jaffe, Jeremy Lacomis , Edward J. Schwartz*, Claire Le Goues, and Bogdan Vasilescu * Problem: Obfuscated Variable Names in Code Minified JavaScript: function

  1. Meaningful Variable Names for Decompiled Code: A Machine Translation Approach Alan Jaffe, Jeremy Lacomis , Edward J. Schwartz*, Claire Le Goues, and Bogdan Vasilescu *

  2. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … 2

  3. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … 3

  4. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 4

  5. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 5

  6. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • 6

  7. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • Use large corpora + machine learning to predict better identifier names. • Corpora are easy to generate! • 7

  8. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • Use large corpora + machine learning to predict better identifier names. • Corpora are easy to generate! • Bavishi et al., Context2Name, 2017 • Vasilescu et al., JSNaughty, 2017 • Raychev et al., JSNice, 2015 • 8

  9. Problem: Obfuscated Variable Names in Code Can we use similar strategies for decompiled code? Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 9

  10. Statistical Machine Translation (SMT) • Noisy channel model 10

  11. Statistical Machine Translation (SMT) • Noisy channel model • English à French: 11

  12. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! 12

  13. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! !"#$!% & ( ) *) 13

  14. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) 14

  15. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) Translation Model: Probability that f is a translation of e 15

  16. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) Language Model: “Fluency” of e 16

  17. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) ) * +) : Translation Model MOSES SMT: )(+) : Language Model 17

  18. SMT Model for Natural Language Aligned French/English corpus English corpus 18

  19. SMT Model for Minified JavaScript Aligned original/minified source corpus Original source corpus 19

  20. Problem: Obfuscated Identifiers in Code Can we use SMT for decompiled code? Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 21

  21. SMT Model for Decompiled Code? Aligned original/decompiled source corpus Original source corpus 22

  22. SMT Model for Decompiled Code? Nontrivial Aligned original/decompiled source corpus Original source corpus 23

  23. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } 24

  24. Difficulty: Decompilation Changes Structure 9 Lines Original Source 8 Lines Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. 25

  25. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. • Different numbers of variables. 26

  26. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. • Different numbers of variables. • Different types of loops. 27

  27. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } 28

  28. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> int main() { int cur = 0; while (cur <= 9) { printf("%d \n ", cur); ++cur; } return 0; } Original Code 29

  29. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } Original Code 30

  30. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } Original Code 31

Recommend

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019 Haoyu Wang UMass Boston CS 240 September 25, 2019 1 / 28 Variable Names Made up of letters and digits Underscore (_) counts as a letter This is

758 views • 28 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art

Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art

Digital Tools to Support Contact Tracing (DT4CT) Meeting Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art Davidson APHL Scott Becker HHS Sharon Sartin CDC Mark Stenger Interactive polling Iowa

581 views • 39 slides
Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables All variables have values that

579 views • 15 slides
Today, Lecture 3: Writing a program systematic problem solving Branching

Today, Lecture 3: Writing a program systematic problem solving Branching

Previous Lecture (and lab): Variables &amp; assignment Built-in functions, input &amp; output Good programming style (meaningful variable names; use comments) Today, Lecture 3: Writing a program systematic problem

507 views • 33 slides
Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS

Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS

1 Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS ZDePicSAS DeNamVTS ZDeNamVAS mdhgsx1 sw4emo sw4con sw4hyp sw4peer sw4pros sw5emo sw5con sw5hyp sw5peer sw5pros male pregsmok missingd; USEVAR are sw4emo

753 views • 44 slides
Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins

Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins

Senior Fall 2017 Guidance Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins Last Names S-Z Ms. Heidenreich Graduation Requirements FL SUS College Admissions Minimum General Diploma

193 views • 16 slides
Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen University of Cambridge TEITP 2010 The GCD program in ARM machine code: E1510002 B0422001 C0411002 01AFFFFFB Problems with machine code Formal

660 views • 46 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
machine and also for the operator. Instruction are executed in time order. NC code must have a

machine and also for the operator. Instruction are executed in time order. NC code must have a

Machining on CNC machines is controled by a NC code. NC code is a list of instructions for the machine and also for the operator. Instruction are executed in time order. NC code must have a specific format so that the control system of machine

653 views • 32 slides
Pyt ython basic ics Comments ; Variable names int, float, str type

Pyt ython basic ics Comments ; Variable names int, float, str type

Pyt ython basic ics Comments ; Variable names int, float, str type conversion assignment (=) print(), help(), type() Pyt ython comments A # indicates the beginning of a comment. From # until of end

504 views • 18 slides
Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Design Team Meeting Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron APHL Scott Becker CDC Anita Patel TFGH Patrick OCarroll HHS James Daniel CDC Jason Bonander CDCF Judy Monroe TFGH

436 views • 15 slides
Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook

Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook

Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook Kyungwoo Lee, Nikolai Tillmann 1 The Machine Outliner Today Machine outliner in LLVM significantly reduces code size Works quite well with

698 views • 32 slides
Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model (e.g., Holland &amp;

Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model (e.g., Holland &amp;

Monotone Homogeneity Model (MHM) Notation: X 1 , ..., X j , ..., X J : item scores; : latent trait MHM (Mokken, 1971) : General IRT model for P( X j = x |) Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model

485 views • 4 slides
Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A single language construct can have many implementations many-to-many mappings from high-level source language to low-level target machine language

560 views • 16 slides
Translation Models Machine-dependent Generate Machine Code Directly Through

Translation Models Machine-dependent Generate Machine Code Directly Through

Translation Models Machine-dependent Generate Machine Code Directly Through Intermediate Code Machine-independent Interpret the source code Generate intermediate code and then interpret the intermediate code Single

263 views • 5 slides
1 Algorithm for Identifying Loop Invariant Code Algorithm for Identifying Loop Invariant Code

1 Algorithm for Identifying Loop Invariant Code Algorithm for Identifying Loop Invariant Code

Loop Invariant Code Motion Loop Invariant Code Motion Background: ud- and du-chains Last Time ud-Chains Control flow analysis A ud-chain connects a use of a variable to all defs of a variable that might reach it (a sparse representation

355 views • 6 slides
COMM 291 Midterm Review Session By Simon Roberts Types of Variables Categorical Variable:

COMM 291 Midterm Review Session By Simon Roberts Types of Variables Categorical Variable:

COMM 291 Midterm Review Session By Simon Roberts Types of Variables Categorical Variable: Variable names fall into bins or categories Binary Variable: There are exactly 2 options (true/false) Nominal: Variables are simply named

670 views • 41 slides
AAA Showcase! Who is my counselor? Last Names A-EL: Mr. Melvin Last Names EM-LEE: Ms. Tauer

AAA Showcase! Who is my counselor? Last Names A-EL: Mr. Melvin Last Names EM-LEE: Ms. Tauer

AAA Showcase! Who is my counselor? Last Names A-EL: Mr. Melvin Last Names EM-LEE: Ms. Tauer Last Names LEEG-RO: Mrs. Rodriguez Last Names: RU-Z: Mrs. Marciniec Mrs. Lewis, Assistant Principal for Student Services The Role of School

591 views • 21 slides
1 Dead Code Elimination for SSA Constant Propagation Dead code elimination Goal while a

1 Dead Code Elimination for SSA Constant Propagation Dead code elimination Goal while a

Using Static Single Assignment Form Variable Renaming (cont) Last Time Data Structures Constructing SSA form Stacks[v] v Holds the subscript of most recent definition of variable v, initially empty Counters[v] v Today

224 views • 5 slides
while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Hints on variable names Pick names that are descriptive Change a name if you decide theres a better choice Give names to

273 views • 23 slides
while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Hints on variable names Pick names that are descriptive Change a name if you decide theres a better choice Give names to

627 views • 26 slides
assembly language source assembler code &quot;machine code&quot; 1 These slides may be

assembly language source assembler code &quot;machine code&quot; 1 These slides may be

assembly language source assembler code &quot;machine code&quot; 1 These slides may be freely used, distributed, and incorporated into other works. To execute a program: 1 put the &quot;machine code&quot; into memory 2 jal __start (the OS

798 views • 66 slides
Turning C into Machine Code CSAPP book is very useful and well-aligned with class for the remainder

Turning C into Machine Code CSAPP book is very useful and well-aligned with class for the remainder

Turning C into Machine Code CSAPP book is very useful and well-aligned with class for the remainder of the course. C Code void sumstore(long x, long y, long *dest) { long t = x + y; C to Machine Code and x86 Basics Generated x86 Assembly Code

680 views • 4 slides

More recommend