modular interpretive decompilation of low level code by
play

Modular Interpretive Decompilation of Low-Level Code by Partial - PowerPoint PPT Presentation

Sep 14, 2022 •127 likes •690 views

Modular Interpretive Decompilation of Low-Level Code by Partial Evaluation Elvira Albert 1 joint work with omez-Zamalloa 1 and Germ an Puebla 2 Miguel G (1) Complutense University of Madrid (Spain) (2) Technical University of Madrid (Spain)

  1. Modular Interpretive Decompilation of Low-Level Code by Partial Evaluation Elvira Albert 1 joint work with omez-Zamalloa 1 and Germ´ an Puebla 2 Miguel G´ (1) Complutense University of Madrid (Spain) (2) Technical University of Madrid (Spain) Beijing, September 2008 Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 1 / 15

  2. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  3. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Decompiling to intermediate representations: ◮ abstracts away particular language features. ◮ simplifies development of analyzers, model checkers, etc. ◮ variants: clause-based , BoogiePL , Soot , etc. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  4. Introduction Motivation Introduction Motivation Low-level code ⇒ Intermediate representations Mobile environments : only low-level code available. Analysis tools unavoidably more complicated. ◮ unstructured control flow, ◮ use of operand stack, ◮ use of heap, etc. Decompiling to intermediate representations: ◮ abstracts away particular language features. ◮ simplifies development of analyzers, model checkers, etc. ◮ variants: clause-based , BoogiePL , Soot , etc. High-level (declarative) languages Convenient intermediate representation: ◮ iterative constructs (loops) ⇒ recursion. ◮ all variables in local scope of methods represented uniformly. Advanced tools (for declarative) languages re-used. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 2 / 15

  5. Introduction Interpretive Decompilation Introduction Interpretive Decompilation Most of the approaches develop hand-written decompilers. Appealing alternative: interpretive decompilation PE allows specializing a program w.r.t. some part of its input. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 3 / 15

  6. Introduction Interpretive Decompilation Introduction Interpretive Decompilation Most of the approaches develop hand-written decompilers. Appealing alternative: interpretive decompilation PE allows specializing a program w.r.t. some part of its input. Definition (1st Futamura Projection) A program P written in L S can be compiled into another language L O by specializing an interpreter for L S written in L O w.r.t. P . Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 3 / 15

  7. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ static data ✖ ✕ (in1) ✗ ✔ ❄ program partial ✲ ✖ ✕ p evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ p ]] [ in1 , in2 ] = [[ [[ mix ]] [ p , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  8. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ static data ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  9. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized dynamic program output ✲ ✒ ✑ ✍ ✌ data (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  10. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ specialized input program output ✲ ✒ ✑ ✍ ✌ args (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  11. First Futamura Projection Partial Evaluation and the Interpretive Approach First Futamura Projection Partial Evaluation and the Interpretive Approach p ( in1 , in2 ) = output ✗ ✔ bytecode program ✖ ✕ (in1) ✗ ✔ ❄ bytecode partial ✲ ✖ interp ( LP ) ✕ evaluator(mix) ✛ ✘ ✓ ✏ ✲ ✎ ☞ ❄ ❄ decompiled input program ( LP ) output ✲ ✒ ✑ ✍ ✌ args (in2) ✲ ✚ ✙ p in1 ✞ ☎ ✝ ✆ = data = programs [[ bc interp ]] [ in1 , in2 ] = [[ [[ mix ]] [ bc interp , in1 ] ]] [ in2 ] Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 4 / 15

  12. An Example of Interpretive Decompilation Example 1: Source code int gcd(int x,int y) { int res; while (y != 0) { res = x mod y; x = y; y = res; } return x; } Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  13. An Example of Interpretive Decompilation Example 1: Source code int gcd(int x,int y) { int res; while (y != 0) { res = x mod y; x = y; y = res; } return x; } bytecode 0:load(1) 7:store(0) 1:if0eq(11) 8:load(2) 2:load(0) 9:store(1) 3:load(1) 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  14. An Example of Interpretive Decompilation Example 1: Source code bytecode interpreter int gcd(int x,int y) { int res; main(Method,InArgs,Top) :- while (y != 0) { build s0(InArgs,S0), res = x mod y; step(push(X),S1,S2) :- execute(S0,Sf), x = y; S1 = st(PC,S,L)), Sf = st( ,[Top| ], )). y = res; } next(PC,PC2), return x; } S2 = st(PC2,[X|S],L)). execute(S1,Sf) :- S1 = st(PC, , )), step(store(X),S1,S2) :- bytecode bytecode(PC,Inst, ), S1 = st(PC,[I|S],LV)), step(Inst,S1,S2) , 0:load(1) next(PC,PC2), 7:store(0) execute(S2,Sf). 1:if0eq(11) localVar update(LV,X,I,LV2), 8:load(2) 2:load(0) S2 = st(PC2,S,LV2)). ...... 9:store(1) 3:load(1) ............. 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  15. An Example of Interpretive Decompilation Example 1: Source code bytecode interpreter int gcd(int x,int y) { int res; main(Method,InArgs,Top) :- while (y != 0) { build s0(InArgs,S0), res = x mod y; step(push(X),S1,S2) :- execute(S0,Sf), x = y; S1 = st(PC,S,L)), Sf = st( ,[Top| ], )). y = res; } next(PC,PC2), return x; } S2 = st(PC2,[X|S],L)). execute(S1,Sf) :- S1 = st(PC, , )), step(store(X),S1,S2) :- bytecode bytecode(PC,Inst, ), S1 = st(PC,[I|S],LV)), step(Inst,S1,S2) , 0:load(1) next(PC,PC2), 7:store(0) execute(S2,Sf). 1:if0eq(11) localVar update(LV,X,I,LV2), 8:load(2) 2:load(0) S2 = st(PC2,S,LV2)). ...... 9:store(1) 3:load(1) ............. 10:goto(0) 4:rem 11:load(0) 5:store(2) 12:return 6:load(1) Decompiled code main(gcd,[X,0],X). exec 1(Y,0,Y). main(gcd,[X,Y],Z) :- Y \ = 0, exec 1(Y,R,Z) :- R \ = 0, R is X rem Y, exec 1(Y,R,Z). R’ is Y rem R, exec 1(R,R’,Z). Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 5 / 15

  16. Contributions in Interpretive Decompilation Contributions in Interpretive Decompilation Advantages w.r.t. dedicated (de-)compilers: flexibility: interpreter easier to modify; more reliable: easier to trust that the semantics preserved; easier to maintain: new changes easily reflected in interpreter; easier to implement: provided a partial evaluator is available. Elvira Albert (UCM) Interpretive Decomp. of Low-Level Code Beijing, September 2008 6 / 15

Recommend

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising

Lecture 16 Decompilation Why decompilation? This course is ostensibly about Optimising Compilers. It is really about program analysis and transformation . Decompilation is achieved through analysis and transformation of target code; the

408 views • 37 slides
Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about

Why decompilation? This course is ostensibly about Optimising Compilers. It is really about program analysis and transformation . Decompilation is achieved through analysis and transformation of target code; the transformations just work in the

650 views • 35 slides
Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen University of Cambridge TEITP 2010 The GCD program in ARM machine code: E1510002 B0422001 C0411002 01AFFFFFB Problems with machine code Formal

660 views • 46 slides
Decompilation, type inference and finding the code to decompile Alan Mycroft Computer

Decompilation, type inference and finding the code to decompile Alan Mycroft Computer

UNIVERSITY OF CAMBRIDGE Decompilation, type inference and finding the code to decompile Alan Mycroft Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/users/am/ 30 January 2012 Decompilation, type inference and finding

614 views • 34 slides
Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts

Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts

Decompilation Ximing Yu May 3, 2011 Decompiler Definition Decompiler is a program that attempts to perform the inverse process of the compiler. Given an executable program compiled in any high-level language, the aim is to produce a high-level

803 views • 25 slides
The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary

The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary

10/13/2016 The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler, PhD, MDiv, MS, RN, FAAN 1 10/13/2016 To view: NursingWorld.org To purchase:

754 views • 29 slides
Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Advanced Programming Modular Programming in C Modular Programming Intro n It is not possible to create complex programs using a single source file: n Compiling is slow n Difficult reuse of functions n Impossible collaboration among

513 views • 17 slides
Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler,

Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler,

10/13/2016 The 2015 ANA Code of Ethics for Nurses with Interpretive Statements ANA\C 20 th Anniversary Celebration & General Assembly Marsha Fowler, PhD, MDiv, MS, RN, FAAN To view: NursingWorld.org To purchase: NursesBooks.org 1

502 views • 20 slides
RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU

RTker Anubha Verma Shikha Kapoor Features Modular Design Isolation of Architecture/CPU dependent and independent code Easy to Port Pluggable Scheduler Two level Interrupt Handling Small footprint Oskits Device

502 views • 19 slides
Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract

Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract

Modular transformation from AF3 to nuXmv Sudeep Kanav, Vincent Aravantinos fortiss GmbH Abstract A transformation between a high-level and a low-level model Two way Modular Employs reusability Implemented in Java

658 views • 26 slides
Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd.

Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd.

Enersine Pro 80A Modular Active Power Filter Ablerex Electronics Co., Ltd. http://www.ablerex.com.tw Key Features Modular and easy to extend 3 Level Technology Space-saving high power density design Hot-scalable power modules

150 views • 13 slides
Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State Univ. At International Workshop on Modularity Across the System Stack (MASS) Mar 14 th , 2016, Malaga, Spain Cyber Insecurity 2 Blame the

804 views • 54 slides
Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A single language construct can have many implementations many-to-many mappings from high-level source language to low-level target machine language

560 views • 16 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal

BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal

LONGSHED BUILDING Canalside Interpretive Structures Buffalo, New York BUFFALOS CANALSIDE INTERPRETIVE STRUCTURES LONGSHED PRESENTATION HHL Architects Erie Canal Harbor Development Corporation December 18, 2018 Canals (c.1905) LONGSHED

813 views • 24 slides
Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

OOPSLA 18 Boston Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National Univ. Chung-Kil Hur MPI-SWS Ralf Jung Zhengyang Liu University of Utah John Regehr Nuno P. Lopes Microsoft Research

1.3k views • 127 slides
MCLinker Diana Chen mysekki@gmail.com MediaT ek Inc. System Modular LLVM MC Linker

MCLinker Diana Chen mysekki@gmail.com MediaT ek Inc. System Modular LLVM MC Linker

MCLinker Diana Chen mysekki@gmail.com MediaT ek Inc. System Modular LLVM MC Linker IRBuilder for ELF , Extensible for more object formats http://code.google.com/p/mclinker On device Linker Fast linking speed Small code size Low memory

494 views • 7 slides
Where We Are Source code Lexical, Syntax, and if (b == 0) a = b; Semantic Analysis IR

Where We Are Source code Lexical, Syntax, and if (b == 0) a = b; Semantic Analysis IR

Where We Are Source code Lexical, Syntax, and if (b == 0) a = b; Semantic Analysis IR Generation Low-level IR code Optimizations Optimized Low-level IR code Assembly code Assembly code generation cmp $0,%rcx cmovz %rax,%rdx 1 Low IR

777 views • 42 slides
Logical minimisation of metarules in meta-interpretive learning Andrew Cropper and Stephen

Logical minimisation of metarules in meta-interpretive learning Andrew Cropper and Stephen

Logical minimisation of metarules in meta-interpretive learning Andrew Cropper and Stephen Muggleton Outline Meta-interpretive learning minimisation of metarules motivation method experiments related work conclusions

976 views • 23 slides
Implementing Higher-Level Languages Quick tour of programming language implementation techniques.

Implementing Higher-Level Languages Quick tour of programming language implementation techniques.

Implementing Higher-Level Languages Quick tour of programming language implementation techniques. From the Java level to the C level. Ahead-of-time compiler compile time C source x86 assembly x86 machine x86 C compiler code code code

428 views • 17 slides
Module Title: Broadcasting & Presentation Skills Level : 4 Credit Value : 20 Code of module

Module Title: Broadcasting & Presentation Skills Level : 4 Credit Value : 20 Code of module

MODULE SPECIFICATION PROFORMA Module Title: Broadcasting & Presentation Skills Level : 4 Credit Value : 20 Code of module Being Module Code : HUM475 New Module? No N/A Replaced : GAJM P300 Cost Centre(s) : JACS3 code : With Effect

60 views • 5 slides
Pan-Canadian Quality Assurance Recommendations for Interpretive Pathology A Partnership of the

Pan-Canadian Quality Assurance Recommendations for Interpretive Pathology A Partnership of the

Pan-Canadian Quality Assurance Recommendations for Interpretive Pathology A Partnership of the Canadian Partnership Against Cancer and Canadian Association of Pathologists What is the Quality Initiative for Interpretive Pathology (QIIP)?

370 views • 15 slides
1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

TEMPORARY MODULAR HOUSING Temporary Modular Housing Community Information Session 7430 7460 Heather Street ( formerly 650 West 57 th Avenue) ) 1 TEMPORARY MODULAR HOUSING Meeting Purpose Learn how Temporary Modular Housing will allow

701 views • 32 slides
Decompilation and Data Flow Analysis Silvio Cesare <silvio.cesare@gmail.com> Who am I and

Decompilation and Data Flow Analysis Silvio Cesare <silvio.cesare@gmail.com> Who am I and

Bugalyze.com - Detecting Bugs Using Decompilation and Data Flow Analysis Silvio Cesare <silvio.cesare@gmail.com> Who am I and where did this talk come from? Ph.D. Student at Deakin University Book Author This talk covers some

764 views • 50 slides

More recommend