Disassembly of executable code revisited

Benjamin Schwarz, Saumya Debray, Gregory Andrews

Research output: Chapter in Book/Report/Conference proceedingConference contribution

122 Scopus citations

Abstract

Machine code disassembly routines form a fundamental component of software systems that statically analyze or modify executable programs, e.g., reverse engineering systems, static binary translators, and link-time optimizers. The task of disassembly is complicated by indirect jumps and the presence of non-executable data - jump tables, alignment bytes, etc. - in the instruction stream. Existing disassembly algorithms are not always able to cope successfully with executable files containing such features, and they fail silently - i.e., produce incorrect disassemblies without any indication that the results they are producing are incorrect. In this paper we examine two commonly-used disassembly algorithms and illustrate their shortcomings. We propose a hybrid approach that performs better than these algorithms in the sense that it is able to detect situations where the disassembly may be incorrect and limit the extent of such disassembly errors. Experimental results indicate that the algorithm is quite effective: the amount of code flagged as incurring disassembly errors is usually quite small.

Original languageEnglish (US)
Title of host publicationProceedings - 9th Working Conference on Reverse Engineering, WCRE 2002
EditorsElizabeth Burd, Arie van Deursen
PublisherIEEE Computer Society
Pages45-54
Number of pages10
ISBN (Electronic)0769517994
DOIs
StatePublished - Jan 1 2002
Event9th Working Conference on Reverse Engineering, WCRE 2002 - Richmond, United States
Duration: Oct 29 2002Nov 1 2002

Publication series

NameProceedings - Working Conference on Reverse Engineering, WCRE
Volume2002-January
ISSN (Print)1095-1350

Other

Other9th Working Conference on Reverse Engineering, WCRE 2002
CountryUnited States
CityRichmond
Period10/29/0211/1/02

    Fingerprint

Keywords

  • Assembly
  • Computer science
  • Information analysis
  • Joining processes
  • Libraries
  • Reverse engineering
  • Software systems

ASJC Scopus subject areas

  • Software

Cite this

Schwarz, B., Debray, S., & Andrews, G. (2002). Disassembly of executable code revisited. In E. Burd, & A. van Deursen (Eds.), Proceedings - 9th Working Conference on Reverse Engineering, WCRE 2002 (pp. 45-54). [1173063] (Proceedings - Working Conference on Reverse Engineering, WCRE; Vol. 2002-January). IEEE Computer Society. https://doi.org/10.1109/WCRE.2002.1173063