Model Checking x86 Executables with CodeSurfer/x86 and WPDS++

CodeSurfer/x86-A Platform for Analyzing x86 Executables

CodeSurfer/x86 is a prototype system for analyzing x86 executables. It uses a static-analysis algorithm called value-set analysis (VSA) to recover intermediate representations that are similar to those that a compiler creates for a program written in a high-level language. A major challenge in building an analysis tool for executables is in providing useful information about operations involvin...

Pushdown Model Generation of Malware

Model checking software consists of two steps: model generation and model checking. A model is often generated statically by abstraction, and sometimes refined iteratively. However, model generation is not easy for malware, since malware is often distributed without source codes, but as binary executables. Worse, sophisticated malware tries to obfuscate its behavior, like self-modification, whi...

Analyzing Stripped Device-Driver Executables

This paper sketches the design and implementation of DeviceDriver Analyzer for x86 (DDA/x86), a prototype analysis tool for finding bugs in stripped Windows device-driver executables (i.e., when neither source code nor symbol-table/debugging information is available), and presents a case study. DDA/x86 was able to find known bugs (previously discovered by source-code-based analysis tools) along...

Recovery of Variables and Heap Structure in x86 Executables

This paper addresses two problems that arise when analyzing executables: (1) recovering variable-like quantities in the absence of symbol-table and debugging information, and (2) recovering useful information about objects allocated in the heap.

Analyzing Memory Accesses in x86 Binary Executables