Identifying Library Functions in Executable Files Using Patterns

Re-engineering from legacy executable (binary) les is greatly facilitated by identifying and naming statically linked library functions. This paper presents an e cient method for generating les of patterns; each pattern is a transformation of the rst several bytes of a library function's executable code. Given a suitable pattern le, a candidate function can be identi ed in linear time. One pattern le is generated for each combination of compiler vendor, version, and memory model (where applicable). The process of identifying these parameters in a given executable le also identi es the main function of the program, i.e. the start of the code written by the user. The pattern les are produced automatically from a compiler's library le in a few seconds, with no user intervention required. Due to various limitations, not all library functions can be identi ed correctly; a small number will be either incorrectly identi ed or not identi ed. Optimal perfect hash functions are used to keep the pattern les compact and e cient to process.