TY - GEN
T1 - Ramblr
T2 - 24th Annual Network and Distributed System Security Symposium, NDSS 2017
AU - Wang, Ruoyu
AU - Shoshitaishvili, Yan
AU - Bianchi, Antonio
AU - Machiry, Aravind
AU - Grosen, John
AU - Grosen, Paul
AU - Kruegel, Christopher
AU - Vigna, Giovanni
N1 - Publisher Copyright:
© 2017 24th Annual Network and Distributed System Security Symposium, NDSS 2017. All Rights Reserved.
PY - 2017
Y1 - 2017
N2 - Static binary rewriting has many important applications in reverse engineering, such as patching, code reuse, and instrumentation. Binary reassembling is an efficient solution for static binary rewriting. While there has been a proposed solution to the reassembly of binaries, an evaluation on a real-world binary dataset shows that it suffers from some problems that lead to breaking binaries. Those problems include incorrect symbolization of immediates, failure in identifying symbolizable constants, lack of pointer safety checks, and other issues. Failure in addressing those problems makes the existing approach unsuitable for real-world binaries, especially those compiled with optimizations enabled. In this paper, we present a new systematic approach for binary reassembling. Our new approach is implemented in a tool called Ramblr. We evaluate Ramblr on 106 real-world programs on Linux x86 and x86-64, and 143 programs collected from the Cyber Grand Challenge Qualification Event. All programs are compiled to binaries with a set of different compilation flags in order to cover as many real-world scenarios as possible. Ramblr successfully reassembles most of the binaries, which is an improvement over the state-of-the-art approach. It should be noted that our reassembling procedure yields no execution overhead and no size expansion.
AB - Static binary rewriting has many important applications in reverse engineering, such as patching, code reuse, and instrumentation. Binary reassembling is an efficient solution for static binary rewriting. While there has been a proposed solution to the reassembly of binaries, an evaluation on a real-world binary dataset shows that it suffers from some problems that lead to breaking binaries. Those problems include incorrect symbolization of immediates, failure in identifying symbolizable constants, lack of pointer safety checks, and other issues. Failure in addressing those problems makes the existing approach unsuitable for real-world binaries, especially those compiled with optimizations enabled. In this paper, we present a new systematic approach for binary reassembling. Our new approach is implemented in a tool called Ramblr. We evaluate Ramblr on 106 real-world programs on Linux x86 and x86-64, and 143 programs collected from the Cyber Grand Challenge Qualification Event. All programs are compiled to binaries with a set of different compilation flags in order to cover as many real-world scenarios as possible. Ramblr successfully reassembles most of the binaries, which is an improvement over the state-of-the-art approach. It should be noted that our reassembling procedure yields no execution overhead and no size expansion.
UR - http://www.scopus.com/inward/record.url?scp=85180403234&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85180403234&partnerID=8YFLogxK
U2 - 10.14722/ndss.2017.23225
DO - 10.14722/ndss.2017.23225
M3 - Conference contribution
AN - SCOPUS:85180403234
T3 - 24th Annual Network and Distributed System Security Symposium, NDSS 2017
BT - 24th Annual Network and Distributed System Security Symposium, NDSS 2017
PB - The Internet Society
Y2 - 26 February 2017 through 1 March 2017
ER -