OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary

Recovering variables and data structure information from stripped binary is a prominent challenge in binary program analysis. While various state-of-the-art techniques are effective in specific settings, such effectiveness may not generalize. This is mainly because the problem is inherently uncertai...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhang, Zhuo, Ye, Yapeng, You, Wei, Tao, Guanhong, Lee, Wen-chuan, Kwon, Yonghwi, Aafer, Yousra, Zhang, Xiangyu
Format: Conference Proceeding
Language:English
Subjects:
Binary codes
Binary-Analysis
Data structures
Privacy
Probabilistic logic
Probabilistic-Analysis
Random variables
Reverse-Engineering
Systematics
Type-Inference
Uncertainty
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Recovering variables and data structure information from stripped binary is a prominent challenge in binary program analysis. While various state-of-the-art techniques are effective in specific settings, such effectiveness may not generalize. This is mainly because the problem is inherently uncertain due to the information loss in compilation. Most existing techniques are deterministic and lack a systematic way of handling such uncertainty. We propose a novel probabilistic technique for variable and structure recovery. Random variables are introduced to denote the likelihood of an abstract memory location having various types and structural properties such as being a field of some data structure. These random variables are connected through probabilistic constraints derived through program analysis. Solving these constraints produces the posterior probabilities of the random variables, which essentially denote the recovery results. Our experiments show that our technique substantially outperforms a number of state-of-the-art systems, including IDA, Ghidra, Angr, and Howard. Our case studies demonstrate the recovered information improves binary code hardening and binary decompilation.
ISSN:2375-1207
DOI:10.1109/SP40001.2021.00051