An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries

D.A. Andriesse, X. Chen, V. van der Veen, J.M. Slowinska, H.J. Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

It is well-known that static disassembly is an unsolved problem, but how much of a problem is it in real software—for instance, for binary protection schemes? This work studies the accuracy of nine state-of-the-art disassemblers on 981 real-world compiler-generated binaries with a wide variety of properties. In contrast, prior work focuses on isolated corner cases; we show that this has led to a widespread and overly pessimistic view on the prevalence of complex constructs like inline data and overlapping code, leading reviewers and researchers to underestimate the potential of binary-based research. On the other hand, some constructs, such as function boundaries, are much harder to recover accurately than is reflected in the literature, which rarely discusses much needed error handling for these primitives. We study 30 papers recently published in six major security venues, and reveal a mismatch
between expectations in the literature, and the actual capabilities of modern disassemblers. Our findings help improve future research by eliminating this mismatch.
Original languageEnglish
Title of host publication25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016
PublisherUSENIX
Pages583-600
ISBN (Print)978-1-931971-32-4
Publication statusPublished - Aug 2016

Keywords

  • Dissassembly
  • Security

Cite this