Compiler-Agnostic Function Detection in Binaries

D.A. Andriesse, J.M. Slowinska, H.J. Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus detects functions at the Control Flow Graph-level, making it inherently suitable for difficult cases such as non-contiguous or multi-entry functions. We evaluate Nucleus on a diverse set of 476 C and C ++ binaries, compiled with GCC, clang and Visual Studio for x86 and x64, at optimization levels O0-O3. We achieve consistently good performance, with a mean F-score of 0.95.
Original languageEnglish
Title of host publicationProceedings - 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017
PublisherInstitute of Electrical and Electronics Engineers, Inc.
Pages177-189
Number of pages13
ISBN (Electronic)9781509057610
DOIs
Publication statusPublished - 28 Jun 2017
Event2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 - Paris, France
Duration: 26 Apr 201728 Apr 2017

Conference

Conference2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017
Country/TerritoryFrance
CityParis
Period26/04/1728/04/17

Keywords

  • Disassembly
  • function detection
  • reverse engineering
  • static analysis

Fingerprint

Dive into the research topics of 'Compiler-Agnostic Function Detection in Binaries'. Together they form a unique fingerprint.

Cite this