Research Article
BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel
Algorithm 2
Algorithm of execution path analysis based on partial reexecution.
| | Input: Start instruction start_ins, target instruction end_ins | | | Output: Execution path and analysis results | | (1) | Initialize the auxiliary buffer buf for current processor and thread. | | (2) | curr_ins ⟵ start_ins | | (3) | while curr_ins is not equal to end_ins do | | (4) | Parse curr_ins. | | (5) | if curr_ins is a branch instruction then | | (6) | if the transfer target can be directly determined then | | (7) | Get the target instruction target_ins. | | (8) | Insert curr_ins and extra analysis code to buf. | | (9) | curr_ins ⟵ target_ins | | (10) | break | | (11) | else if the transfer target cannot be directly determined then | | (12) | Switch the context, execute instructions of buf and perform analysis. | | (13) | Get the jump target address target_ins. | | (14) | curr_ins ⟵ target_ins | | (15) | break | | (16) | else if curr_ins is a system call, interrupt or trap instruction then | | (17) | break | | (18) | end | | (19) | else | | (20) | Insert curr_ins and extra analysis code to buf | | (21) | end | | (22) | end | | (23) | Switch the context, execute and analyze the remaining instructions of buf. | | (24) | Save the execution path and analysis results. |
|
