CN107273177A - It is a kind of that the method and apparatus that ARM firmwares load plot are positioned based on jump list - Google Patents
It is a kind of that the method and apparatus that ARM firmwares load plot are positioned based on jump list Download PDFInfo
- Publication number
- CN107273177A CN107273177A CN201710509790.XA CN201710509790A CN107273177A CN 107273177 A CN107273177 A CN 107273177A CN 201710509790 A CN201710509790 A CN 201710509790A CN 107273177 A CN107273177 A CN 107273177A
- Authority
- CN
- China
- Prior art keywords
- firmware
- statement block
- memory address
- jump list
- instruction code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/74—Reverse engineering; Extracting design information from source code
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
This application discloses a kind of method and apparatus that ARM firmwares loading plot is positioned based on jump list.This method is ranked up after it is determined that switch sentences compile the jump list of generation in firmware to the memory address stored in jump list, and chooses the memory address that the memory address of minimum is used as first case statement block in switch sentences.And then, the offset of the first case statement block is determined, according to the memory address and the offset of the first case statement block, calculates and exports the firmware loading plot.The present invention can be achieved to load firmware the positioning of plot, so as to more efficiently carry out reverse-engineering to firmware.
Description
Technical field
The application is related to software field, positions ARM firmwares more specifically to a kind of based on jump list and loads plot
Method and apparatus.
Background technology
Embedded device becomes increasingly common in life, such as DV, printer, intelligent watch, solid
State disk etc..All these equipment run a special software, commonly referred to as firmware.Firmware is the soul of embedded device, because
There is no other softwares to constitute in addition to firmware for some embedded devices, therefore firmware is also just largely fixed insertion
The function and performance of formula equipment.
As traditional software, the firmware of embedded device generally defective or leak, can cause equipment failure or
Person's security threat.When needing to analyze the security of firmware or safeguard legacy devices, it is necessary to carry out reverse-engineering to firmware.It is inverse
Refer to engineering (Reverse Engineering) from the software product that can be run, with skills such as dis-assembling, decompilings
Art, is inversely disassembled and is analyzed to software product, derive the design principle of software product, structure, algorithm, processing procedure,
Operation method and relevant documentation etc..
In reverse-engineering, when dis-assembling firmware, it is necessary to the processor type and firmware of the running environment of known firmware
Loading plot.When carrying out reverse-engineering to embedded system firmware, we can generally obtain the processing of embedded system
Device type, and the loading plot of firmware can not be obtained.
The content of the invention
In view of this, the application provides a kind of method and apparatus that ARM firmwares loading plot is positioned based on jump list, with reality
Existing firmware loads the positioning of plot.
To achieve these goals, it is proposed that scheme it is as follows:
It is a kind of that the method that ARM firmwares load plot is positioned based on jump list, including:
Obtain the jump list of switch sentences compiling generation in firmware;
The memory address stored in the jump list is ranked up, minimum memory address is chosen and is used as the switch
The memory address of first case statement block in sentence;
Determine the offset of first case statement block;
According to the memory address and the offset of first case statement block, calculate and export the firmware dress
Carry plot.
It is preferred that, the jump list for obtaining switch sentences in firmware, including:
The instruction code of switch sentences in firmware is detected successively, to judge the instruction of current location foremost three
Whether code is followed successively by CMP instruction, LDRLS instructions and B instructions;
Detected if so, then continuing the instruction code after being instructed to the B, to obtain the jump list;
If it is not, then skipping present instruction code, next instruction code is detected.
It is preferred that, it is described to calculate and export the firmware loading plot, also include afterwards:
Judge whether all instruction codes of switch sentences in firmware detect to finish;
If so, then terminating to load firmware the position fixing process of plot;
If it is not, then continuing to detect remaining instruction code.
It is preferred that, determination first case statement block offset, including:
The instruction code of switch sentences in firmware is detected successively, when detecting the first case statement block
When, record the offset between the first case statement block and firmware file original position.
It is a kind of that the device that ARM firmwares load plot is positioned based on jump list, including:
Jump list determining unit, the jump list for obtaining switch sentences compiling generation in firmware;
Statement block memory address determining unit, for being ranked up to the memory address stored in the jump list, chooses
Minimum memory address as first case statement block in the switch sentences memory address;
Statement block shift amount determining unit, for determining first case statement block and the firmware file start bit
The offset put;
According to the memory address and the offset of first case statement block, calculate and export the firmware dress
Carry plot.
It is preferred that, the jump list determining unit specifically for:
The instruction code of switch sentences in firmware is detected successively, to judge the instruction of current location foremost three
Whether code is followed successively by CMP instruction, LDRLS instructions and B instructions;
Detected if so, then continuing the instruction code after being instructed to the B, to obtain the jump list;
If it is not, then skipping present instruction code, next instruction code is detected.
It is preferred that, in addition to:
Judging unit, is finished for judging whether all instruction codes of firmware detect;
If so, then terminating to load firmware the position fixing process of plot;
If it is not, then continuing to detect remaining instruction code.
It is preferred that, the statement block shift amount determining unit specifically for:
The instruction code of switch sentences in firmware is detected successively, when detecting first case statement block
When, record the offset between first case statement block and firmware file original position.
Through as shown from the above technical solution, ARM firmwares are positioned based on jump list load plot this application discloses a kind of
Method and apparatus.This method to the memory address stored in jump list it is determined that in firmware after the jump list of switch sentences, enter
Row sequence, and choose the memory address that minimum memory address is used as first case statement block in switch sentences.And then, really
The offset of fixed first case statement block, according to the memory address of first case statement block and the skew
Amount, calculates and exports the firmware loading plot.The present invention can be achieved to firmware load plot positioning so that realize more added with
Reverse-engineering of the effect ground to firmware.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 shows a kind of side that ARM firmwares loading plot is positioned based on jump list disclosed in one embodiment of the invention
The schematic flow sheet of method;
Fig. 2 shows the compilation model of switch sentences;
Fig. 3 shows that firmware disclosed by the invention loads schematic diagram;
Fig. 4, which is shown, a kind of disclosed in another embodiment of the present invention to be positioned ARM firmwares based on jump list and loads plot
The structural representation of device.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
Shown referring to Fig. 1 a kind of based on jump list positioning ARM firmware loading plots disclosed in one embodiment of the invention
Method schematic flow sheet.
In the present embodiment, this method includes:
S101:Obtain the jump list of switch sentences compiling generation in firmware.
Case value is continuous and is thick when there is switch sentences in the source code of firmware, and in switch
Close, gcc compilers are generally generally stored inside these case value in one jump list, and the numeral in jump list specifies institute
The memory address of some case statement blocks, the compilation model of switch sentences is shown referring to Fig. 2.
As shown in Figure 2, generally instructed before jump list for B, LDRLS instructions, be case statement after jump list
Block.Specifically, can be detected successively to the instruction code of switch sentences in firmware, the finger of current location foremost three is judged
Make whether code is followed successively by CMP instruction, LDRLS instructions and B instructions, if so, then continuing the instruction code after being instructed to the B
Detected, to obtain the jump list.If it is not, then skipping present instruction code, next instruction code is detected.
S102:The memory address stored in the jump list is ranked up, minimum memory address is chosen as described
The memory address of first case statement block in switch sentences.
Comprising n memory address in jump list, respectively addr_1, addr_2 ..., addr_n, generally, this n
Minimum memory address points to first case statement block, i.e. jt [0] after jump list in individual memory address.
S103:Determine the offset of first case statement block.
Detected specifically, compiling the instruction code produced to switch sentences in firmware successively, when detecting
When stating first case statement block, the offset between first case statement block and firmware file original position is recorded,
That is offset_case1.
S104:According to the memory address and the offset of first case statement block, calculate and export described
Firmware loads plot.
Show that firmware disclosed by the invention loads schematic diagram referring to Fig. 3.
From the figure 3, it may be seen that after the offset and memory address of case statement block are determined, you can calculate the loading base of the firmware
The plot that loads of location, i.e. firmware is equal to the memory address of case statement block and the difference of offset.
S105:Judge whether all instruction codes of firmware detect to finish.
If so, then terminating to load firmware the position fixing process of plot;
If it is not, then continuing to detect remaining instruction code.
As seen from the above embodiment, this application discloses a kind of method that ARM firmwares loading plot is positioned based on jump list.
This method to the memory address stored in jump list it is determined that in firmware after the jump list of switch sentences, be ranked up, and select
The memory address of minimum is taken as the memory address of first case statement block in switch sentences.And then, determine described first
The offset of case statement block, according to the memory address and the offset of the first case statement block, calculates and exports
The firmware loads plot.The present invention can be achieved to load firmware the positioning of plot, so as to realize more efficiently to firmware
Reverse-engineering.
Shown referring to Fig. 4 a kind of based on jump list positioning ARM firmware loading bases disclosed in another embodiment of the present invention
The structural representation of the device of location.
As shown in Figure 4, device includes:Jump list determining unit 1, statement block memory address determining unit 2, statement block skew
Measure determining unit 3, computing unit 4 and judging unit 5.
Jump list determining unit is used for the jump list for obtaining switch sentences in firmware.Specifically successively in firmware
The instruction code of switch sentences is detected, is referred to judging whether the instruction code of current location foremost three is followed successively by CMP
Make, LDRLS instructions and B are instructed, detected if so, then continuing the instruction code after being instructed to the B, to obtain the jump
Turn table, if it is not, then skipping present instruction code, next instruction code is detected.
Statement block memory address determining unit, for being ranked up to the memory address stored in the jump list, chooses
Minimum memory address as first case statement block in the switch sentences memory address.Included in usual jump list
N memory address, respectively addr_1, addr_2 ..., addr_n, it is generally, minimum interior in this n memory address
Deposit address and point to first case statement block, i.e. jt [0] after jump list.
Statement block shift amount determining unit, for determining first case statement block and the firmware file start bit
Offset between putting.
Computing unit, according to the memory address and the offset of first case statement block, calculates and exports
The firmware loads plot.
Judging unit, whether all instruction codes for judging in firmware, which detect, finishes, if so, then terminating to fill firmware
Carry the position fixing process of plot;If it is not, then continuing to detect remaining instruction code.
It should be noted that the system embodiment is corresponding with embodiment of the method, its implementation procedure is identical with principle is performed,
Therefore not to repeat here.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include be this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except also there is other identical element in the process including the key element, method, article or equipment.
The embodiment of each in this specification is described by the way of progressive, and what each embodiment was stressed is and other
Between the difference of embodiment, each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (8)
1. a kind of position the method that ARM firmwares load plot based on jump list, it is characterised in that including:
Obtain the jump list of switch sentences compiling generation in firmware;
The memory address stored in the jump list is ranked up, minimum memory address is chosen and is used as the switch sentences
In first case statement block memory address;
Determine the offset of the first case statement block;
According to the memory address and the offset of the first case statement block, calculate and export the firmware loading base
Location.
2. according to the method described in claim 1, it is characterised in that the jump for obtaining switch sentences compiling generation in firmware
Turn table, including:
The instruction code in firmware is detected successively whether be followed successively by CMP with three instruction codes for judging current location
Instruction, LDRLS instructions and B instructions;
Detected if so, then continuing the instruction code after being instructed to the B, to obtain the jump list;
If it is not, then skipping present instruction code, next instruction code is detected.
3. method according to claim 2, it is characterised in that the calculating simultaneously exports the firmware loading plot, afterwards
Also include:
Judge whether all instruction codes of firmware detect to finish;
If so, then terminating to load firmware the position fixing process of plot;
If it is not, then continuing to detect remaining instruction code.
4. according to the method described in claim 1, it is characterised in that described to determine the first case statement block offset, bag
Include:
The instruction code of switch sentences in firmware is detected successively, when detecting the first case statement block, note
Record the offset between the first case statement block and firmware file original position.
5. a kind of position the device that ARM firmwares load plot based on jump list, it is characterised in that including:
Jump list determining unit, for obtaining the jump list in the compiling generation of firmware switch sentences;
Statement block memory address determining unit, for being ranked up to the memory address stored in the jump list, chooses minimum
Memory address as first case statement block in the switch sentences memory address;
Statement block shift amount determining unit, for determining between the first case statement block and the firmware file original position
Offset;
According to the memory address and the offset of the first case statement block, calculate and export the firmware loading base
Location.
6. device according to claim 5, it is characterised in that the jump list determining unit specifically for:
The instruction code of switch sentences in firmware is detected successively, to judge the instruction code of current location foremost three
Whether CMP instruction, LDRLS instruction and B instruction are followed successively by;
Detected if so, then continuing the instruction code after being instructed to the B, to obtain the jump list;
If it is not, then skipping present instruction code, next instruction code is detected.
7. device according to claim 6, it is characterised in that also include:
Judging unit, is finished for judging whether all instruction codes of firmware detect;
If so, then terminating to load firmware the position fixing process of plot;
If it is not, then continuing to detect remaining instruction code.
8. device according to claim 1, it is characterised in that the statement block shift amount determining unit specifically for:
The instruction code of switch sentences in firmware is detected successively, when detecting first case statement block,
Record the offset between first case statement block and firmware file original position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710509790.XA CN107273177B (en) | 2017-06-28 | 2017-06-28 | Method and device for positioning ARM firmware loading base address based on jump table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710509790.XA CN107273177B (en) | 2017-06-28 | 2017-06-28 | Method and device for positioning ARM firmware loading base address based on jump table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107273177A true CN107273177A (en) | 2017-10-20 |
| CN107273177B CN107273177B (en) | 2020-08-04 |
Family
ID=60070673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710509790.XA Active CN107273177B (en) | 2017-06-28 | 2017-06-28 | Method and device for positioning ARM firmware loading base address based on jump table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107273177B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107861729A (en) * | 2017-11-08 | 2018-03-30 | 中国信息安全测评中心 | A kind of firmware loads localization method, device and the electronic equipment of plot |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030163508A1 (en) * | 2002-02-26 | 2003-08-28 | International Business Machines Corporation | Background code update for embedded systems |
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | API use action discovering and malice deciding method after confusion of multi-tier synergism |
| CN101442540A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | High speed mode matching algorithm based on field programmable gate array |
-
2017
- 2017-06-28 CN CN201710509790.XA patent/CN107273177B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030163508A1 (en) * | 2002-02-26 | 2003-08-28 | International Business Machines Corporation | Background code update for embedded systems |
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | API use action discovering and malice deciding method after confusion of multi-tier synergism |
| CN101442540A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | High speed mode matching algorithm based on field programmable gate array |
Non-Patent Citations (1)
| Title |
|---|
| 朱瑞瑾等: "一种基于匹配字符串地址判定ARM 固件装载基址的方法", 《电子学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107861729A (en) * | 2017-11-08 | 2018-03-30 | 中国信息安全测评中心 | A kind of firmware loads localization method, device and the electronic equipment of plot |
| CN107861729B (en) * | 2017-11-08 | 2021-08-24 | 中国信息安全测评中心 | Method and device for positioning firmware loading base address and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107273177B (en) | 2020-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6817014B2 (en) | Analysis of executable program code using compiler-generated function entry points and endpoints with other sources of function entry points and endpoints | |
| US6546550B1 (en) | Method to determine dynamic compilation time and to select bytecode execution mode | |
| Rul et al. | A profile-based tool for finding pipeline parallelism in sequential programs | |
| CN111125716A (en) | Method and device for detecting Ethernet intelligent contract vulnerability | |
| CN102455971B (en) | Application-level random instruction testing method, system and device | |
| CN101673236A (en) | Full-covered automatic generating method of test case package of microprocessor | |
| EP2706459B1 (en) | Apparatus and method for validating a compiler for a reconfigurable processor | |
| CN103208313B (en) | Detection method and detection system | |
| CN106295340A (en) | A kind of program file recovery system and method | |
| CN106294148A (en) | C programmer software verification method based on escape character transition system and device | |
| Zhang et al. | FaultTracer: a spectrum‐based approach to localizing failure‐inducing program edits | |
| CN105989294A (en) | Detection method and apparatus for Android package | |
| CN103324890A (en) | Method and device for detecting vulnerable local files of links | |
| CN104317715A (en) | Simulator based automatic functional test implementation method for central processing unit instruction sets | |
| CN107273177A (en) | It is a kind of that the method and apparatus that ARM firmwares load plot are positioned based on jump list | |
| CN106557412B (en) | A kind of method and device of fuzz testing | |
| US20170257287A1 (en) | Real-time quality of service monitoring apparatus and method | |
| Kang et al. | Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability | |
| Yang et al. | Memoise: a tool for memoized symbolic execution | |
| CN106886446A (en) | The verification method and device of software source code | |
| Warter | A software based approach to achieving optimal performance for signature control flow checking | |
| TWI582618B (en) | Source code error detection device and method thereof | |
| Iyer et al. | Toward application-aware security and reliability | |
| CN106529287A (en) | Method and device for automatically reinforcing application vulnerabilities | |
| Vemu et al. | Budget-dependent control-flow error detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |