CN114816436A - Source code analysis device based on disassembling - Google Patents
Source code analysis device based on disassembling Download PDFInfo
- Publication number
- CN114816436A CN114816436A CN202210254233.9A CN202210254233A CN114816436A CN 114816436 A CN114816436 A CN 114816436A CN 202210254233 A CN202210254233 A CN 202210254233A CN 114816436 A CN114816436 A CN 114816436A
- Authority
- CN
- China
- Prior art keywords
- instruction
- address
- data
- code
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/74—Reverse engineering; Extracting design information from source code
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a source code analysis device based on disassembly, which comprises an input module, an instruction and data separation module and an instruction disassembly module, wherein the input module is used for reading a target code to a memory; the instruction and data separation module is used for analyzing the target code read by the input module to separate instruction code and data; and the instruction disassembling module is used for respectively disassembling the instruction codes and the data of the object codes and generating an assembling file corresponding to the object codes. The source code analysis device firstly separates the instruction codes and the data in the object codes, can directly carry out targeted processing on the instruction codes and the data when a disassembling tool is used for disassembling, avoids the interference of the data on disassembling work of the instruction codes, and improves disassembling efficiency.
Description
Technical Field
The invention belongs to the technical field of software analysis, and particularly relates to a source code analysis device based on disassembly.
Background
Reverse engineering, also known as software reverse engineering, refers to the process of reversely disassembling and analyzing the structure, flow, algorithm, code, etc. of software by using various computer technologies such as disassembling, system analysis, program understanding, etc. from an executable program system to derive the source code, design principle, structure, algorithm, processing procedure, operation method, related documents, etc. of a software product. It can be simply understood that a new system profile is constructed by identifying and analyzing the source code of the computer software. The method carries out basic analysis on an original system of computer software, then identifies the components of the system software, and constructs a brand-new and high-level software system by clarifying the relationship of each component of the software. Generally, the whole process of performing reverse analysis on software is referred to as software reverse engineering, and the technologies adopted in the process are referred to as software reverse engineering technologies.
The software reverse technology can explore the vulnerability of the current software protection, and has a purpose of examining the protection of the current software result, or realizes the debugging and the functional repair of the software under the condition of a production environment passive code. Or by examining the malicious program and then performing the restriction of malicious behaviors, etc.
Decompilation techniques can be divided into two broad categories, one is for virtual machine decompilation, i.e., bytecode-based decompilation, and the other is for true machine instruction decompilation, i.e., machine code-based decompilation. The former is for decompilation of virtual machines and the latter is for real decompilation.
Compilation from a high level language (C + +) to a lowest level language (assembly) is the work of a compiler, but this process is not completely reversible. Currently, a great deal of research has been conducted to develop some disassembling tools, which can help users disassemble object codes into assembly codes or source codes to some extent, such as ILspy and the like, but such tools cannot separate instruction codes and data in object codes, and require users to manually separate or directly disassemble all codes, which increases the workload of disassembling work, and thus the disassembling efficiency is reduced. In addition, the tools cannot distinguish the user-defined function from the system library function, so that the two types of functions are indiscriminately disassembled, the disassembling workload is increased, and the disassembling error rate is even increased.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a source code analysis device based on disassembly.
In order to achieve the purpose, the invention adopts the following technical scheme:
a source code analysis device based on disassembly comprises an input module, an instruction and data separation module and an instruction disassembly module, wherein,
the input module is used for reading the target code to the memory;
the instruction and data separation module is used for analyzing the target code read by the input module to separate instruction code and data;
and the instruction disassembling module is used for respectively disassembling the instruction codes and the data of the object codes and generating an assembling file corresponding to the object codes.
In the above source code parsing apparatus based on disassembling, the input module reads the object code into the memory by:
A1. reading a plurality of bytes from the target binary format file and storing the bytes in the Content object;
A2. storing the Content object into a Vector container;
A3. steps A1 and A2 are repeated until the end of the file.
In the above source code parsing apparatus based on disassembly, the instruction and data separation module separates the instruction code and the data by:
B1. tracing instruction control flow, traversing and identifying each instruction;
B2. the code portions reachable by the instruction stream are identified as instruction codes, and the remaining portions are identified as data.
In the source code parsing apparatus based on disassembly described above, in step B1, the instruction and data separation module tracks instruction control flow by:
B11. setting the PC value to 0;
B12. fetching a specific Content object from a Vector container;
B13. marking the fetched Content object as an instruction, and marking the instruction as accessed;
B14. judging whether the instruction identified in the step B13 is a program ending instruction, if so, executing a step B15, otherwise, executing a step B16;
B15. continuously judging whether the display table is empty, if so, ending the tracking, otherwise, taking out one Elem element from the display table, judging whether the instruction at the addr address in the Elem element has been accessed, if not, recovering the current field information including the PC value and returning to the step B12, if so, judging whether the instruction at the addr address in the next Elem element has been accessed, and ending the tracking until all the Elem elements are traversed;
B16. and further judging whether the instruction identified in the B13 is a branch instruction, if so, updating the PC value, the display table and the return table according to the specific branch instruction, otherwise, increasing the PC by itself and returning to the step B12.
In the above source code analysis apparatus based on disassembly, the specific steps of updating the PC value, the display table, and the return table in step B16 are as follows:
if the instruction is an unconditional branch instruction, filling a segment table with the address of the instruction, filling a segment table with an explicit address of the instruction, and taking the explicit address as the current PC address;
if the branch instruction is an unconditional branch instruction subprogram calling instruction, filling a segment table of an address where the instruction is located, filling a return address into a return address table, filling a segment table of an explicit address, and taking the explicit address as a current PC address;
if the return instruction is the return instruction in the unconditional transfer instruction, finding a return address in a return address table according to a 'last-in first-out' principle, filling a segment table of the address where the instruction is located, returning the address to the segment table, and taking the return address as the current PC address;
if the instruction is a binary point instruction, filling the explicit address into an explicit address table, and then taking the implicit address as the current PC address.
In the above source code parsing apparatus based on disassembly, the instruction disassembly module performs disassembly by:
C1. sequentially taking out the objects from the Vector container, and judging whether the objects are instruction codes or data according to the separation result of the instruction and data separation module;
C2. if the object is an instruction code, disassembling the instruction code into an assembly instruction form; if so, the data is translated into a value of the data.
In the above source code parsing apparatus based on disassembling, the apparatus further includes a function identification module for identifying a library function, where the function identification module is configured to perform the following steps:
C3. normalizing the assembly instruction code into an intermediate code;
C4. extracting a library function, and identifying a system library function and a user-defined function;
C5. and recovering key information of the user-defined function, including name, parameter number, return value and type.
In the above-described disassembly-based source code analysis device, in step C4, the library function is extracted by dynamically debugging the intermediate code.
In the source code parsing apparatus based on disassembly described above, in step C4, the user-defined function is identified by:
D1. a number of calling statements are prepared which have only one library function and only different callers exist in terms of the parameters of the calling function,
D2. executing the calling programs prepared in the step D1, and determining the function with the effective operation instruction fixed as the user-defined function.
In the source code analysis apparatus based on disassembly described above, the user-defined function determined in step D2 is address-checked, the function of the highest address is selected, and the function and all functions of lower addresses are determined as the user-defined function.
The invention has the advantages that:
1. the source code analysis device firstly separates the instruction codes and the data in the object codes, and can directly carry out targeted processing on the instruction codes and the data when a disassembling tool is used for disassembling, so that the interference of the data on disassembling work of the instruction codes is avoided, and the disassembling efficiency is improved;
2. the Vector container is used for storing the Content object, so that Content extraction and marking are facilitated, and instruction control flow is tracked subsequently;
3. tracking the instruction control flow by tracking the PC value can ensure that each instruction is traversed, thereby ensuring the thorough separation of the instruction code and the data and ensuring the separation effect;
4. before the assembly file is processed, the user-defined function is identified, the user-defined function and the system library function are separated, and key information of the user-defined function is restored, so that the subsequent restoration work of the source code level code is facilitated.
Drawings
FIG. 1 is a flow chart of a method of a source code parsing apparatus based on disassembly according to the present invention;
FIG. 2 is a flowchart illustrating the operation of an input module in the disassembled source code parser according to the present invention;
FIG. 3 is a flowchart illustrating the operation of separating data and instruction codes in the disassembled source code parser according to the present invention;
FIG. 4 is a flowchart illustrating the operation of an instruction disassembling module in the disassembling-based source code analyzing apparatus according to the present invention;
FIG. 5 is a flowchart illustrating the specific processing of data and instruction codes by the instruction disassembling module in the disassembling-based source code analyzing apparatus according to the present invention;
FIG. 6 is a diagram illustrating the location layout of functions in a memory.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, the present embodiment discloses a source code parsing apparatus based on disassembly, which includes an input module, an instruction and data separation module, and an instruction disassembly module, wherein,
the input module is used for reading the target code to the memory;
the instruction and data separation module is used for analyzing the target code read by the input module to separate instruction code and data;
and the instruction disassembling module is used for respectively disassembling the instruction codes and the data of the object codes and generating an assembling file corresponding to the object codes.
Specifically, first, a Vector container of a Content object is defined, and as shown in fig. 2, the input module reads a file in binary format from an external file by the following means:
A1. firstly, defining a Content object, reading a plurality of bytes from a target binary format file and storing the bytes in the Content object; the number of bytes read at a time is determined by those skilled in the art on a case-by-case basis, e.g., 4 bytes at a time for disassembly of a 32-bit instruction;
A2. storing the Content object into a Vector container;
A3. steps A1 and A2 are repeated until the end of the file.
Specifically, the instruction and data separation module separates instruction codes and data by:
B1. tracing instruction control flow, traversing and identifying each instruction;
B2. the code portions reachable by the instruction stream are identified as instruction codes, and the remaining portions are identified as data.
Specifically, as shown in FIG. 3, in step B1, the instruction and data separation module tracks instruction control flow by:
B11. setting the PC value to 0;
B12. taking a specific Content object from the Vector container, for example, when an instruction of a 32-bit operating system is decompiled, since each instruction is stored as 4 bytes in the 32-bit operating system, the specific Content object refers to a Content object with the index of PC/4, which represents that the PC address is divided by 4 and then rounded, and represents the ending address of each 4-byte instruction, namely the starting address of the instruction;
B13. marking the fetched Content object as an instruction, and marking the instruction as accessed;
B14. judging whether the instruction identified in the step B13 is a program ending instruction, if so, executing a step B15, otherwise, executing a step B16;
B15. continuously judging whether the display list is empty, if so, ending tracking, otherwise, taking out an Elem element from the display list, if not, representing an Elem instruction for calling a stack in a chain, and the instructions still map a Content object in a Vector container, so that the process is repeated in the separation process until the display list has no Elem element to realize complete separation effect;
judging whether the instruction at the addr address in the Elem element is accessed, if not, recovering the current field information including the PC value and returning to the step B12, namely, pushing the data at the addr address, if so, judging whether the instruction at the addr address in the next Elem element is accessed, and ending the tracking until all the Elem elements are traversed;
B16. and further judging whether the instruction identified in the B13 is a branch instruction, if so, updating the PC value, the display table and the return table according to the specific branch instruction, otherwise, increasing the PC by itself and returning to the step B12. The step is a loop traversal process, and is used for performing stack pushing operation on the return table and the display table of the identified instructions conforming to the instruction transfer representation. The return table is used for recording a return address when the program is called; when a double branch instruction is encountered, the display address and the field (the value of each register of the program) are filled in the display table.
Specifically, in step B16, the specific steps of updating the PC value, the display table, and the return table are as follows:
if it is an unconditional branch instruction (B instruction, MOV PC, 0x16), the address of the instruction is filled in the field table, its explicit address is filled in the field table, and the explicit address is used as the current PC address;
if the instruction is an unconditional branch instruction subprogram call instruction (BL instruction), filling a segment table of an address where the instruction is located, filling a return address into a return address table, filling a segment table of an explicit address, and taking the explicit address as a current PC address;
if the instruction is a return instruction (MOV PC, LR) in the unconditional branch instruction, finding a return address in a return address table according to a 'last-in first-out' principle, filling a segment table of the address where the instruction is located, returning the address to the segment table, and taking the return address as the current PC address;
if it is a binary point instruction (BEQ, MOVEQ PC, 0x16, etc.), the explicit address is filled into the explicit address table (the register value at that time is also saved) and then the implicit address is taken as the current PC address.
The segment table is used for filling the branch addresses of all branch instructions except the conditional branch into the table, and comprises the instruction address and the steering address. The code segments of a plurality of segments can be obtained through the segment table, so that the codes are clearer and are convenient for subsequent work such as disassembling and the like. Further, as shown in fig. 4 and 5, the instruction disassembling module disassembles the instructions by:
C1. sequentially taking out the objects from the Vector container, and judging whether the objects are instruction codes or data according to the separation result of the instruction and data separation module;
C2. if the object is an instruction code, disassembling the instruction code into an assembly instruction form; if so, the data is translated into a value of the data. The codes are separated firstly, so that the disassembler can disassemble the instruction codes in a targeted manner respectively, data are directly translated, and the disassembling efficiency is improved.
Further, the apparatus further comprises a function identification module for identifying the library function, wherein the function identification module is configured to perform the following steps:
C3. normalizing assembly instruction code to intermediate code
(Low2level IntermediatedLanguage, LIL), and constructing various symbol tables in the conversion process for later work;
C4. extracting a library function through a dynamic debugging intermediate code and identifying a system library function and a user-defined function; the dynamic debugging means that a program is enabled to run, and dynamic debugging tools such as Ollydbg and the like can be adopted.
C5. And recovering key information of the user-defined function, including name, parameter number, return value and type.
The intermediate code is an internal representation of a source program, does not depend on the structure of a target machine, and the normalization of assembly instructions into the intermediate code and the subsequent work are beneficial to the development and the migration (robustness) of a compiler program and can help a user to optimize the code more conveniently.
The instruction disassembling module can adopt an assembling tool which can only realize assembling, can also adopt an assembling tool which can realize assembling and compiling, and the latter is preferred in the scheme. And the function identification module can be embedded into the assembly tool and can also be accessed into the assembly tool, when an access mode is adopted, the disassembly tool assembles the object code to obtain an assembly file, then the assembly file is output to the function identification module to carry out function identification, the function identification module returns the identification result to the disassembly tool, and then the disassembly tool continues to carry out work such as control flow analysis, data type analysis and the like on the system library function and the user-defined function respectively to complete compilation work so as to obtain a disassembly result at a source code level. The user-defined function and the system library function are respectively opened, and then the assembly tool is used for control flow analysis and data type analysis, so that the influence of the user-defined data on disassembling work can be avoided, the disassembling efficiency is improved, and the disassembling error rate is reduced.
Specifically, in step C4, the user-defined function is identified by:
D1. preparing a plurality of calling programs which only have one library function calling statement and only have different calling programs in the aspect of calling parameters of the function;
D2. executing the calling programs prepared in the step D1, and determining the function with the effective operation instruction fixed as the user-defined function. The effective operation instruction refers to an operation code of a user-defined library function instruction, the operation code of the user-defined library function instruction is fixed and unchangeable, the problem of address relocation cannot occur in the process of compiling and linking, and the influence of compilers of different versions and compiling optimization cannot be caused. Therefore, the effective operation instruction of the same library function is unchanged in different calling programs, so that the library function customized by the user can be separated from the system library function through the steps.
Further, the user-defined functions determined in step D2 are address checked, the function of the highest address is selected, and the function and all functions of lower addresses are determined as user-defined functions. As shown in fig. 6, the user-defined library functions have their codes stored continuously in the same order as their defined order in the source program, and the user-defined library function codes are located at low addresses and the system library function codes are located at high addresses, so that the user-defined library functions can be effectively separated from the system library functions by this method.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Although terms such as input module, instruction and data separation module, function identification module, instruction disassembly module, etc. are used more often herein, the possibility of using other terms is not excluded. These terms are used merely to more conveniently describe and explain the nature of the present invention; they are to be construed as being without limitation to any additional limitations that may be imposed by the spirit of the present invention.
Claims (10)
1. A source code analysis device based on disassembly is characterized by comprising an input module, an instruction and data separation module and an instruction disassembly module, wherein,
the input module is used for reading the target code to the memory;
the instruction and data separation module is used for analyzing the target code read by the input module to separate instruction code and data;
and the instruction disassembling module is used for respectively disassembling the instruction codes and the data of the object codes and generating an assembling file corresponding to the object codes.
2. The apparatus according to claim 1, wherein the input module reads the object code into the memory by:
A1. reading a plurality of bytes from the target binary format file and storing the bytes in the Content object;
A2. storing the Content object into a Vector container;
A3. steps A1 and A2 are repeated until the end of the file.
3. The apparatus according to claim 2, wherein the instruction and data separation module separates the instruction code and the data by:
B1. tracing instruction control flow, traversing and identifying each instruction;
B2. the code portions reachable by the instruction stream are identified as instruction codes, and the remaining portions are identified as data.
4. The apparatus of claim 3, wherein in step B1, the instruction and data separation module tracks instruction control flow by:
B11. setting the PC value to 0;
B12. fetching a specific Content object from a Vector container;
B13. marking the fetched Content object as an instruction, and marking the instruction as accessed;
B14. judging whether the instruction identified in the step B13 is a program ending instruction, if so, executing a step B15, otherwise, executing a step B16;
B15. continuously judging whether the display table is empty, if so, ending the tracking, otherwise, taking out one Elem element from the display table, judging whether the instruction at the addr address in the Elem element has been accessed, if not, recovering the current field information including the PC value and returning to the step B12, if so, judging whether the instruction at the addr address in the next Elem element has been accessed, and ending the tracking until all the Elem elements are traversed;
B16. and further judging whether the instruction identified in the B13 is a branch instruction, if so, updating the PC value, the display table and the return table according to the specific branch instruction, otherwise, increasing the PC by itself and returning to the step B12.
5. The apparatus for parsing source code according to claim 4, wherein the step B16 comprises the following steps:
if the instruction is an unconditional branch instruction, filling a segment table with the address of the instruction, filling a segment table with an explicit address of the instruction, and taking the explicit address as the current PC address;
if the branch instruction is an unconditional branch instruction subprogram calling instruction, filling a segment table of an address where the instruction is located, filling a return address into a return address table, filling a segment table of an explicit address, and taking the explicit address as a current PC address;
if the return instruction is the return instruction in the unconditional transfer instruction, finding a return address in a return address table according to a 'last-in first-out' principle, filling a segment table of the address where the instruction is located, returning the address to the segment table, and taking the return address as the current PC address;
if the instruction is a binary point instruction, filling the explicit address into an explicit address table, and then taking the implicit address as the current PC address.
6. The apparatus of claim 5, wherein the instruction disassembling module is configured to disassemble the assembly by:
C1. sequentially taking out the objects from the Vector container, and judging whether the objects are instruction codes or data according to the separation result of the instruction and data separation module;
C2. if the object is an instruction code, disassembling the instruction code into an assembly instruction form; if so, the data is translated into a value of the data.
7. The apparatus according to claim 6, further comprising a function identification module for identifying library functions, wherein the function identification module is configured to perform the following steps:
C3. normalizing the assembly instruction code into an intermediate code;
C4. extracting a library function, and identifying a system library function and a user-defined function;
C5. and recovering key information of the user-defined function, including name, parameter number, return value and type.
8. The apparatus according to claim 7, wherein in step C4, the library function is extracted by dynamically debugging the intermediate code.
9. The apparatus according to claim 8, wherein in step C4, the user-defined function is identified by:
D1. a number of calling statements are prepared which have only one library function and only different callers exist in terms of the parameters of the calling function,
D2. executing the calling programs prepared in the step D1, and determining the function with the effective operation instruction fixed as the user-defined function.
10. The apparatus of claim 9, wherein the user-defined functions determined in step D2 are address checked, the function with the highest address is selected, and the function and all functions with lower addresses are determined as user-defined functions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210254233.9A CN114816436A (en) | 2022-03-15 | 2022-03-15 | Source code analysis device based on disassembling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210254233.9A CN114816436A (en) | 2022-03-15 | 2022-03-15 | Source code analysis device based on disassembling |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114816436A true CN114816436A (en) | 2022-07-29 |
Family
ID=82528080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210254233.9A Pending CN114816436A (en) | 2022-03-15 | 2022-03-15 | Source code analysis device based on disassembling |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114816436A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116501378A (en) * | 2023-06-27 | 2023-07-28 | 武汉大数据产业发展有限公司 | Implementation method and device for reverse engineering reduction source code and electronic equipment |
-
2022
- 2022-03-15 CN CN202210254233.9A patent/CN114816436A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116501378A (en) * | 2023-06-27 | 2023-07-28 | 武汉大数据产业发展有限公司 | Implementation method and device for reverse engineering reduction source code and electronic equipment |
| CN116501378B (en) * | 2023-06-27 | 2023-09-12 | 武汉大数据产业发展有限公司 | Implementation method and device for reverse engineering reduction source code and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| David et al. | Neural reverse engineering of stripped binaries using augmented control flow graphs | |
| CN110287702B (en) | Binary vulnerability clone detection method and device | |
| Kinder et al. | An abstract interpretation-based framework for control flow reconstruction from binaries | |
| CN102360334B (en) | Dynamic and static combined software security test method | |
| US6260190B1 (en) | Unified compiler framework for control and data speculation with recovery code | |
| US20110138373A1 (en) | Method and apparatus for globally optimizing instruction code | |
| US20040268331A1 (en) | General purpose intermediate representation of software for software development tools | |
| US10459707B2 (en) | Instruction-set simulator and its simulator generation method | |
| Kalysch et al. | VMAttack: Deobfuscating virtualization-based packed binaries | |
| CN102867144B (en) | A kind of for detecting the method and apparatus with dump virus | |
| WO2018093443A1 (en) | Automated reverse engineering | |
| US8332833B2 (en) | Procedure control descriptor-based code specialization for context sensitive memory disambiguation | |
| Liu et al. | Binary code analysis | |
| US6684394B1 (en) | Relocation format for linking with relocation instructions containing operations for combining section data | |
| CN106055343A (en) | Program evolution model-based object code reverse engineering system | |
| EP1085411B1 (en) | A relocation format for linking | |
| CN106126225B (en) | A kind of object code reverse engineering approach based on program evolution model | |
| CN114816436A (en) | Source code analysis device based on disassembling | |
| US6704928B1 (en) | Relocation format for linking | |
| Cesare et al. | Wire--a formal intermediate language for binary analysis | |
| CN114253554A (en) | Code processing method and device and storage medium | |
| CN114816435A (en) | Software development method based on reverse technology | |
| KR102671575B1 (en) | A technique to BinDiff cross architecture binaries | |
| CN116775127A (en) | Static symbol execution pile inserting method based on RetroWrite framework | |
| Cao et al. | Brewasm: a general static binary rewriting framework for webassembly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |