Function entry detection is critical for security of binary code . Call frames have been used inexception-handling for function start detection . But existing methods have two problems: combining call frames with heuristic-based approaches often brings error and uncertain benefits . In this paper, we first study the coverage and accuracy of existing approaches in detecting function starts using call frames . We found that recursive disassembly with call frames can maximize coverage, and usingextra heuristic based approaches does not improve coverage and actually hurts accuracy . Second, we unveil call-frame errors and develop the first approach tofix them, making their use more reliable .

Author(s) : Chengbin Pang, Ruotong Yu, Dongpeng Xu, Eric Koskinen, Georgios Portokalidis, Jun Xu

Links : PDF - Abstract

Code :

Keywords : call - frames - function - coverage - detection -

Leave a Reply

Your email address will not be published. Required fields are marked *