Analyzing binary code
First Claim
1. At a computer system, a method for analyzing binary code, the method comprising:
- an act of receiving binary code;
an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
an act of determining that valid results for the query are not cached in a results store;
an act of invoking the analysis code to determine the results for the query;
an act of caching the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results; and
an act of returning the results for the query.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for analyzing binary code. Binary code is received. Code analysis rules indicative of a query related to the functionality of the binary code are received. The query is implemented in analysis code configured to determine results of the query. It is determined if valid cached results for the query are cached in a results store. If not, the analysis code is invoked to determine the results for the query and the results are cached. Accordingly, when the query is received in the future, the results can be accessed from the results store without having to invoke the analysis code to determine the results. If so, the cached results are retrieved so as to avoid further invocation of the analysis code. The results are returned.
18 Citations
20 Claims
-
1. At a computer system, a method for analyzing binary code, the method comprising:
-
an act of receiving binary code;
an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
an act of determining that valid results for the query are not cached in a results store;
an act of invoking the analysis code to determine the results for the query;
an act of caching the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results; and
an act of returning the results for the query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. At a computer system, a method for analyzing binary code, the method comprising:
-
an act of receiving binary code;
an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
an act of determining that cached results for the query are cached in a results store, the cached results cached in the results store subsequent to an invocation of the analysis code used to determine the results of the query;
an act of determining that the cached results are valid;
an act of retrieving the cached results so as to avoid further invocation of the analysis code; and
an act of returning the cached results. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer system, comprising:
-
one or more processors;
system memory; and
one or more computer-readable storage media have stored thereon computer-executable instructions of a code analysis module, the code analysis module configured to perform the following;
receive binary code;
receive code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
determine if valid cached results for the query are cached in a results store;
when valid results are not cached;
invoke the analysis code to determine the results for the query; and
cache the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results;
when valid results are cached;
retrieve the cached results so as to avoid further invocation of the analysis code; and
return the results for the query. - View Dependent Claims (19, 20)
-
Specification