Analyzing binary code

US 20070174817A1
Filed: 01/26/2006
Published: 07/26/2007
Est. Priority Date: 01/26/2006
Status: Active Grant

First Claim

Patent Images

1. At a computer system, a method for analyzing binary code, the method comprising:

an act of receiving binary code;

an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;

an act of determining that valid results for the query are not cached in a results store;

an act of invoking the analysis code to determine the results for the query;

an act of caching the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results; and

an act of returning the results for the query.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for analyzing binary code. Binary code is received. Code analysis rules indicative of a query related to the functionality of the binary code are received. The query is implemented in analysis code configured to determine results of the query. It is determined if valid cached results for the query are cached in a results store. If not, the analysis code is invoked to determine the results for the query and the results are cached. Accordingly, when the query is received in the future, the results can be accessed from the results store without having to invoke the analysis code to determine the results. If so, the cached results are retrieved so as to avoid further invocation of the analysis code. The results are returned.

18 Citations

View as Search Results

20 Claims

1. At a computer system, a method for analyzing binary code, the method comprising:
- an act of receiving binary code;
  
  an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
  
  an act of determining that valid results for the query are not cached in a results store;
  
  an act of invoking the analysis code to determine the results for the query;
  
  an act of caching the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results; and
  
  an act of returning the results for the query.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the act of receiving binary code comprises an act of receiving at least one of compiled source code and intermediate language instructions.
  - 3. The method as recited in claim 1, wherein the act of receiving code analysis rules comprises an act of receiving code analysis rules for analyzing characteristics of binary code.
  - 4. The method as recited in claim 1, wherein the act of receiving code analysis rules for analyzing characteristics of binary code comprises an act of receiving code analysis rules for analyzing one or more of security settings associated with the binary code, conformance with design guidelines of the binary code, and functionality of the binary code.
  - 5. The method as recited in claim 1, wherein the act of determining that valid results for the query are not cached in a results store an act of determining that there are no results for the query cached in the results store.
  - 6. The method as recited in claim 1, wherein the act of determining that valid results for the query are not cached in a results store comprises an act of determining that invalid results for the query are cached in the results store.
  - 7. The method as recited in claim 6, wherein the act of determining that invalid results for the query are cached in the results store comprises an act of determining that at least one of a time stamp and checksum corresponding to the received binary code differ from a cached time stamp and checksum corresponding to previously generated results for the code query respectively.
  - 8. The method as recited in claim 1, wherein the act of invoking the analysis code to determine the results for the query comprises an act of invoking analysis code included in a code analysis module that received the binary code and the code query.
  - 9. The method as recited in claim 1, wherein the act of invoking the analysis code to determine the results for the query comprises an act of invoking analysis code from a plug-in that is external to an analysis module that received the binary code and the code query.
  - 10. The method as recited in claim 1, wherein the act of invoking the analysis code to determine the results for the query comprises an act of analyzing the binary code to calculate one or more of result codes that can be returned by a function, whether a call site can possibly return a memory allocation, a call graph for a function, constraints of variables and parameters, whether a value may or may not be NULL, and aggregate security permissions.
  - 11. The method as recited in claim 1, wherein the act of caching the results in the results store comprises an act of caching the results at a results store that is network connectable to the computer system that received the binary code.

12. At a computer system, a method for analyzing binary code, the method comprising:
- an act of receiving binary code;
  
  an act of receiving code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
  
  an act of determining that cached results for the query are cached in a results store, the cached results cached in the results store subsequent to an invocation of the analysis code used to determine the results of the query;
  
  an act of determining that the cached results are valid;
  
  an act of retrieving the cached results so as to avoid further invocation of the analysis code; and
  
  an act of returning the cached results.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method as recited in claim 12, wherein the act of receiving binary code comprises an act of receiving compiled source code.
  - 14. The method as recited in claim 12, wherein the act of receiving code analysis rules comprises an act of receiving code analysis rules for analyzing characteristics of binary code.
  - 15. The method as recited in claim 12, wherein the act of receiving code analysis rules for analyzing characteristics of binary code comprises an act of receiving code analysis rules for analyzing one or more of security settings associated with the binary code, conformance with design guidelines of the binary code, and functionality of the binary code.
  - 16. The method as recited in claim 12, wherein the act of determining that cached results for the query are valid comprises act of determining that a time stamp and checksum corresponding to the received binary code match a cached time stamp and checksum corresponding to previously generated results for the code query respectively.
  - 17. The method as recited in claim 12, wherein the act of retrieving the cached results comprises an act of retrieving cached results from a results store that is network connectable to the computer system that received the binary code.

18. A computer system, comprising:
- one or more processors;
  
  system memory; and
  
  one or more computer-readable storage media have stored thereon computer-executable instructions of a code analysis module, the code analysis module configured to perform the following;
  
  receive binary code;
  
  receive code analysis rules, at least one code analysis rule indicative of a query related to the functionality of the binary code, the query implemented in analysis code configured to determine results of the query;
  
  determine if valid cached results for the query are cached in a results store;
  
  when valid results are not cached;
  
  invoke the analysis code to determine the results for the query; and
  
  cache the results in the results store such that when the query is received in the future the results can be accessed from the results store without having to invoke the analysis code to determine the results;
  
  when valid results are cached;
  
  retrieve the cached results so as to avoid further invocation of the analysis code; and
  
  return the results for the query.
- View Dependent Claims (19, 20)
- - 19. The computer system as recited in claim 18, wherein the code analysis module being configured to determine if valid cached results for the query are cached in a results store comprises the analysis module being configured to determine if a time stamp and checksum corresponding to the received binary code match a cached time stamp and checksum corresponding to previously generated results for the code query respectively.
  - 20. The computer system as recited in claim 18, the code analysis module including an analysis engine and a cache interface module, wherein the code analysis module being configured to return the results for the query comprises the cache interface module being configured to return results to the analysis engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Guerrera, Nicholas, Fanning, Michael, Gogh, Jeffrey

Granted Patent

US 7,836,433 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/124
CPC Class Codes

G06F 11/3612   by runtime analysis perform...

G06F 11/3688   for test execution, e.g. sc...

G06F 8/433   Dependency analysis; Data o...

Analyzing binary code

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Analyzing binary code

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links