Disassembling an executable binary
First Claim
Patent Images
1. A method performed by at least one computer processing unit for disassembling an executable binary, the method comprising:
- identifying a plurality of potential address references included in the executable binary, wherein the identifying includes excluding at least some values included in the executable binary that do not represent potential addresses in the executable binary; and
generating a plurality of assembler source code instructions by disassembling the executable binary at one or more sequential addresses starting at individual potential address references,wherein the disassembling comprises;
assigning confidence codes to the individual potential address references, the confidence codes reflecting relative confidence that the individual potential address references are valid address references;
comparing the confidence codes to resolve a conflict between two different source code streams that overlap in memory, wherein the two different source code streams are generated from two distinct potential address references from the plurality of potential address references; and
discarding one of the two different source code streams that overlap in memory based on the confidence codes.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for disassembling an executable binary (binary). In one implementation, a plurality of potential address references may be identified based on the binary and a plurality of storage addresses containing the binary. A plurality of assembler source code instructions (instructions) may be generated by disassembling the binary. The binary may be disassembled at one or more sequential addresses starting at each of the plurality of potential address references.
39 Citations
20 Claims
-
1. A method performed by at least one computer processing unit for disassembling an executable binary, the method comprising:
-
identifying a plurality of potential address references included in the executable binary, wherein the identifying includes excluding at least some values included in the executable binary that do not represent potential addresses in the executable binary; and generating a plurality of assembler source code instructions by disassembling the executable binary at one or more sequential addresses starting at individual potential address references, wherein the disassembling comprises; assigning confidence codes to the individual potential address references, the confidence codes reflecting relative confidence that the individual potential address references are valid address references; comparing the confidence codes to resolve a conflict between two different source code streams that overlap in memory, wherein the two different source code streams are generated from two distinct potential address references from the plurality of potential address references; and discarding one of the two different source code streams that overlap in memory based on the confidence codes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-readable memory device, optical storage device, or magnetic storage device having stored thereon computer-executable instructions which, when executed by a computer, cause the computer to perform acts comprising:
-
identifying a plurality of potential address references included in an executable binary, wherein the identifying includes excluding at least some values included in the executable binary that do not represent potential addresses in the executable binary; and generating a plurality of assembler source code instructions by disassembling the executable binary based on the plurality of potential address references, wherein the disassembling comprises; assigning confidence codes to individual potential address references, the confidence codes reflecting relative confidence that the individual potential address references are valid address references; comparing the confidence codes to resolve a conflict between two different source code streams that overlap in memory, wherein the two different source code streams are generated from two distinct potential address references from the plurality of potential address references; and discarding one of the two different source code streams that overlap in memory based on the confidence codes. - View Dependent Claims (14)
-
-
15. A computer system, comprising:
-
at least one processing unit; and a memory comprising program instructions which, when executed by the at least one processing unit, cause the at least one processing unit to; identify a plurality of potential address references in an executable binary, the plurality of potential address references excluding at least some values included in the executable binary that do not represent potential addresses in the executable binary; and generate a plurality of assembler source code instructions by disassembling the executable binary based on the plurality of potential address references; wherein, to disassemble the executable binary, the program instructions further cause the at least one processing unit to; assign major confidence codes to individual potential address references, the major confidence codes reflecting relative confidence that the individual potential address references are valid address references; compare the major confidence codes of two different source code streams that overlap in memory to resolve a conflict between the two different source code streams, wherein the two different source code streams are generated from two distinct potential address references from the plurality of potential address references; and discard one of the two different source code streams that overlap in memory based on the major confidence codes. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification