Software analysis framework
First Claim
1. A system for facilitating the analysis of software code, the system comprising:
- a decompiler and analysis subsystem operating on a processor, the decompiler and analysis subsystem comprising;
means for separating the executable software code into a code section and a data section;
means for generating one or more signature files from an input set of libraries comprising at least one of industry standard libraries and analyst-generated libraries; and
means for comparing the code section of the executable software code to the one or more signature files; and
means for generating a data-flow graph from at least a portion of the code section that does not match with any of the one of more signature files,the data-flow generation comprising variablization and variable type determination.
5 Assignments
0 Petitions
Accused Products
Abstract
Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.
106 Citations
9 Claims
-
1. A system for facilitating the analysis of software code, the system comprising:
-
a decompiler and analysis subsystem operating on a processor, the decompiler and analysis subsystem comprising; means for separating the executable software code into a code section and a data section; means for generating one or more signature files from an input set of libraries comprising at least one of industry standard libraries and analyst-generated libraries; and means for comparing the code section of the executable software code to the one or more signature files; and means for generating a data-flow graph from at least a portion of the code section that does not match with any of the one of more signature files, the data-flow generation comprising variablization and variable type determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification