Software analysis framework

US 9,286,041 B2
Filed: 06/04/2014
Issued: 03/15/2016
Est. Priority Date: 12/06/2002
Status: Expired due to Term

First Claim

Patent Images

1. A system for facilitating the analysis of software code, the system comprising:

a decompiler and analysis subsystem operating on a processor, the decompiler and analysis subsystem comprising;

means for separating the executable software code into a code section and a data section;

means for generating one or more signature files from an input set of libraries comprising at least one of industry standard libraries and analyst-generated libraries; and

means for comparing the code section of the executable software code to the one or more signature files; and

means for generating a data-flow graph from at least a portion of the code section that does not match with any of the one of more signature files,the data-flow generation comprising variablization and variable type determination.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

106 Citations

9 Claims

1. A system for facilitating the analysis of software code, the system comprising:
- a decompiler and analysis subsystem operating on a processor, the decompiler and analysis subsystem comprising;
  
  means for separating the executable software code into a code section and a data section;
  
  means for generating one or more signature files from an input set of libraries comprising at least one of industry standard libraries and analyst-generated libraries; and
  
  means for comparing the code section of the executable software code to the one or more signature files; and
  
  means for generating a data-flow graph from at least a portion of the code section that does not match with any of the one of more signature files,the data-flow generation comprising variablization and variable type determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the decompiler and analysis subsystem further comprises means for creating an intermediate representation of the executable software code comprising a complete model of the executable software code based on a data section and the code sections.
  - 3. The system of claim 2 wherein the intermediate representation comprises a data flow model and a control flow model.
  - 4. The system of claim 2 wherein the means for displaying results of the comparison comprises a graphical user interface rendered on a display device, the graphical user interface for (i) accepting user commands related to the modeling and analysis of the executable software code and (ii) wherein the graphical user interface displays the data flow model and the control flow model on the display device.
  - 5. The system of claim 1 wherein the signature files comprise a collection of software routines.
  - 6. The system of claim 1 further comprising means for creating source code files based on the intermediate representation from which the executable software code can be rendered.
  - 7. The system of claim 1 wherein the decompiler and analysis subsystem further comprises means for iteratively discovering variables contained in the executable software code.
  - 8. The system of claim 2 wherein the intermediate representation of the executable software provides a nanocode model of the executable software code whereby the decompiler and analysis subsystem compare the nanocode model to a reference nanocode model and identify discrepancies between the nanocode model and the reference nanocode model.
  - 9. The system of claim 1 further comprising means for providing one or more of processor architecture information, software compiler information, and source code parser information to the loader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veracode Incorporated (Broadcom, Inc.)
Original Assignee
Veracode Incorporated (Broadcom, Inc.)
Inventors
Rioux, Christien
Primary Examiner(s)
Khatri, Anil

Application Number

US14/295,691
Publication Number

US 20150106795A1
Time in Patent Office

650 Days
Field of Search

717140-143, 717150-152
US Class Current

1/1
CPC Class Codes

G06F 8/427 Parsing

G06F 8/53 Decompilation; Disassembly

Software analysis framework

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Software analysis framework

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links