Dynamic call tracking method based on CPU interrupt instructions to improve disassembly quality of indirect calls
First Claim
Patent Images
1. A method for disassembling compiled object code, the method comprising:
- disassembling a binary executable object to generate assembly language source code, wherein the assembly language source code includes one or more indirect function calls and wherein each indirect function call corresponds to a function dynamically identified using an address identified when executing the assembly language source code;
converting one or more of the indirect function calls to one or more central processing unit (CPU) interrupt instructions;
executing the assembly language source code;
upon reaching the interrupt instruction to which each indirect function call was converted while executing the assembly language source code, determining a register value stored in a register specified in the indirect function call, wherein the register value specifies a memory address of the identified function; and
for each interrupt instruction, replacing, in the assembly language source code, the register specified in the indirect function call that was converted to the interrupt instruction with a function name corresponding to the register value, and invoking the identified function.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments presented herein describe techniques to track and correct indirect function calls in disassembled object code. Assembly language source code is generated from a binary executable object. The assembly language source code may include indirect function calls. Memory addresses associated with the function calls are identified. A central processing unit (CPU) interrupt instruction is inserted in the disassembled source code at each indirect function call. The disassembled source code is executed. When the interrupt at each indirect function call is triggered, the function name of a function referenced by a register may be determined.
-
Citations
20 Claims
-
1. A method for disassembling compiled object code, the method comprising:
-
disassembling a binary executable object to generate assembly language source code, wherein the assembly language source code includes one or more indirect function calls and wherein each indirect function call corresponds to a function dynamically identified using an address identified when executing the assembly language source code; converting one or more of the indirect function calls to one or more central processing unit (CPU) interrupt instructions; executing the assembly language source code; upon reaching the interrupt instruction to which each indirect function call was converted while executing the assembly language source code, determining a register value stored in a register specified in the indirect function call, wherein the register value specifies a memory address of the identified function; and for each interrupt instruction, replacing, in the assembly language source code, the register specified in the indirect function call that was converted to the interrupt instruction with a function name corresponding to the register value, and invoking the identified function. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for disassembling compiled object code, the operation comprising:
-
disassembling a binary executable object to generate assembly language source code, wherein the assembly language source code includes one or more indirect function calls and wherein each indirect function call corresponds to a function dynamically identified using an address identified when executing the assembly language source code; converting one or more of the indirect function calls to one or more central processing unit (CPU) interrupt instructions; executing the assembly language source code; upon reaching the interrupt instruction to which each indirect function call was converted while executing the assembly language source code, determining a register value stored in a register specified in the indirect function call, wherein the register value specifies a memory address of the identified function; and for each interrupt instruction, replacing, in the assembly language source code, the register specified in the indirect function call that was converted to the interrupt instruction with a function name corresponding to the register value, and invoking the identified function. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a processor; and a memory storing one or more application programs configured to perform an operation for disassembling compiled object code, the operation comprising; disassembling a binary executable object to generate assembly language source code, wherein the assembly language source code includes one or more indirect function calls and wherein each indirect function call corresponds to a function dynamically identified using an address identified when executing the assembly language source code, converting one or more of the indirect function calls to one or more central processing unit (CPU) interrupt instructions, executing the assembly language source code, upon reaching the interrupt instruction to which each indirect function call was converted while executing the assembly language source code, determining a register value stored in a register specified in the indirect function call, wherein the register value specifies a memory address of the identified function, and for each interrupt instruction, replacing, in the assembly language source code, the register specified in the indirect function call that was converted to the interrupt instruction with a function name corresponding to the register value, and invoking the identified function. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification