Student Work

Symbolic Execution for Function Matching

Public

Downloadable Content

open in viewer

The idea for this project was to use symbolic execution to create an architecture-agnostic representation of a function to use for matching. Symbolic execution is a dynamic analysis method that provides the reverse engineer with a better understanding of what a binary does during run-time. Using symbolic execution for a function matcher allows for matches based on how they react to symbolic variables. We use symbolic constraints to match functions cross architecture. Our matcher gave us 87% of functions matched when it came to ideal functions for this matcher type. Ideal functions for this matcher are those whose control flow relies on run time data. Our proposed matcher attempts to solve the problem of cross architecture comparisons of binaries while also allowing full code coverage.

  • This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.
Creator
Publisher
Identifier
  • E-project-101217-110947
Advisor
Year
  • 2017
Center
Sponsor
Date created
  • 2017-10-12
Resource type
Major
Rights statement

Relations

In Collection:

Items

Items

Permanent link to this page: https://digital.wpi.edu/show/pn89d8101