Faculty Advisor

Walls, Robert Joseph


The idea for this project was to use symbolic execution to create an architecture-agnostic representation of a function to use for matching. Symbolic execution is a dynamic analysis method that provides the reverse engineer with a better understanding of what a binary does during run-time. Using symbolic execution for a function matcher allows for matches based on how they react to symbolic variables. We use symbolic constraints to match functions cross architecture. Our matcher gave us 87% of functions matched when it came to ideal functions for this matcher type. Ideal functions for this matcher are those whose control flow relies on run time data. Our proposed matcher attempts to solve the problem of cross architecture comparisons of binaries while also allowing full code coverage.


Worcester Polytechnic Institute

Date Accepted

October 2017


Computer Science

Project Type

Major Qualifying Project


Restricted-WPI community only

Advisor Department

Computer Science

Your accessibility may vary due to other restrictions.