One of widespread applications in binary code analysis is format recovery for files and network messages. If studied code is protected from analysis, analytic suffers from unacceptable time-intense expenses. In this paper we propose a method for automated format recovery. The method is based on binary code dynamic analysis and allows recovering hierarchical structure of analyzed memory buffers, and, moreover, recover semantics for certain fields. We present prototype tool, which supports the described method, and evaluate the tool using a model sample.
Proceedings of the Institute for System Programming, vol. 19, 2010, pp. 195-214.
ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).