A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
Filters
BIRD: Binary Interpretation using Runtime Disassembly
International Symposium on Code Generation and Optimization (CGO'06)
Preserved Fulltext
This paper presents the design, implementation, and evaluation of a binary analysis and instrumentation infrastructure for the Windows/x86 platform called BIRD (Binary Interpretation using Runtime Disassembly ...
Instead of requiring a highfidelity instruction set architectural emulator, BIRD combines static disassembly with an on-demand dynamic disassembly approach to guarantee that each instruction in a binary ...
We are currently enhancing the instrumentation API for BIRD so that it can be used as a general binary instrumentation system. ...
doi:10.1109/cgo.2006.6
dblp:conf/cgo/NandaLLC06
fatcat:izd7wi6bovft5k523m6nbyypba
Foreign Code Detection on the Windows/X86 Platform
2006
Proceedings of the Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
FOOD verifies the legitimacy of binary images involved in process creation and library loading to ensure that only authorized binaries are used in these operations. ...
One particular way to lock down a user computer is to guarantee that only authorized binary programs are allowed to run on that computer. ...
In fact, BIRD itself uses binary instrumentation to redirect all indirect calls/jumps to its runtime engine. ...
doi:10.1109/acsac.2006.29
dblp:conf/acsac/NandaLLC06
fatcat:37nmb3gxe5aztd2h2kslv6uqhu
Hijacker: Efficient static software instrumentation with applications in high performance computing: Poster paper
2013
2013 International Conference on High Performance Computing & Simulation (HPCS)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Static Binary Instrumentation is a technique that allows compile-time program manipulation. ...
This technique has been effectively used, e.g., to support code profiling, performance analysis, error detection, attack detection, or behavior monitoring. ...
BIRD [11] is a binary rewriting platform for Windows/x86 only. ...
doi:10.1109/hpcsim.2013.6641486
dblp:conf/ieeehpcs/Pellegrini13
fatcat:clmaui4t55hppl5jvbvmrxi4fq
How to Automatically and Accurately Sandbox Microsoft IIS
2006
Proceedings of the Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
BASS is built on a binary interpretation and analysis infrastructure called BIRD, which can handle application binaries with dynamically linked libraries, exception handlers and multi-threading, and has ...
paper describes the design, implementation and evaluation of a sandboxing system called BASS 1 that can automatically extract a highly accurate application-specific sandboxing policy from a Win32/X86 binary ...
Runtime interception is through direct binary re-writing. This check-and-invoke logic forms the run-time engine of BIRD. ...
doi:10.1109/acsac.2006.31
dblp:conf/acsac/LiLC06
fatcat:sgyezih7s5gxteqvnjbaok64yu
PEBIL: Efficient static binary instrumentation for Linux
2010
2010 IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
To this end, PEBIL uses function level code relocation in order to insert large but fast control structures. ...
There are two main approaches to binary instrumentation: static and dynamic binary instrumentation. ...
BIRD [14] is a binary rewriting platform for Windows/x86. ...
doi:10.1109/ispass.2010.5452024
dblp:conf/ispass/LaurenzanoTCS10
fatcat:yhrzzw2ifnfcfjz46mqjipf7qy
Automated Format String Attack Prevention for Win32/X86 Binaries
2007
Proceedings of the Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
Moreover, none of them has been applied to commercially distributed Win32 binaries. ...
This paper describes the design, implementation and evaluation of a Win32 binary transformation tool called Lisbon, which transparently inserts into Win32 binaries additional checks that protect them from ...
However, to safely instrument executable binaries requires 100% disassembly accuracy. To achieve 100% disassembly accuracy, BIRD performs both static and dynamic disassembly. ...
doi:10.1109/acsac.2007.4413006
fatcat:4nd2mx6pkvhkxnkh5jzcarxhfa
Automated Format String Attack Prevention for Win32/X86 Binaries
2007
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
Moreover, none of them has been applied to commercially distributed Win32 binaries. ...
This paper describes the design, implementation and evaluation of a Win32 binary transformation tool called Lisbon, which transparently inserts into Win32 binaries additional checks that protect them from ...
However, to safely instrument executable binaries requires 100% disassembly accuracy. To achieve 100% disassembly accuracy, BIRD performs both static and dynamic disassembly. ...
doi:10.1109/acsac.2007.23
dblp:conf/acsac/LiC07
fatcat:fyn7sm54oraptgdhldhjglzp6q
SaBRe: load-time selective binary rewriting
2022
International Journal on Software Tools for Technology Transfer (STTT)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We present SaBRe, a load-time system for selective binary rewriting. ...
We also discuss the theoretical underpinnings of disassembling and rewriting. ...
BIRD partly relies on dynamic speculative disassembly, which incurs a significant runtime overhead. Both of them are specifically aimed at Windows binaries. ...
doi:10.1007/s10009-021-00644-w
fatcat:t3wufyp2rzga5dpi3xhykbmski
An Evaluation of WebAssembly and eBPF as Offloading Mechanisms in the Context of Computational Storage
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
For many use cases, the host endianness is not that relevant, as they do not involve parsing and interpreting data at the byte level. ...
Here is an example of this text format: (module (func (export "addTwo") (param i32 i32) (result i32) local.get 0 local.get 1 i32.add)) One can also disassemble WebAssembly binaries using wasm- objdump: ...
arXiv:2111.01947v1
fatcat:ouwh2zauxngjhbagwvgmqktcjm
Efficient fine-grained binary instrumentationwith applications to taint-tracking
2008
Proceedings of the sixth annual IEEE/ACM international symposium on Code generation and optimization - CGO '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2008; you can also visit the original URL.
The file type is application/pdf.
In contrast, source-code based techniques have achieved better performance using high level optimizations. ...
For instance, previous software based techniques for taint-tracking on binary code have typically slowed down programs by a factor of 3 or more. ...
For instance, our approach can work well with robust disassembly techniques that rely on a hybrid approach, such as BIRD [21] , which perform static disassembly of most code, while relying on runtime disassembly ...
doi:10.1145/1356058.1356069
dblp:conf/cgo/SaxenaSP08
fatcat:62gg3bzz6rcrddwuxgmws576me
Alternating Control Flow Reconstruction
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We give an example instantiation of our framework using dynamically observed execution traces and constant propagation. ...
We provide an abstract interpretation framework for control flow reconstruction that alternates between over-and under-approximation. ...
Related Work Several approaches use runtime control flow information to improve the results of analyzing binaries. Nanda et al. introduced hybrid disassembly in their tool BIRD [16] . ...
doi:10.1007/978-3-642-27940-9_18
fatcat:xowujkb34zashjthtzlbj6oj34
CoDisasm
2015
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Current state-of-the-art disassemblers fail to interpret these two common forms of obfuscation, causing an incorrect disassembly of large parts of the input. ...
In this paper, we focus on the disassembly of x86 selfmodifying binaries with overlapping instructions. ...
The platform BIRD of Nanda et al. [27] apply speculative disassembly by mixing static and dynamic techniques. The difference with our work is that BIRD is designed for non-obfuscated binaries. ...
doi:10.1145/2810103.2813627
dblp:conf/ccs/BonfanteFMRST15
fatcat:nmg5w4tktzckliwhg4qj5g65zm
Binary-code obfuscations in prevalent packer tools
2013
ACM Computing Surveys
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
ASProtect-packed binaries carry a polymorphic code-generation engine which adds considerably to their size and to the difficulty of automatically reverse-engineering binaries that have been packed by ASProtect ...
ASProtect (28856 bytes): ASProtect's large bootstrap code shares some code with ASPack, its sister tool, and its main features are likewise directed towards control-flow and anti-disassembler obfuscations ...
Our Dyninst instrumenter and the Bird interpreter [Nanda et al. 2006 ] instead apply static code-parsing techniques before the program executes, and use dynamic instrumentation to identify gaps in that ...
doi:10.1145/2522968.2522972
fatcat:rqeni3v24rddlbfyvi3aiymgii
Retrofitting Security in COTS Software with Binary Rewriting
[chapter]
2011
IFIP Advances in Information and Communication Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Using SecondWrite, we insert a variety of defenses into program binaries. ...
Our approach is based on SecondWrite, an advanced binary rewriter that operates without need for debugging information or other assist. ...
Any opinions, findings, conclusions or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, the Air Force, DARPA, or the NSF. ...
doi:10.1007/978-3-642-21424-0_13
fatcat:z3vwf5fnvbdevid47khggua644
A Survey of Binary Code Similarity
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
(4) the benchmarks and methodologies used to evaluate them. ...
Binary code similarity approaches compare two or more pieces of binary code to identify their similarities and differences. ...
Out of 15 approaches, 5 use VINE provided by BITBLAZE (BIN-HUNT, IBINHUNT, COP, MXW2015, BINSIM), another 5 use VEX provided with VALGRIND (MULTI-MH, MOCKING-BIRD, CACOMPARE, GITZ, FIRMUP), and two use ...
arXiv:1909.11424v1
fatcat:dry5hbq3qjdvdnvrjaoxwoztlq
« Previous
Showing results 1 — 15 out of 79 results