Publication Details
Generic detection of the statically linked code
Kolář Dušan, doc. Dr. Ing. (DIFS)
statically linked code, signature, detection
Detection of a statically linked code is an important step in a process of
decompilation. It eliminates a code, which has to be processed by decompiler. It
provides an additional information about recognized code as linked functions with
the types and number of arguments and return values. The detection is based on
signatures, which are generated from the static libraries. The signatures are
composed of the first bytes of library modules, CRC codes, module sizes, and
public symbols. A tree structure of signature improves performance by decreasing
a number of compared bytes. Generic approach of detection is achieved by an usage
of a common object file format. This ensures that the process is not restricted
on specific architecture or file format. However, this lightly increases a number
of functions, which cannot be distinguished.
@inproceedings{BUT103577,
author="Lukáš {Ďurfina} and Dušan {Kolář}",
title="Generic detection of the statically linked code",
booktitle="Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013",
year="2013",
pages="157--161",
publisher="Faculty of Electrical Engineering and Informatics, University of Technology Košice",
address="Spišská Nová Ves",
isbn="978-80-8143-127-2",
url="http://informatics.kpi.fei.tuke.sk/"
}