Publication Details
Generic detection of the statically linked code
Kolář Dušan, doc. Dr. Ing. (DIFS)
statically linked code, signature, detection
Detection of a statically linked code is an important step in a process of decompilation. It eliminates a code, which has to be processed by decompiler. It provides an additional information about recognized code as linked functions with the types and number of arguments and return values. The detection is based on signatures, which are generated from the static libraries. The signatures are composed of the first bytes of library modules, CRC codes, module sizes, and public symbols. A tree structure of signature improves performance by decreasing a number of compared bytes. Generic approach of detection is achieved by an usage of a common object file format. This ensures that the process is not restricted on specific architecture or file format. However, this lightly increases a number of functions, which cannot be distinguished.
@inproceedings{BUT103577,
author="Lukáš {Ďurfina} and Dušan {Kolář}",
title="Generic detection of the statically linked code",
booktitle="Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013",
year="2013",
pages="157--161",
publisher="Faculty of Electrical Engineering and Informatics, University of Technology Košice",
address="Spišská Nová Ves",
isbn="978-80-8143-127-2",
url="http://informatics.kpi.fei.tuke.sk/"
}