The University of Arizona
banner image

  Static Detection of Disassembly Errors

Nithya Krishnamoorthy, Saumya Debray, Keith Fligg
Department of Computer Science
University of Arizona
Tucson, AZ 85721, U.S.A.
 

Abstract
Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.