摘要：

针对二进制代码分析中由于无符号表信息造成的难以定位主函数main()的问题，提出一种面向PE可执行程序的main函数定位方法。通过分析PE程序从入口点处开始的执行过程从而提炼相关模板，采用模板匹配的方法定位程序中主函数main()的地址。实验结果表明，该方法能够有效实现不同编译环境下PE可执行程序的main()函数定位，有助于提高二进制代码分析工具的分析能力。

关键词: 二进制代码分析, 符号表, PE可执行程序, 模板匹配

Abstract:

Locating main function from binary code is not an easy task when there is no symbol table in it. Aiming at this problem, this paper presents a novel approach for Portable Executables(PE). It analyzes the execution process of a PE from the entry point to abstract some patterns for locating. Instruction pattern matching is used to locate the address of function main() from a PE file. Experimental result shows that the approach based on pattern matching is favorable and effective on locating function main() from portable executables in different platform. It can improve the analyzing ability of binary code analysis tools.

Key words: binary code analysis, symbol table, Portable Executables(PE), pattern matching

中图分类号: 

• TP311