摘要： 动态控制流恢复方法存在路径覆盖不全的问题。为解决该问题，提出一种基于自动路径驱动的控制流恢复算法。在可控的模拟调试环境中动态执行并分析二进制程序，通过修改CPU程序计数器的值，使驱动程序执行在当前输入条件下无法访问的程序路径，从而构建控制流图。基于该算法，设计实现自动路径驱动控制流恢复系统。测试结果表明，该算法能够较全面地发掘程序执行路径，与传统动态执行算法和交互式反汇编器相比，能有效提高恢复控制流图的覆盖率。

关键词: 控制流图, 路径驱动, 动态分析, 二进制程序, 模拟调试环境, 程序计数器

Abstract: To solve the problem in dynamic control flow reconstruction that not all program execution paths can be explored, an algorithm based on execution path driven is presented. The main idea of this algorithm is to run the binary program in a controllable instrument environment, and drives it to execute the program paths which can’t be explored under current input set by modifying the value of Program Counter(PC), so that Control Flow Graph(CFG) can be reconstructed. Based on this algorithm, a dynamic path drive control flow recovery system is designed and implemented. Experimental results illustrate that this algorithm is effective in exploring execution paths. Compared with traditional dynamic algorithm and Interactive Disassembler(IDA), the coverage of CFG reconstructed by this algorithm is higher.

Key words: Control Flow Graph(CFG), path driven, dynamic analysis, binary program, simulation instrument environment, Program Counter(PC)

中图分类号: 

• TP301.6