Abstract: Binary program transformation has played an important role in reverse program analysis. This paper proposes a program transformation method. In the method, machine code is first disassembled by IDA Pro. Along with rules and optimizing strategies, the program is transformed to intermediate language. The deterministic finite automata and context-free grammars are designed to parse assembly language, and the code optimization theory is also included in dataflow analysis. The intermediate language has a good readability, generality and comprehensibility. After transformation, the code contracts dramatically. The technique described can run automatically, which effectively reduce the amount of time in solving software analysis problems and debugging executable programs. A transform instance using this technique is presented.

Key words: reverse analysis, program transformation, intermediate language

摘要： 二进制程序转换作为软件逆向分析的主要手段发挥着积极作用。该文给出一种程序转换方法，应用软件二进制程序经IDA Pro反汇编得汇编语言程序，依据下推自动机原理设计汇编文法识别该汇编文件、制定相应的转换规则和优化措施将汇编语言转换成中间语言。转换所得中间语言可读性较强，具有通用性且易于理解。该方法达到了较高的自动化程度，缩小了目标程序的代码量，其应用可有效地减少软件分析和调试人员在追踪代码时所需的时间和工作量。给出应用上述方法进行程序转换的实例。

关键词: 逆向分析, 程序转换, 中间语言

CLC Number: 

• TP311