Abstract
How to locate the target function faster and more accurately is a key problem of Automatic Reverse-Engineering of Software Programs. In order to solve this problem, a target function location method based on code coverage analysis is proposed. Firstly, it obtains function call information of the program and calculate the suspicious rate of each function. And then a stability factor is proposed to reduce the noise functions. Finally, the target function is successfully located. The experimental results show the method proposed has linear time complexity. For software programs with million function calls, it can accurately locate the target function within several minutes, the performance and accuracy are greately improved compared to the contrast methods.
Highlights
In the process of Software Reverse-Engineering, the first job is to determine the cut-in point of the reverse analysis
Aiming at shortcomings of the above methods, we propose a method of code coverage analysis to locate target function
According to the location principle, the target function must exist in the candidate list, but there are some noise functions
Summary
In the process of Software Reverse-Engineering, the first job is to determine the cut-in point of the reverse analysis. Huang et al [3] filters the redundant execution paths by clustering and improve the locating efficiency This kind of method has a lot of noise function. Based on the method of API sequence alignments, Ye et al [4] proposed a method of generating harmonic sequence, which avoided the "blind area" caused by nearest neighbor path selection and reduced the space of subsequent search. This kind of method had higher time complexity than difference set calculation. For our method is only related to the function call path, it is universal
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
