a practical off-line taint analysis framework and its application in reverse engineering of file format论文.pdf

c o m p u t e r s s e c u r i t y 5 1 ( 2 0 1 5 ) 1 e 1 5 Available online at ScienceDirect journal homepage: /locate/cose A practical off-line taint analysis framework and its application in reverse engineering of file format Baojiang Cui a,b, *, Fuwei Wang a,b, Tao Guo c, Guowei Dong c a Beijing University of Posts and Telecommunications, Beijing, China b National Engineering Laboratory for Mobile Network Security, Beijing, China c China Information Technology Security Evaluation Center, Beijing, China a r t i c l e i n f o a b s t r a c t Article history: This paper presents FlowWalker, a novel dynamic taint analysis framework that aims to Received 14 August 2014 extract the complete taint data flow while eliminating the bottlenecks that occur in Received in revised form existing tools, with applications to file-format reverse engineering. The framework pro- 12 February 2015 poses a multi-taint-tag assembly-level taint propagation strategy. FlowWalker separates Accepted 15 February 2015 taint tracking operations from execution with an off-line structure, utilizes memory- Available online 5 March 2015 mapped files to enhance I/O efficiency, processes taint paths during virtual execution playback, and uses parallelization and pipelining mechanisms to achieve speedup. Based Keywords: on the semantic correlations implied by the taint path information, this paper presents an Taint analysis algorithm for extracting the structures of unk