• » AFRL-RomeAir Force Research Laboratory (Rome)
• » AFRL-SPIAir Force Research Laboratory (Wright Paterson)
  Anti-Tamper/Software Protection Initiative (AT-SPI)
• » AFRL-WPAir Force Research Laboratory (Wright Paterson)
• » DARPADefense Advanced Research Projects Agency (DARPA)
• » HSARPADepartment of Homeland Security (DHS)
  Homeland Security Advanced Research Projects Agency (HSARPA)
• » MDAMissile Defense Agency (MDA)
• » NASANational Aeronautics and Space Administration (NASA)
• » NISTNational Institute of Standards and Technology (NIST)
• » NSFNational Science Foundation (NSF)
• » ARMYUnited States Army
• » NAVYUnited States Navy (USN)
• » ONRUnited States Navy (USN)
  Office of Naval Research (ONR)

Trace-Based Disassembly

We propose to develop a trace-based disassembler and integrate it with our break-through binary analysis tool, CodeSurfer^®/x86. A trace-based disassembler builds a trace of the instruction sequence that is executed at run time (during one or more runs of the program). The trace is analyzed to construct control-flow graphs for each of the procedures, which are then used to generate an assembly listing. This approach will make CodeSurfer/x86 applicable to binaries that employ anti-tamper techniques known as control-flow obfuscations. In particular, we will focus on the potential to unravel self-modifying code. CodeSurfer/x86 will also be used to drive a static disassembler to help "flesh out" the program listing generated by the trace-based disassembler.