Towards Optimal Use of Exception Handling Information for Function Detection

Chengbin Pang, Ruotong Yu, Dongpeng Xu, Eric Koskinen, Georgios Portokalidis, Jun Xu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

Function entry detection is critical for security of binary code. Conventional methods heavily rely on patterns, inevitably missing true functions and introducing errors. Recently, call frames have been used in exception-handling for function start detection. However, existing methods have two problems. First, they combine call frames with heuristic-based approaches, which often brings error and uncertain benefits. Second, they trust the fidelity of call frames, without handling the errors that are introduced by call frames. In this paper, we first study the coverage and accuracy of existing approaches in detecting function starts using call frames. We found that although recursive disassembly with call frames can maximize coverage, using extra heuristic-based approaches does not improve coverage and actually hurts accuracy. Second, we unveil call-frame errors and develop the first approach to fix them, making their use more reliable.

Original languageEnglish
Title of host publicationProceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2021
Pages338-349
Number of pages12
ISBN (Electronic)9781665435727
DOIs
StatePublished - Jun 2021
Event51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2021 - Virtual, Online, Taiwan, Province of China
Duration: 21 Jun 202124 Jun 2021

Publication series

NameProceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2021

Conference

Conference51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2021
Country/TerritoryTaiwan, Province of China
CityVirtual, Online
Period21/06/2124/06/21

Keywords

  • Binary Disassembling
  • Exception Handling
  • Function Start Detection

Fingerprint

Dive into the research topics of 'Towards Optimal Use of Exception Handling Information for Function Detection'. Together they form a unique fingerprint.

Cite this