Datalog Disassembly v1.7 releases: A fast and accurate disassembler

Datalog Disassembly

A fast disassembler which is accurate enough for the resulting assembly code to be reassembled. The disassembler implemented using the datalog (souffle) declarative logic programming language to compile disassembly rules and heuristics. The disassembler first parses ELF file information and decodes a superset of possible instructions to create an initial set of datalog facts. These facts are analyzed to identify code location, symbolization, and function boundaries. The results of this analysis, a refined set of datalog facts, are then translated to the GTIRB intermediate representation for binary analysis and reverse engineering. The GTIRB pretty printer may then be used to pretty print the GTIRB to reassemblable assembly code.

The analysis contains two parts:

• The C++ files take care of reading an elf file and generating facts that represent all the information contained in the binary.
• src/datalog/*.dl contains the specification of the analyses in datalog. It takes the basic facts and computes likely EAs, chunks of code, etc. The results are represented in GTIRB or can be printed to assembler code using the gtirb-pprinter.

Changelog v1.7

• Update code inference to use weighted interval scheduling to resolve blocks; this improves code inference results, especially on ARM.
• ARM: Discover unreferenced code blocks occurring after literal pools.
• Refactored CFG inference. It now infers more kinds of indirect calls and branches using value analysis, data accesses, and relocations.
• ELF: Infer SHARED or PIE for DYN binary type
• ELF: Generate elfDynamicInit and elfDynamicFini auxdata

Install && Use

Copyright (C) 2019 GrammaTech