author: Jerre Starink
title: Recovery of Control Flow Graphs of Native Binaries using Register Value Inference
keywords: reverse engineering, static analysis, binary code, control flow graph, call graph
topics: Languages , Software Technology
committee: Arend Rensink
started: April 2018
end: July 2018


Malware researchers reverse engineer software to identify patterns that might cause damage to the underlying system. One of the key aspects of this research is performing a static analysis on the binary code. This comes with a variety of challenges that need to be overcome. First of all, there is no clear separation between code and data, and secondly, the flow of a program is not always trivial. In this research we aim to contribute to this field by proposing an extension to the recursive traversal disassembly algorithm by approximating register values to determine target addresses of indirect jumps. We show that the algorithm is able to gain a better coverage than the recursive traversal algorithm, and produce graphs more similar to the original graphs than the linear sweep algorithm is able to, at the cost of performance.