Exceptional Interprocedural Control Flow Graphs for x86-64 Binaries

Joshua Bockenek*, Freek Verbeek, Binoy Ravindran

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review

Abstract

Standard control flow graphs (CFGs) extracted from binaries by state-of-the-art disassembly/decompilation tools do not include information about exception-related control flow. However, such information is useful when statically analyzing programs that utilize structured exceptions. To fill that gap, we propose the concept of Exceptional Interprocedural Control Flow Graphs (EICFGs). These graphs extend traditional CFGs by adding edges for stack unwinding, frame cleanup, and try/catch behavior caused by thrown exceptions. We provide an approach for generating EICFGs from x86-64 binaries featuring C++ exceptions. The approach is based on symbolically executing an abstract semantics that includes binary-level exception-related function calls. We validated our abstract semantics by generating concrete test cases that were then evaluated using real binaries. We applied an implementation of our approach to 341 off-the-shelf x86-64 binaries compiled from C++ as well as C and Fortran source code. From those binaries, we identified 2574 unique throws and successfully resolved the exceptional control flow for every one of them. We show that resolving throws leads to increased instruction reachability and uncovers edges not found by state-of-the-art tools such as Ghidra.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 21st International Conference, DIMVA 2024, Proceedings
EditorsFederico Maggi, Manuel Egele, Mathias Payer, Michele Carminati
PublisherSpringer Science and Business Media Deutschland GmbH
Pages3-22
Number of pages20
ISBN (Print)9783031641701
DOIs
Publication statusPublished - 2024
Event21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2024 - Lausanne, Switzerland
Duration: 17 Jul 202419 Jul 2024
https://www.dimva.org/dimva2024/

Publication series

SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14828 LNCS
ISSN0302-9743

Conference

Conference21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2024
Abbreviated titleDIMVA 2024
Country/TerritorySwitzerland
CityLausanne
Period17/07/2419/07/24
Internet address

Keywords

  • Binary Analysis
  • C++ exceptions
  • Control Flow Graphs

Fingerprint

Dive into the research topics of 'Exceptional Interprocedural Control Flow Graphs for x86-64 Binaries'. Together they form a unique fingerprint.

Cite this