Abstract
Standard control flow graphs (CFGs) extracted from binaries by state-of-the-art disassembly/decompilation tools do not include information about exception-related control flow. However, such information is useful when statically analyzing programs that utilize structured exceptions. To fill that gap, we propose the concept of Exceptional Interprocedural Control Flow Graphs (EICFGs). These graphs extend traditional CFGs by adding edges for stack unwinding, frame cleanup, and try/catch behavior caused by thrown exceptions. We provide an approach for generating EICFGs from x86-64 binaries featuring C++ exceptions. The approach is based on symbolically executing an abstract semantics that includes binary-level exception-related function calls. We validated our abstract semantics by generating concrete test cases that were then evaluated using real binaries. We applied an implementation of our approach to 341 off-the-shelf x86-64 binaries compiled from C++ as well as C and Fortran source code. From those binaries, we identified 2574 unique throws and successfully resolved the exceptional control flow for every one of them. We show that resolving throws leads to increased instruction reachability and uncovers edges not found by state-of-the-art tools such as Ghidra.
Original language | English |
---|---|
Title of host publication | Detection of Intrusions and Malware, and Vulnerability Assessment - 21st International Conference, DIMVA 2024, Proceedings |
Editors | Federico Maggi, Manuel Egele, Mathias Payer, Michele Carminati |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 3-22 |
Number of pages | 20 |
ISBN (Print) | 9783031641701 |
DOIs | |
Publication status | Published - 2024 |
Event | 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2024 - Lausanne, Switzerland Duration: 17 Jul 2024 → 19 Jul 2024 https://www.dimva.org/dimva2024/ |
Publication series
Series | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14828 LNCS |
ISSN | 0302-9743 |
Conference
Conference | 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2024 |
---|---|
Abbreviated title | DIMVA 2024 |
Country/Territory | Switzerland |
City | Lausanne |
Period | 17/07/24 → 19/07/24 |
Internet address |
Keywords
- Binary Analysis
- C++ exceptions
- Control Flow Graphs