Information Technology is pervasive and new ways to leverage its potential are continuously emerging. A resultant effect is the increase in the code base as new functionality is implemented. And as computers increasingly handle and process more information, the analysis of executables becomes necessary.
Review of this code base is difficult for several reasons. Program complexity increases as new functionality is implemented. Large teams are involved in the development process. Different software development tools utilized provide unique syntax and means of expressing semantics. Publishers usually retain the source code; however, executables are released for deployment.
In varied scenarios, executable files need to be reverse engineered in order to understand their functionality. Disassembling an executable provides a human-readable format that resembles the underlying machine code due to the one-to-one mapping of machine & assembly code.
Dependent on the size of the executable, the quantity of the information generated can be large. This makes the analysis of information potentially difficult. Besides textually viewing the content, visualization can be utilized to enhance the process of understanding and analyzing the content.
Lattices provide a potentially useful structure that can be adapted to develop a visual metaphor that can be used to visualize & analyze a program’s disassembled executable code in order to generate usable information to aid in decision making.
This research project presents a development of a lattice-based metaphor for this purpose. It begins by abstracting a generic platform’s Instruction Set Architecture (ISA). Rules are then formulated on how to represent the different combination of instructions in order to enable adaptation to a lattice structure. A notation for displaying information is developed.
Various basic code constructs dealing with branching and looping are then illustrated by a process of abstracting their structural design and then visualizing them using the metaphor on the basis that these constructs are combined in various ways to constitute a program.
Visual Analytics of executable code provides a tool to analyze their structured format, providing an alternative tool comparable to directly analyzing source code, to generate meaningful information. Visualization of the software enhances this process by providing the visual metaphors that represent the code aspects.
Various visual representations have been utilized in visualizing the various aspects of software. This research presents a visual interface for interacting with Binary Code, illustrating the potential of basic geometric shapes and visual interaction in understanding the structure of programs. It proposes that directly manipulating the software structure, with an abstracted visual representation, provides an improved understanding of a program.
The process involved the design and development of a prototype application of a 3D environment within which interactions with visual metaphors enabled visualization and analysis of Binary Code. The key metaphor utilized is based on the lattice structure.
The resultant application provided a 3D visualization environment within which binary code could be analyzed using a lattice-based metaphor. The application provided functionality for visually interacting with disassembled code as well as querying the code and visually viewing the results within the metaphor. The research could provide a basis for research and application of visual reverse engineering in an environment of touch screens and increasing processing capability.
To read this external content in full, download the report from the author online archives at Narobi University.