Binary analysis is the art of reading and understanding of binary codes, with or without access to their source codes and compilers. It was an oldest form of programming and debugging, but lost its popularity since sophisticated tools can support programming and debugging of software applications using high level programming languages. In recent years, binary analysis is once again grabbing people’s attentions as it is a critical tool being used by malware crafters and their defenders in their heated contests.
Modern compiler tools can transform sophisticated programs into executable binary codes, but they are not yet capable of automating protection of the binary executable codes. Even when the source codes are closely guarded by vendors, vulnerabilities of unprotected binary codes are routinely exploited based on binary analysis. Without binary analysis, it will be nearly impossible to understand the behavior of a (binary) malware in the wild, in order to design effective countermeasures to defeat them. It is a challenging undertaking by any measure, and the outcomes can have profound impacts to affected parties.
Binary analysis is also essential for low level programming, porting dependency analysis, instrumentation of legacy executables for performance/functional monitoring and debugging.
Our research explores techniques to transform the art of binary analysis into engineering process. Some of our research results include an IDA Pro plug-in module for mining of binary patterns. We also have done some work on mapping of symbols based on mining of published documents. In lights of the needs for competent computer professionals in binary analysis, the director is planning to open a new course in 2014 Spring on “Assembly language and binary analysis”. It should be a very fun experience to revisit this field which was nearly lost in the torrent of abstraction and automation. Stay tuned.