间接跳转目标计算 [英] Indirect jump destination calculation

问题描述

给定一个任意可执行文件，是否可以确定部分或全部间接分支目标地址?计算这些目的地的程序化方法是什么?我之所以这样问是因为我正在从可执行文件中重构CFG，并且无法找出一种计算间接分支的干净方法.有时可以通过一些法医分析来确定操作数，但有时却不太清楚.

Given an arbitrary executable, is it possible to determine some or all of the indirect branch destination addresses? What is a programmatic approach to computing these destinations? I'm asking because I am reconstructing a CFG from an executable and can't figure out a clean way of computing indirect branches. Sometimes the operand can be determined with a little forensic analysis, but other times it's not so clear.

推荐答案

通过执行

Calculating possible indirect branch destinations in a compiled program statically is possible by performing data-flow analysis for finding out the possible values for the address.

它在诸如跳转表之类的简单事物上可能会很好地工作(通常会生成这种东西从switch语句).

It might work well on simple things such as jump tables (the kind of stuff often generated from switch statements).

不过，在一般情况下，我认为很难从中获得不错的结果-尤其是因为我怀疑您的分析将需要某种 heap分析才能具有任何价值，这并不容易，尤其是在可能会充斥着负载并将其存储到内存的装配体上.

In the general case, though, I think that it will be pretty hard to get decent results from that - especially since I suspect your analysis will need some sort of heap analysis to be of any value, and that is not easy, particularly on assembly which might be riddled with loads and stores to memory.

这篇关于间接跳转目标计算的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！