JSEMU: 提供動態調整分析政策之模擬架構

Abstract

過去已有許多Dynamic Binary Analysis (DBA) Tools讓使用者可以分析未知的執行檔的行為，而Dynamic Binary Instrumentation (DBI) 的出現讓開發DBA Tools的難度大幅的降低，使用者只需利用DBI所提供的Instrument API就可以設計自己的分析政策，然而在分析未知執行檔時，使用者無法預期哪一種分析政策是最符合的，調整分析政策是無法避免的過程，以現有的DBI tool來說，每當使用者要調整分析政策時，都必須重新編譯分析政策並執行，但反覆的重新編譯和執行對於分析者是個額外的負擔，因此本篇論文提出了可以在執行時期動態調整分析政策的DBI架構，命名為JSEMU，在實驗的部分，除了提供動態調整政策的機制外，也實作了Dynamic JavaScript Translation、Hot Code、Block Chaining以增進效能。

Dynamic binary analysis (DBA) tools help analyst to observe unknown binaries. Dynamic Binary Instrumentation (DBI) make it easy to develop new DBA tools. In previous DBI works, tool writer use APIs to design the analysis policy, and compile it to run. However, tool writer cannot predict all situations before running analysis. Unexpected situation may cause undesirable result of analysis. The intuitive solution is providing a mechanism to adjust policy at runtime. It can be easily achieved by the meta-programming feature of JavaScript. Furthermore, the performance of JavaScript significantly increased in recent years, writing emulator in JavaScript become possible. This paper presents a framework called JSEMU. JSEMU is written in JavaScript. For efficiency, JSEMU uses dynamic JavaScript translation to optimize instrumentation. Using JSEMU to develop DBA tools, tool writer can dynamically adjust policy without recompile.