Abstract: A method and system resolving a computed call/jump target with computed behavior. The method begins with stripping a structured control flow graph of a computer program down to only those instructions that can reach a computed call/jump instruction of interest. The method continues by setting instruction semantics of the computed call/jump instruction of interest to a single assignment with a synthetic call target state variable whose value is a symbolic expression representing the computed call/jump target. The method continues by extracting a computed behavior of the stripped structured control flow graph in terms of the synthetic call target state variable and checking a resulting final value of the synthetic call target state variable in the resulting stripped program behavior. When the synthetic call target state variable is equal to a constant, the computed call/jump target has been resolved to the constant value, which is stored to computer storage.
Abstract: A method and system to detect behaviors of operational computer code. The method begins by tracking a synthetic call trace state variable when extracting the computed behavior of the program. The method continues by extending instruction semantics of call instructions with additional semantics by adding a current function call, either local or external API, to an existing call trace represented by the synthetic call trace state variable. A method finishes with extracting the computed behavior of a program.
Abstract: A method and system resolving a computed call/jump target with computed behavior. The method begins with stripping a structured control flow graph of a computer program down to only those instructions that can reach a computed call/jump instruction of interest. The method continues by setting instruction semantics of the computed call/jump instruction of interest to a single assignment with a synthetic call target state variable whose value is a symbolic expression representing the computed call/jump target. The method continues by extracting a computed behavior of the stripped structured control flow graph in terms of the synthetic call target state variable and checking a resulting final value of the synthetic call target state variable in the resulting stripped program behavior. When the synthetic call target state variable is equal to a constant, the computed call/jump target has been resolved to the constant value, which is stored to computer storage.
Abstract: A method and system to detect behaviors of operational computer code. The method begins by tracking a synthetic call trace state variable when extracting the computed behavior of the program. The method continues by extending instruction semantics of call instructions with additional semantics by adding a current function call, either local or external API, to an existing call trace represented by the synthetic call trace state variable. A method finishes with extracting the computed behavior of a program.