APPARATUS FOR STATICALLY ANALYZING ASSEMBLY CODE INCLUDING ASSOXIATED MULTI FILES

摘要

The present invention relates to an associated multi-file static analysis device, comprising: a database storing program names, function names, assembly code, branch information, trace information, trace names, trace states, and register names corresponding to disassembled binaries; When a binary is input, the characteristics of the binary are analyzed to display a list of corresponding files and a plurality of functions. When a first function is selected from the displayed list of functions, a forward or reverse call chain of the first function is displayed. And display assembly code of the first function, a second function that is a forward function of the first function, or a third function that is a reverse function of the first function, the selection of the first function is terminated, and the second function When is selected, the display of assembly code of the first function, the second function, and the third function is canceled, and the second function, the phase An assembly code extracting unit for indicating assembly code of a fourth function that is a forward function of the second function or a fifth function that is a reverse function, and a register name corresponding to one of the first to fifth functions in the assembly code extracting unit In the case of requesting tracking, it includes a static analysis unit for extracting the register information corresponding to the register name through the database to provide to the assembly code extraction unit. According to the present invention, since the flow of functions of multiple files associated with each other is automatically displayed even at the machine language level, the static analysis speed can be easily traced by easily tracking the call chain of a specific function utilized in a plurality of executable files. Can improve.