Ticket #43 (closed enhancement: fixed)

Opened 8 months ago

Last modified 3 months ago

Libmjollnir core algorithm should be recursive

Reported by: may Owned by: strauss
Priority: major Milestone: v0.81
Component: libmjollnir Version:
Severity: High Keywords:
Cc:

Description

Currently we do a linear read of the binary code for constructing the control flow graph, this is not good for multiple reasons:

- we cant do local analysis given an entry point (we HAVE to analyse a whole section at all the time, and it does not scale when analysing the kernel).

- we cant analyse efficiently the obfusfated code that jumps in the middle of instructions. In the new algorithm, an instruction (its bytes) can potentially be present in multiple basic blocks if this case happens.

Instead we should use an entry point and a max depth, and follow the control flow edge when constructing the CFG.

Change History

Changed 4 months ago by may

  • owner changed from thorkill to strauss

Changed 4 months ago by may

  • severity changed from Medium to High
  • milestone changed from v0.88 to v0.81

Changed 3 months ago by may

  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.