Creating a common notation of the x86 processor software interface for automated disassembler construction
- Authors: Gusenko M.Y.1
-
Affiliations:
- Issue: No 2 (2024)
- Pages: 119-146
- Section: Articles
- URL: https://journal-vniispk.ru/2454-0714/article/view/359420
- DOI: https://doi.org/10.7256/2454-0714.2024.2.70951
- EDN: https://elibrary.ru/EJJSYT
- ID: 359420
Cite item
Full Text
Abstract
The subject of the study is the process of reverse engineering of programs in order to obtain their source code in low- or high-level languages for processors with x86 architecture, the software interface of which is developed by Intel and AMD. The object of the study is the technical specifications in the documentation produced by these companies. The intensity of updating documentation for processors is investigated and the need to develop technological approaches aimed at automated disassembler construction, taking into account regularly released and frequent updates of the processor software interface, is justified. The article presents a method for processing documentation in order to obtain a generalized, formalized and uniform specification of processor commands for further automated translation into the disassembler program code. The article presents two main results: the first is an analysis of the various options for describing commands presented in the Intel and AMD documentation, and a concise reduction of these descriptions to a monotonous form of representation; the second is a comprehensive syntactic analysis of machine code description notations and the form of representation of each command in assembly language. This, taking into account some additional details of the description of the commands, for example, the permissible operating mode of the processor when executing the command, made it possible to create a generalized description of the command for translating the description into the disassembler code. The results of the study include the identification of a number of errors in both the documentation texts and in the operation of existing industrial disassemblers, built, as shown by the analysis of their implementation, using manual coding. The identification of such errors in the existing reverse engineering tools is an indirect result of the author's research.
References
Версия исходного кода операционной системы Windows 2000. Доступно по ссылке: https://github.com/pustladi/Windows-2000/ (дата обращения: 23.02.2022) Проект Intel X86 Encoder Decoder (Intel XED). Доступно по ссылке: https://github.com/intelxed/xed (дата обращения: 23.08.2022) Distribution of Intel and AMD x86 computer central processing units (CPUs) worldwide from 2012 to 2022, by quarter. Доступно по ссылке: https/www.statista.com/statistics/735904/worldwide-x86-intel-amd-market-share/ (дата обращения: 23.09.2022) Китай научился легально клонировать процессоры Intel. Помог старинный соперник. Доступно по ссылке: https://www.cnews.ru/news/top/2023-06-09_kitajtsy_nauchilis_legalno (дата обращения: 14.12.2023) Intel® 64 and IA-32 Architectures. Software Developer’s Manual. Documentation Changes. September 2023. Document Number: 252046-073 Доступно по ссылке: https://www.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-documentation-changes.html (дата обращения: 21.10.2023) Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4. Order Number: 325462-081US September 2023. Доступно по ссылке: https://www.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html (дата обращения: 20.10.2023) Расширенная форма Бэкуса-Наура. Доступно по ссылке: https://ru.wikipedia.org/wiki/Расширенная_форма_Бэкуса-Наура (дата обращения: 23.09.2022) AMD64 Technology. AMD64 Architecture Programmer’s Manual. Volumes 1–5. Publication No. 40332 Revision 4.07 Date June 2023. Доступно по ссылке: https:// https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/40332.pdf (дата обращения: 20.11.2023
Supplementary files
