<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">tuzsut</journal-id><journal-title-group><journal-title xml:lang="ru">Труды учебных заведений связи</journal-title><trans-title-group xml:lang="en"><trans-title>Proceedings of Telecommunication Universities</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1813-324X</issn><issn pub-type="epub">2712-8830</issn><publisher><publisher-name>СПбГУТ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.31854/1813-324X-2024-10-1-86-96</article-id><article-id custom-type="edn" pub-id-type="custom">NZUJAZ</article-id><article-id custom-type="elpub" pub-id-type="custom">tuzsut-550</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGIES AND TELECOMMUNICATION</subject></subj-group></article-categories><title-group><article-title>Методология проведения реверс-инжиниринга машинного кода. Часть 3. Динамическое исследование и документирование</article-title><trans-title-group xml:lang="en"><trans-title>Methodology for Reverse Engineering of Machine Code. Part 3. Dynamic Investigation and Documentation</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-9412-5693</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Израилов</surname><given-names>К. И.</given-names></name><name name-style="western" xml:lang="en"><surname>Izrailov</surname><given-names>K.</given-names></name></name-alternatives><bio xml:lang="ru"><p>кандидат технических наук, доцент, старший научный сотрудник лаборатории проблем компьютерной безопасности Санкт-Петербургского Федерального исследовательского центра Российской академии наук</p></bio><email xlink:type="simple">konstantin.izrailov@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Санкт-Петербургский Федеральный исследовательский центр Российской академии наук</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Saint-Petersburg Federal Research Center of the Russian Academy of Sciences</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>28</day><month>02</month><year>2024</year></pub-date><volume>10</volume><issue>1</issue><fpage>86</fpage><lpage>96</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Израилов К.И., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Израилов К.И.</copyright-holder><copyright-holder xml:lang="en">Izrailov K.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tuzs.sut.ru/jour/article/view/550">https://tuzs.sut.ru/jour/article/view/550</self-uri><abstract><p>Изложены результаты создания единой методологии проведения реверс-инжиниринга машинного кода устройств. Данная, третья заключительная часть цикла статей посвящена динамическому исследованию кода с целью восстановления метаинформации о нем и дополнительному поиску уязвимостей, а также итоговому документированию результатов. Проводится обзор научных публикаций на тему существующих методов и средств динамического анализа машинного кода. Дается детальное описание и формализация шагов этапа, а также примеры их применения на практике. Полная схема предлагаемой методологии приводится в графическом виде с указанием получаемых основных и промежуточных результатов. Все шаги сведены в сводную таблицу, содержащей также некоторые их характеристик. Обсуждаются недостатки методологии и пути их устранения.</p></abstract><trans-abstract xml:lang="en"><p>The results of creating a unified methodology for reverse engineering the machine code of devices are presented. This, the third and final part of the series of articles, is devoted to the dynamic examination of code in order to restore metainformation about it and additionally search for vulnerabilities, as well as the final documentation of the results. A review of scientific publications on the topic of existing methods and tools for dynamic analysis of machine code is carried out. A detailed description and formalization of the steps of the stage is given, as well as examples of their application in practice. A complete diagram of the proposed methodology is presented in graphical form, indicating the main and intermediate results obtained. All steps are summarized in a summary table, which also contains some of their characteristics. The shortcomings of the methodology and ways to eliminate them are discussed.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>реверс-инжиниринг</kwd><kwd>обратная разработка</kwd><kwd>программная инженерия</kwd><kwd>динамический анализ</kwd><kwd>документирование</kwd><kwd>информационная безопасность</kwd><kwd>уязвимости</kwd><kwd>методология</kwd><kwd>схема</kwd></kwd-group><kwd-group xml:lang="en"><kwd>reverse engineering</kwd><kwd>backwards engineering</kwd><kwd>software engineering</kwd><kwd>dynamic analysis</kwd><kwd>documentation</kwd><kwd>information security</kwd><kwd>vulnerabilities</kwd><kwd>methodology</kwd><kwd>diagram</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Hendrix T.D., Cross J.H., Barowski L.A., Mathias K.S. Tool support for reverse engineering multi-lingual software // Proceedings of the Fourth Working Conference on Reverse Engineering (Amsterdam, Netherlands, 06−08 October 1997). IEEE, 1997. PP. 136−143. DOI:10.1109/WCRE.1997.624584</mixed-citation><mixed-citation xml:lang="en">Hendrix T.D., Cross J.H., Barowski L.A., Mathias K.S. Tool support for reverse engineering multi-lingual software. Pro-ceedings of the Fourth Working Conference on Reverse Engineering, 06−08 October 1997, Amsterdam, Netherlands. IEEE; 1997. p.136−143. DOI:10.1109/WCRE.1997.624584</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Израилов К.Е. Методология проведения реверс-инжиниринга машинного кода. Часть 1. Подготовка объекта исследования // Труды учебных заведений связи. 2023. Т. 9. № 5. С. 79−90. DOI:10.31854/1813-324X-2023-9-5-79-90. EDN:ZXLTBA</mixed-citation><mixed-citation xml:lang="en">Izrailov K. Methodology for Machine Code Reverse Engineering. Part 1. Preparation of the Research Object. Proceedings of the Telecommun. Univ. 2023;9(5):79–90. DOI:10.31854/1813-324X-2023-9-5-79-90. EDN:ZXLTBA</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Израилов К.Е. Методология проведения реверс-инжиниринга машинного кода. Часть 2. Статическое исследование // Труды учебных заведений связи. 2023. Т. 9. № 6. С. 68−82. DOI:10.31854/1813-324X-2023-9-6-68-82. EDN:SJSHCE</mixed-citation><mixed-citation xml:lang="en">Izrailov K. Methodology for Machine Code Reverse Engineering. Part 2. Static Investigation. Proceedings of the Telecommun. Univ. 2023;9(6):68−82. DOI:10.31854/1813-324X-2023-9-6-68-82. EDN:SJSHCE</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Каушан В.В. Поиск ошибок выхода за границы буфера в бинарном коде программ // Труды Института системного программирования РАН. 2016. Т. 28. № 5. С. 135−144. DOI:10.15514/ISPRAS-2016-28(5)-8. EDN:VBDRBC</mixed-citation><mixed-citation xml:lang="en">Kaushan V.V. Buffer overrun detection method in binary code. Proceedings of ISP RAS. 2016;28(5):135–144. DOI:10.15514/ISPRAS-2016-28(5)-8. EDN:VBDRBC</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Гузик В.Ф., Золотовский В.Е., Савельев П.В. Выполнение математических операций в системе символьных вычислений // Известия ТРТУ. 2007. № 3(75). С. 138−141. EDN:KTMRPB</mixed-citation><mixed-citation xml:lang="en">Guzik V.F., Zolotovskiy V.Ye., Savelev P.V. Performing mathematical operations in the symbolic computing system. Izvestiya SFedu. Engineering sciences. 2007;3(75):138−141. EDN:KTMRPB</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Леошкевич И.О. Получение архитектурно-независимой семантики исполняемого кода // Безопасность информационных технологий. 2009. Т. 16. № 4. С. 120−124. EDN:WTKHGF</mixed-citation><mixed-citation xml:lang="en">Leoshkevich I.O. Obtaining architecture-independent semantics of executable code. Proceedings of IT Security (Russia). 2009;16(4):120−124. EDN:WTKHGF</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Переберина А.А., Костюшко А.В. Разработка инструментария для динамического анализа вредоносного программного обеспечения // Труды МФТИ. 2018. Т. 10. № 3(39). С. 24−44. EDN:YZAJAD</mixed-citation><mixed-citation xml:lang="en">Pereberina A.A., Kostyushko A.V. Development of tools for dynamic malware analysis. Proceedings of Moscow Institute of Physics and Technology. 2018;10(3):24−44. EDN:YZAJAD</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Ревнивых А.В., Велижанин А.С. Методика автоматизированного формирования структуры дизассемблированного листинга // Кибернетика и программирование. 2019. № 2. С. 1−16. DOI:10.25136/2306-4196.2019.2.28272. EDN:TGCZKJ</mixed-citation><mixed-citation xml:lang="en">Revnivykh A.V., Velizhanin A.S. Methods for Automated Formation of a Disassembled Listing Structure. Cybernetics and Programming. 2019;2:1−16. DOI:10.25136/2306-4196.2019.2.28272. EDN:TGCZKJ</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Соловьев М.А. Восстановление алгоритма по набору бинарных трасс. Дис. ... канд. физ.-мат. наук. М.: Институт системного программирования РAН, 2013. 123 с. EDN:SUSPIZ</mixed-citation><mixed-citation xml:lang="en">Solovev M.A. Reconstructing the algorithm from a set of binary traces. PhD Thesis. Moscow: Ivannikov Institute for System Programming of the Russian Academy of Sciences Publ.; 2013. 123 p. EDN:SUSPIZ</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Jimborean A., Herrmann M., Loechner V., Clauss P. VMAD: A virtual machine for advanced dynamic analysis of programs // Proceedings of International Symposium on Performance Analysis of Systems and Software (Austin, USA, 10−12 April 2011). IEEE, 2011. PP. 125−126. DOI:10.1109/ISPASS.2011.5762725</mixed-citation><mixed-citation xml:lang="en">Jimborean A., Herrmann M., Loechner V., Clauss P. VMAD: A virtual machine for advanced dynamic analysis of programs. Proceedings of International Symposium on Performance Analysis of Systems and Software, 10−12 April 2011, Austin, USA. IEEE; 2011. p.125−126. DOI:10.1109/ISPASS.2011.5762725</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Черчесов А.Э. Фазы загрузки UEFI и способы контроля исполняемых образов // Вопросы защиты информации. 2018. № 2(121). С. 51−53. EDN:RSUTFZ</mixed-citation><mixed-citation xml:lang="en">Cherchesov A.E. UEFI boot phases and how to control executable images. Voprosy zashchity informatsii. 2018;2(121):51–53. EDN:RSUTFZ</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Safyallah H., Sartipi K. Dynamic Analysis of Software Systems using Execution Pattern Mining // Proceedings of the14th IEEE International Conference on Program Comprehension (Athens, Greece, 14−16 June 2006). IEEE, 2006. PP. 84−88. DOI:10.1109/ICPC.2006.19</mixed-citation><mixed-citation xml:lang="en">Safyallah H., Sartipi K. Dynamic Analysis of Software Systems using Execution Pattern Mining. Proceedings of the 14th IEEE International Conference on Program Comprehension, 14−16 June 2006, Athens, Greece. IEEE; 2006. p.84‒88. DOI:10.1109/ICPC.2006.19</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Scherer K., Pfeffer T., Glesner S. I/O Interaction Analysis of Binary Code // Proceedings of the 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (Napoli, Italy, 12−14 June 2019). IEEE, 2019. PP. 225−230. DOI:10.1109/WETICE.2019.00056</mixed-citation><mixed-citation xml:lang="en">Scherer K., Pfeffer T., Glesner S. I/O Interaction Analysis of Binary Code. Proceedings of the 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, 12−14 June 2019, Napoli, Italy. IEEE; 2019. p.225−230. DOI:10.1109/WETICE.2019.00056</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Липаев В.В. Риски проектирования и производства мобильных программных продуктов // Труды Института системного программирования РАН. 2011. Т. 21. С. 167−182. EDN:OKGXND</mixed-citation><mixed-citation xml:lang="en">Lipayev V.V. Risks of design and production of mobile software products. Proceedings of ISP RAS. 2011;21:167−182. EDN:OKGXND</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Израилов К.Е. Концепция генетической декомпиляции машинного кода телекоммуникационных устройств // Труды учебных заведений связи. 2021. Т. 7. № 4. С. 10‒17. DOI:10.31854/1813-324X-2021-7-4-95-109. EDN:AIOFPM</mixed-citation><mixed-citation xml:lang="en">Izrailov K. Enetic Decompilation Concept of the Telecommunication Devices Machine Code. Proceedings of the Telecommun. Univ. 2021;7(4):10‒17. DOI:10.31854/1813-324X-2021-7-4-95-109. EDN:AIOFPM</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Kotenko I., Izrailov K., Buinevich M. Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches // Sensors. 2022. Vol. 22. Iss. 4. PP. 1335. DOI:10.3390/s22041335</mixed-citation><mixed-citation xml:lang="en">Kotenko I., Izrailov K., Buinevich M. Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches. Sensors. 2022;22(4):1335. DOI:10.3390/s22041335</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
