HyRES: Recovering Data Structures in Binaries via Semantic Enhanced Hybrid Reasoning

HyRES: Recovering Data Structures in Binaries via Semantic Enhanced Hybrid Reasoning

연구 분야: Safety

학회: ACM Transactions on Software Engineering and Methodology

Binary reverse engineering is pivotal in the realm of cybersecurity, enabling critical applications such as malware analysis, legacy code hardening, and vulnerability detection. However, the challenge of recovering structural information from binaries, especially stripped ones, persists due to the significant loss of variable boundaries, types, names and data flow information during compilation. In this paper, we introduce HyRES (Hybrid REasoning For Structure Recovery), an innovative hybrid reasoning technique that energizes static analysis, large language model (LLM), and heuristic methods to recover data structures from stripped binaries. It analyzes the structure layout and proficiently infer its semantics via LLM, and utilizes semantics to perform semantic-enhanced structure aggregation, which overcomes the need for complete data flow. HyRES outperforms state-of-the-art (SOTA) solutions in terms of structure pointer identification and layout recovery. Specifically, HyRES achieves 65.1% higher recall and 33.4% higher accuracy than the SOTA, while also being 64.2% faster than existing SOTA solutions. Comprehensive experiments demonstrate HyRES's superior performance and practical utility in real-world reverse engineering tasks, marking a significant advancement in binary analysis.