LEADER 02029nam  2200613   450 
001 996466642403316
005 20220821093334.0
010   $a3-540-38411-1
024 7 $a10.1007/BFb0096194
035   $a(CKB)1000000000437966
035   $a(SSID)ssj0000324711
035   $a(PQKBManifestationID)12091439
035   $a(PQKBTitleCode)TC0000324711
035   $a(PQKBWorkID)10314886
035   $a(PQKB)10112623
035   $a(DE-He213)978-3-540-38411-3
035   $a(MiAaPQ)EBC5592747
035   $a(Au-PeEL)EBL5592747
035   $a(OCoLC)1066190994
035   $a(MiAaPQ)EBC6819275
035   $a(Au-PeEL)EBL6819275
035   $a(PPN)155215329
035   $a(EXLCZ)991000000000437966
100   $a20220821d1980      uy             0
101 0 $aeng
135   $aurnn|008mamaa
181   $ctxt
182   $cc
183   $acr
200 10$aMathieu functions and spheroidal functions and their mathematical foundations $efurther studies /$fJ. Meixner, F. W. Scha?fke, and G. Wolf
205   $a1st ed. 1980.
210  1$aBerlin :$cSpringer,$d[1980]
210  4$d©1980
215   $a1 online resource (CXL, 130 p.) 
225 1 $aLecture Notes in Mathematics,$x0075-8434 ;$v837
300   $aBibliographic Level Mode of Issuance: Monograph
311   $a3-540-10282-5 
327   $aFoundations -- Mathieu functions -- Spheroidal functions.
410  0$aLecture Notes in Mathematics,$x0075-8434 ;$v837
606   $aMathematical analysis
606   $aMathematical analysis$xStatistical methods
615  0$aMathematical analysis.
615  0$aMathematical analysis$xStatistical methods.
676   $a515
700   $aMeixner$b Josef$f1908-1994,$012605
702   $aScha?fke$b Friedrich Wilhelm$f1922-2010,
702   $aWolf$b G.
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a996466642403316
996   $aMathieu functions and spheroidal functions and their mathematical foundations$92906366
997   $aUNISA

LEADER 05591nam  22004093a 450 
001 9910831843103321
005 20250203235540.0
010   $a9783863097189
010   $a3863097181
024 8 $ahttps://doi.org/10.20378/irb-47325
035   $a(CKB)4950000000290090
035   $a(ScCtBLL)96bac1aa-bb40-4d90-bc07-6484fd155923
035   $a(Perlego)2327278
035   $a(EXLCZ)994950000000290090
100   $a20250203i20202021  uu 
101 0 $aeng
135   $auru||||||||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 00$aData Structure Identification from Executions of Pointer Programs$fThomas Rupprecht$hVolume 41
210  1$a[s.l.] :$cBamberg University Press,$d2020.
215   $a1 online resource (1 p.)
225 1 $aSchriften aus der Fakultät Wirtschaftsinformatik und Angewandte Informatik
330   $aThe reverse engineering of binaries is a tedious and time consuming task, yet mandatory when the need arises to understand the behaviour of a program for which source code is unavailable. Instances of source code loss for old arcade games [1] and the steadily growing amount of malware [2] are prominent use cases requiring reverse engineering. One of the challenges when dealing with binaries is the loss of low level type information, i.e., primitive and compound types, which even state-of-the-art type recovery tools often cannot reconstruct with full accuracy. Further programmers most commonly use high level data structures, such as linked lists, in addition to primitive types. Therefore detection of dynamic data structure shapes is an important aspect of reverse engineering. Though the recognition of dynamic data structure shapes in the presence of tricky programming concepts such as pointer arithmetic and casts - which are both fundamental concepts to enable, e.g., the frequently used Linux kernel list [3] - also bring current shape detection tools to their limits. A recent approach called Data Structure Investigator (DSI) [4] , aims for the detection of dynamic pointer based data structures. While the approach is general in nature, a concrete realization for C programs requiring source code is envisioned as programming constructs such as type casts and pointer arithmetic will stress test the approach. Therefore, the first research question addressed in this dissertation is whether DSI can meet its goal in the presence of the sheer multitude of existing data structure implementations. The second research question is whether DSI can be opened up to reverse engineer C/C++ binaries, even in the presence of type information loss and the variety of C/C++ programming constructs. Both questions are answered positively in this dissertation. The first is answered by realizing the DSI source code approach, which requires detailing fundamental aspects of DSI's theory to arrive at a working implementation, e.g., handling the consistency of DSI's memory abstraction and quantifying the interconnections found within a dynamic pointer based data structure, e.g., a parent child nesting scenario, to allow for its detection. DSI's utility is evaluated on an extensive benchmark including real world examples (libusb [5], bash [6]) and shape analysis examples, [7,8] . The second question is answered through the development of a DSI prototype for binaries (DSIbin). To compensate for the loss of perfect type information found in source code, DSIbin interfaces with the state-of-the-art type recovery tool Howard [9]. Notably, DSIbin improves upon type information recovered by Howard. This is accomplished through a much improved nested struct detection and type merging algorithm, both of which are fundamental aspects for the reverse engineering of binaries. The proposed approach is again evaluated by a diverse benchmark containing real world examples such as, the VNC clipping library, The Computer Language Benchmarks Game and the Olden Benchmark, as well as examples taken from the shape analysis literature. In summary, this dissertation improves upon the state-of-the-art of shape detection and reverse engineering by (i) realizing and evaluating the DSI approach, which includes contributing to DSI's theory and results in the DSI prototype; (ii) opening up DSI for C/C++ binaries so as to extend DSI to reverse engineering, resulting in the DSIbin prototype; (iii) handling data structures with DSIbin not covered by some related work such as skip lists; (iv) refining the nesting detection and performing type merging for types excavated by Howard. Further, DSIbin's ultimate future use case of malware analysis is hardened by revealing the presence of dynamic data structures in multiple real world malware samples. In summary, this dissertation advanced the dynamic analysis of data structure shapes with the aforementioned contributions to the DSI approach for source code and further by transferring this new technology to the analysis of binaries. The latter resulted in the additional insight that high level dynamic data structure information can help to infer low level type information.
410   $aSchriften aus der Fakultät Wirtschaftsinformatik und Angewandte Informatik
606   $aComputers / Data Science$2bisacsh
606   $aComputers
615  7$aComputers / Data Science
615  0$aComputers.
700   $aRupprecht$b Thomas$0789541
801  0$bScCtBLL
801  1$bScCtBLL
906   $aBOOK
912   $a9910831843103321
996   $aData Structure Identification from Executions of Pointer Programs$94318961
997   $aUNINA