Research On Technology Of Inter-process Communication Reverse Analysis

Multi-process-architecture program has large advantages in terms of security, robustnessand performance compared with the one designed in single process architecture. Nowadays, a lotof software is designed in multi-process-architecture, which makes the reverse analysis ofmulti-process-architecture software become an important topic. Aiming at the problem thattraditional reverse analysis methods are difficult and ineffective in the analysis ofmulti-process-architecture software, based on dynamic binary analysis platform TEMU, wemake a research on the inter-process-communication reverse analysis technology, which playsan important role in the field of software reverse analysis.Based on the deep analysis of common inter-process-communication procedure, we create athree-layer model of inter-process-communication procedure, according to which theinter-process-communication function calls are divided into different entities with differentfunctions. We also study the communication-collaboration-relationship among entities, andpropose a method to extract communication-collaboration-relationship by analyzing theinformation of communication-function-call.We also research and realize a method based on TEMU to get information of programexecution. Based on the deep analysis on the framework and principle of TEMU, we expand thefunction of TEMU by adding the function of extracting function-call-chains and parameters ofcommunication function. Towards the problem of extracting the information of communicationfunction call, we create a model to describe the system function by describing the systemfunction calling convention and parameter format in a uniform format, based on which a methodto get system function call information is proposed.We designed and implemented an inter-process-communication analysis system IPCerbased on TEMU, testing the functionality and performance of IPCer with multiple instances, andanalyze the test result. Experimental results demonstrate that the system can extract thechain-of-function-call of communication function and communication-collaboration-relationshipcorrectly, improving the efficiency of reverse analysis in inter-process-communication comparedwith the traditional reverse analysis methods.