Jiahao He,Shuangyin Li,Xinming Wang,Shing-Chi Cheung,Gansen Zhao,Jinji Yang

DOI: https://doi.org/10.1016/j.jss.2023.111627

2023-02-01

Abstract:Millions of smart contracts have been deployed onto the Ethereum platform, posing potential attack subjects. Therefore, analyzing contract binaries is vital since their sources are unavailable, involving identification comprising function entry identification and detecting its boundaries. Such boundaries are critical to many smart contract applications, e.g. reverse engineering and profiling. Unfortunately, it is challenging to identify functions from these stripped contract binaries due to the lack of internal function call statements and the compiler-inducing instruction reshuffling. Recently, several existing works excessively relied on a set of handcrafted heuristic rules which impose several faults. To address this issue, we propose a novel neural network-based framework for EVM bytecode Function Entries and Boundaries Identification (neural-FEBI) that does not rely on a fixed set of handcrafted rules. Instead, it used a two-level bi-Long Short-Term Memory network and a Conditional Random Field network to locate the function entries. The suggested framework also devises a control flow traversal algorithm to determine the code segments reachable from the function entry as its boundary. Several experiments on 38,996 publicly available smart contracts collected as binary demonstrate that neural-FEBI confirms the lowest and highest F1-scores for the function entries identification task across different datasets of 88.3 to 99.7, respectively. Its performance on the function boundary identification task is also increased from 79.4% to 97.1% compared with state-of-the-art. We further demonstrate that the identified function information can be used to construct more accurate intra-procedural CFGs and call graphs. The experimental results confirm that the proposed framework significantly outperforms state-of-the-art, often based on handcrafted heuristic rules.

Software Engineering

Håvard Pettersen,Donn Morrison

2024-01-15

Abstract:This study addresses the challenge of reverse engineering binaries from unknown instruction set architectures, a complex task with potential implications for software maintenance and cyber-security. We focus on the tasks of detecting candidate call and return opcodes for automatic extraction of call graphs in order to simplify the reverse engineering process. Empirical testing on a small dataset of binary files from different architectures demonstrates that the approach can accurately detect specific opcodes under conditions of noisy data. The method lays the groundwork for a valuable tool for reverse engineering where the reverse engineer has minimal a priori knowledge of the underlying instruction set architecture.

Cryptography and Security,Software Engineering

Tao Wei,Jian Mao,Wei Zou,Yu Chen

DOI: https://doi.org/10.1007/978-3-540-74061-2_11

2007-01-01

Abstract:Loop identification is an essential step of control flow analysis in decompilation. The Classical algorithm for identifying loops is Tarjan’s interval-finding algorithm, which is restricted to reducible graphs. Havlak presents one extension of Tarjan’s algorithm to deal with irreducible graphs, which constructs a loop-nesting forest for an arbitrary flow graph. There’s evidence showing that the running time of this algorithm is quadratic in the worst-case, and not almost linear as claimed. Ramalingam presents an improved algorithm with low time complexity on arbitrary graphs, but it performs not quite well on “real” control flow graphs (CFG). We present a novel algorithm for identifying loops in arbitrary CFGs. Based on a more detailed exploration on properties of loops and depth-first search (DFS), this algorithm traverses a CFG only once based on DFS and collects all information needed on the fly. It runs in approximately linear time and does not use any complicated data structures such as Interval/Derived Sequence of Graphs (DSG) or UNION-FIND sets. To perform complexity analysis of the algorithm, we introduce a new concept called unstructuredness coefficient to describe the unstructuredness of CFGs, and we find that the unstructuredness coefficients of these executables are usually small (<1.5). Such “low-unstructuredness” property distinguishes these CFGs from general single-root connected directed graphs, and it offers an explanation why those algorithms existed perform not quite well on real-world cases. The new algorithm has been applied to 11526 CFGs in 6 typical binary executables on both Linux and Window platforms. Experimental result has validated our theoretical analysis and it shows that our algorithm runs 2-5 times faster than the Havlak-Tarjan algorithm, and 2-8 times faster than the Ramalingam-Havlak-Tarjan algorithm.

Han Gao,Shaoyin Cheng,Yinxing Xue,Weiming Zhang

DOI: https://doi.org/10.1145/3460319.3464804

2021-01-01

Abstract:Software in the wild is usually released as stripped binaries that contain no debug information (e.g., function names). This paper studies the issue of reassigning descriptive names for functions to help facilitate reverse engineering. Since the essence of this issue is a data-driven prediction task, persuasive research should be based on sufficiently large-scale and diverse data. However, prior studies can only be based on small-scale datasets because their techniques suffer from heavyweight binary analysis, making them powerless in the face of big-size and large-scale binaries. This paper presents the Neural Function Rename Engine (NFRE), a lightweight framework for function name reassignment that utilizes both sequential and structural information of assembly code. NFRE uses fine-grained and easily acquired features to model assembly code, making it more effective and efficient than existing techniques. In addition, we construct a large-scale dataset and present two data-preprocessing approaches to help improve its usability. Benefiting from the lightweight design, NFRE can be efficiently trained on the large-scale dataset, thereby having better generalization capability for unknown functions. The comparative experiments show that NFRE outperforms two existing techniques by a relative improvement of 32% and 16%, respectively, while the time cost for binary analysis is much less.

Matan Avitan,Elena V. Ravve,Zeev Volkovich

DOI: https://doi.org/10.3390/math12050658

IF: 2.4

2024-02-25

Mathematics

Abstract:Many different aspects of software system development and verification rely on precise function identification in binary code. Recognition of the source Assembly functions in embedded systems is one of the fundamental challenges in binary program analysis. While numerous approaches assume that the functions are given a priori, correct identification of the functions in binaries remains a great issue. This contribution addresses the problem of uncertainty in binary code in identification of functions, which were optimized during compilation. This paper investigates the difference between debug and optimized functions via modeling of these functions. To do so, we introduce an extensible model-centred hands-on approach for examining similarities between binary functions. The main idea is to model each function using a set of predetermined, experimentally discovered features, and then find a suitable weight vector that could give impact factor to each such a feature. After finding the weight vector, the introduced models of such desired functions can be identified in binary software packages. It means that we reduce the similarity identification problem of the models to a classical version of optimization problems with one optimization criterion. Using our implementation, we found that the proposed approach works smoothly for functions, which contain at least ten Assembly instructions. Our tool guarantees success at a very high level.

mathematics

Tao Wei,Runpu Wu,Tielei Wang,Xinjian Zhao,Wei Zou,Weihong Zheng

DOI: https://doi.org/10.1007/978-3-642-28798-5_19

2012-01-01

Abstract:Call graph plays an important role in interprocedural program analysis methods. However, due to the common exist of function pointers and virtual functions in large programs, call graphs used in current program analysis systems are usually incomplete and imprecise, especially in analysis systems for binary executables. In this paper, we present a scalable and effective approach to automatically resolve virtual-function calls in executables. For the benchmark used in previous studies, our approach resolved almost 100% of reachable virtual function call-sites, whereas CodeSurfer/x86 resolved about 82%. © 2012 Springer-Verlag.

Rebecca Saul,Chang Liu,Noah Fleischmann,Richard Zak,Kristopher Micinski,Edward Raff,James Holt

2024-10-30

Abstract:Binary analysis is a core component of many critical security tasks, including reverse engineering, malware analysis, and vulnerability detection. Manual analysis is often time-consuming, but identifying commonly-used or previously-seen functions can reduce the time it takes to understand a new file. However, given the complexity of assembly, and the NP-hard nature of determining function equivalence, this task is extremely difficult. Common approaches often use sophisticated disassembly and decompilation tools, graph analysis, and other expensive pre-processing steps to perform function similarity searches over some corpus. In this work, we identify a number of discrepancies between the current research environment and the underlying application need. To remedy this, we build a new benchmark, REFuSE-Bench, for binary function similarity detection consisting of high-quality datasets and tests that better reflect real-world use cases. In doing so, we address issues like data duplication and accurate labeling, experiment with real malware, and perform the first serious evaluation of ML binary function similarity models on Windows data. Our benchmark reveals that a new, simple basline, one which looks at only the raw bytes of a function, and requires no disassembly or other pre-processing, is able to achieve state-of-the-art performance in multiple settings. Our findings challenge conventional assumptions that complex models with highly-engineered features are being used to their full potential, and demonstrate that simpler approaches can provide significant value.

Machine Learning,Cryptography and Security

Minghua Wang,Heng Yin,Abhishek Vasisht Bhaskar,Purui Su,Dengguo Feng

DOI: https://doi.org/10.1145/2818000.2818017

2015-01-01

Abstract:Control Flow Integrity (CFI) is an effective technique to mitigate threats such as code-injection and code-reuse attacks in programs by protecting indirect transfers. For stripped binaries, a CFI policy has to be made conservatively due to the lack of source code level semantics. Existing binary-only CFI solutions such as BinCFI and CCFIR demonstrate the ability to protect stripped binaries, but the policies they apply are too permissive, allowing sophisticated code-reuse attacks. In this paper, we propose a new binary-only CFI protection scheme called BinCC, which applies static binary rewriting to provide finer-grained protection for x86 stripped ELF binaries. Through code duplication and static analysis, we divide the binary code into several mutually exclusive code continents. We further classify each indirect transfer within a code continent as either an Intra-Continent transfer or an Inter-Continent transfer, and apply separate, strict CFI polices to constrain these transfers. To evaluate BinCC, we introduce new metrics to estimate the average amount of legitimate targets of each kind of indirect transfer as well as the difficulty to leverage call preceded gadgets to generate ROP exploits. Compared to the state of the art binary-only CFI, BinCFI, the experimental results show that BinCC significantly reduces the legitimate transfer targets by 81.34% and increases the difficulty for adversaries to bypass CFI restriction to launch sophisticated ROP attacks. Also, BinCC achieves a reasonable performance, around 14% of the space overhead decrease and only 4% runtime overhead increase as compared to BinCFI.

Huaijin Wang,Pingchuan Ma,Yuanyuan Yuan,Zhibo Liu,Shuai Wang,Qiyi Tang,Sen Nie,Shi Wu

DOI: https://doi.org/10.1109/tse.2022.3149240

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Binary code function search has been used as the core basis of various security and software engineering applications, including malware clustering, code clone detection, and vulnerability audits. Recognizing logically similar assembly functions, however, remains a challenge. Most binary code search tools rely on program structure-level information, such as control flow and data flow graphs, that is extracted using program analysis techniques or deep neural networks (DNNs). However, DNN-based techniques capture lexical-, control structure-, or data flow-level information of binary code for representation learning, which is often too coarse-grained and does not accurately denote program functionality. Additionally, it may exhibit low robustness to a variety of challenging settings, such as compiler optimizations and obfuscations. This paper proposes a general solution for enhancing the top-$k$k ranked candidates in DNN-based binary code function search. The key idea is to design a low-cost and comprehensive equivalence check that quickly exposes functionality deviations between the target function and its top-$k$k matched functions. Functions that fail this equivalence check can be shaved from the top-$k$k list, and functions that pass the check can be revisited to move ahead on the top-$k$k ranked candidates, in a deliberate way. We design a practical and efficient equivalence check, named BinUSE, using under-constrained symbolic execution (USE). USE, a variant of symbolic execution, improves scalability by initiating symbolic execution directly from function entry points and relaxing constraints on function parameters. It eliminates the overhead incurred by path explosion and costly constraints. BinUSE is specifically designed to deliver an assembly function-level equivalence check, enhancing DNN-based binary code search by reducing its false alarms with low cost. Our evaluation shows that BinUSE can enable a general and effective enhancement of four state-of-the-art DNN-based binary code search tools when confronted with challenges posed by different compilers, optimizations, obfuscations, and architectures.

engineering, electrical & electronic,computer science, software engineering

Tong Ye,Lingfei Wu,Tengfei Ma,Xuhong Zhang,Yangkai Du,Peiyu Liu,Shouling Ji,Wenhai Wang

DOI: https://doi.org/10.48550/arXiv.2310.16853

2023-10-24

Abstract:Automatically generating function summaries for binaries is an extremely valuable but challenging task, since it involves translating the execution behavior and semantics of the low-level language (assembly code) into human-readable natural language. However, most current works on understanding assembly code are oriented towards generating function names, which involve numerous abbreviations that make them still confusing. To bridge this gap, we focus on generating complete summaries for binary functions, especially for stripped binary (no symbol table and debug information in reality). To fully exploit the semantics of assembly code, we present a control flow graph and pseudo code guided binary code summarization framework called CP-BCS. CP-BCS utilizes a bidirectional instruction-level control flow graph and pseudo code that incorporates expert knowledge to learn the comprehensive binary function execution behavior and logic semantics. We evaluate CP-BCS on 3 different binary optimization levels (O1, O2, and O3) for 3 different computer architectures (X86, X64, and ARM). The evaluation results demonstrate CP-BCS is superior and significantly improves the efficiency of reverse engineering.

Programming Languages,Artificial Intelligence

Shuai Jiang,Yao Hong,Cai Fu,Yekui Qian,Lansheng Han

DOI: https://doi.org/10.1016/j.jisa.2021.102953

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:The obfuscation detection technology is an important auxiliary means of malware detection. Also, for security practitioners, it can carry out automatic obfuscation detection before manual reverse analysis, which helps reverse engineers to perform reverse analysis more specifically. Existing obfuscation detection methods are mainly for Android applications and based on traditional machine learning, whose detection granularity is coarse, generality is poor, and the performance is not good enough. To address these issues, in this paper, we propose a function-level obfuscation detection method based on Graph Convolutional Networks for X86 assembly code and Android applications. Firstly, our method is function-level obfuscation detection, and we extract the Control Flow Graph (CFG) of each function as its feature, including the adjacency matrix and the basic block feature matrix. Secondly, we build a hybrid neural network model GCN-LSTM as our obfuscation detection model, which combines the Graph Convolutional Network (GCN) and the Long Short-Term Memory (LSTM). Finally, we conduct experiments using real-world open-source programs and compare results with baseline methods. For function-level detection, the accuracy of our method is 94.7575% for X86 assembly code and 98.9457% for Android applications, both of which are better than baseline methods. For APK-level detection, our method can almost completely detect the obfuscated APKs. Experimental results show that our method performs well for both X86 assembly code and Android applications and is superior to the baseline methods in both function-level detection and APK-level detection. Our research showcases a successful application of the Graph Convolutional Network and the Control Flow Graph on code obfuscation detection problems.

Carlo Meijer,Veelasha Moonsamy,Jos Wetzels

DOI: https://doi.org/10.48550/arXiv.2009.04274

2020-09-09

Cryptography and Security

Abstract:The continuing use of proprietary cryptography in embedded systems across many industry verticals, from physical access control systems and telecommunications to machine-to-machine authentication, presents a significant obstacle to black-box security-evaluation efforts. In-depth security analysis requires locating and classifying the algorithm in often very large binary images, thus rendering manual inspection, even when aided by heuristics, time consuming. In this paper, we present a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code. Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. By combining the said approach with symbolic execution, we overcome all limitations of their work, and are able to extend the analysis into the domain of unknown, proprietary cryptographic primitives. To demonstrate that our proposal is practical, we develop various signatures, each targeted at a distinct class of cryptographic primitives, and present experimental evaluations for each of them on a set of binaries, both publicly available (and thus providing reproducible results), and proprietary ones. Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.

Chengbin Pang,Ruotong Yu,Dongpeng Xu,Eric Koskinen,Georgios Portokalidis,Jun Xu

DOI: https://doi.org/10.48550/arXiv.2104.03168

2021-04-07

Abstract:Function entry detection is critical for security of binary code. Conventional methods heavily rely on patterns, inevitably missing true functions and introducing errors. Recently, call frames have been used in exception-handling for function start detection. However, existing methods have two problems. First, they combine call frames with heuristic-based approaches, which often brings error and uncertain benefits. Second, they trust the fidelity of call frames, without handling the errors that are introduced by call frames. In this paper, we first study the coverage and accuracy of existing approaches in detecting function starts using call frames. We found that recursive disassembly with call frames can maximize coverage, and using extra heuristic-based approaches does not improve coverage and actually hurts accuracy. Second, we unveil call-frame errors and develop the first approach to fix them, making their use more reliable.

Cryptography and Security

Chengbin Pang,Tiantai Zhang,Xuelan Xu,Linzhang Wang,Bing Mao

DOI: https://doi.org/10.1145/3597926.3598097

2023-01-01

Abstract:Function entry identification is a crucial yet challenging task for binary disassemblers that has been the focus of research in the past decades. However, recent researches show that call frame information (CFI) provides accurate and almost complete function entries. With the aid of CFI, disassemblers have significant improvements in function entry detection. CFI is specifically designed for efficient stack unwinding, and every function has corresponding CFI in x64 and aarch64 architectures. Nevertheless, not every function and instruction unwinds the stack at runtime, and this observation has led to the development of techniques such as obfuscation to complicate function detection by disassemblers. We propose a prototype of OCFI to obfuscate CFI based on this observation. The goal of OCFI is to obstruct function detection of popular disassemblers that use CFI as a way to detect function entries. We evaluated OCFI on a large-scale dataset that includes real-world applications and automated generation programs, and found that the obfuscated CFI was able to correctly unwind the stack and make the detection of function entries of popular disassemblers more difficult. Furthermore, on average, OCFI incurs a size overhead of only 4% and nearly zero runtime overhead.

Guoqiang Chen,Xiuwei Shang,Shaoyin Cheng,Yanming Zhang,Weiming Zhang,Nenghai Yu

2024-03-27

Abstract:Analyzing the behavior of cryptographic functions in stripped binaries is a challenging but essential task. Cryptographic algorithms exhibit greater logical complexity compared to typical code, yet their analysis is unavoidable in areas such as virus analysis and legacy code inspection. Existing methods often rely on data or structural pattern matching, leading to suboptimal generalizability and suffering from manual work. In this paper, we propose a novel framework called FoC to Figure out the Cryptographic functions in stripped binaries. In FoC, we first build a binary large language model (FoCBinLLM) to summarize the semantics of cryptographic functions in natural language. The prediction of FoC-BinLLM is insensitive to minor changes, such as vulnerability patches. To mitigate it, we further build a binary code similarity model (FoC-Sim) upon the FoC-BinLLM to create change-sensitive representations and use it to retrieve similar implementations of unknown cryptographic functions in a database. In addition, we construct a cryptographic binary dataset for evaluation and to facilitate further research in this domain. And an automated method is devised to create semantic labels for extensive binary functions. Evaluation results demonstrate that FoC-BinLLM outperforms ChatGPT by 14.61% on the ROUGE-L score. FoC-Sim outperforms the previous best methods with a 52% higher Recall@1. Furthermore, our method also shows practical ability in virus analysis and 1-day vulnerability detection.

Cryptography and Security

Yunan Zhang,Xu,Yixin Jiang

DOI: https://doi.org/10.1109/trustcom50675.2020.00111

2020-01-01

Abstract:Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, compiler options and malware family. In this paper, we propose a scalable and accurate binary search engine which performs syntactic matching by combining a set of key techniques to address the challenges above. The key contribution is binary code searching technique which combined function filtering and partial trace method to match the function code relatively quick and accurate. In addition, a simhash and basic information based function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce a partial trace method for matching the shortlisted function accurately. The experimental results show that our method can find similar functions, even with the presence of program structure distortion, in a scalable manner.

Guoqiang Chen,Han Gao,Jie Zhang,Yanru He,Shaoyin Cheng,Weiming Zhang

DOI: https://doi.org/10.1109/PST58708.2023.10320193

2023-01-01

Abstract:Building a model to reassign descriptive names for binary functions is considerable assistance for reverse engineering. Existing methods proposed for this issue are based on the low-level representation of binary code (e.g., assembly code), and especially the recent approaches employed neural-based models on instruction sequences. However, their performance is still unsatisfactory. Meanwhile, modern decompilers provide lifted representations of binary code, and their effectiveness has not been adequately studied. This paper further explores the issue of function name reassignment from the perspective of binary code representation. Specifically, we present a general and flexible NEural-based function name Reassignment framework NER, which leverages a decompiler to obtain a specific representation and applies the corresponding serialization strategy on it. NER then uses an alternative neural network to make predictions. Three levels of representation are investigated, including assembly code, Intermediate Representation (IR), and pseudo-code. We observe the binary code representations are significant for the final performance. It demonstrates that the pseudo-code is the most effective one. Based on these findings, we leverage the framework to implement a reassignment model NER-pc, which has 25% and 10% F1 score improvements against the state-of-the-art methods. Besides, more experiments are conducted to verify the design of NER and the effectiveness of NER-pc.

Ruturaj K. Vaidya,Prasad A. Kulkarni

2024-01-14

Abstract:Memory corruption is an important class of vulnerability that can be leveraged to craft control flow hijacking attacks. Control Flow Integrity (CFI) provides protection against such attacks. Application of type-based CFI policies requires information regarding the number and type of function arguments. Binary-level type recovery is inherently speculative, which motivates the need for an evaluation framework to assess the effectiveness of binary-level CFI techniques compared with their source-level counterparts, where such type information is fully and accurately accessible. In this work, we develop a novel, generalized and extensible framework to assess how the program analysis information we get from state-of-the-art binary analysis tools affects the efficacy of type-based CFI techniques. We introduce new and insightful metrics to quantitatively compare source independent CFI policies with their ground truth source aware counterparts. We leverage our framework to evaluate binary-level CFI policies implemented using program analysis information extracted from the IDA Pro binary analyzer and compared with the ground truth information obtained from the LLVM compiler, and present our observations.

Cryptography and Security,Software Engineering

Toufique Ahmed,Premkumar Devanbu,Anand Ashok Sawant

DOI: https://doi.org/10.48550/arXiv.2103.05221

2021-03-09

Software Engineering

Abstract:Much software, whether beneficent or malevolent, is distributed only as binaries, sans source code. Absent source code, understanding binaries' behavior can be quite challenging, especially when compiled under higher levels of compiler optimization. These optimizations can transform comprehensible, "natural" source constructions into something entirely unrecognizable. Reverse engineering binaries, especially those suspected of being malevolent or guilty of intellectual property theft, are important and time-consuming tasks. There is a great deal of interest in tools to "decompile" binaries back into more natural source code to aid reverse engineering. Decompilation involves several desirable steps, including recreating source-language constructions, variable names, and perhaps even comments. One central step in creating binaries is optimizing function calls, using steps such as inlining. Recovering these (possibly inlined) function calls from optimized binaries is an essential task that most state-of-the-art decompiler tools try to do but do not perform very well. In this paper, we evaluate a supervised learning approach to the problem of recovering optimized function calls. We leverage open-source software and develop an automated labeling scheme to generate a reasonably large dataset of binaries labeled with actual function usages. We augment this large but limited labeled dataset with a pre-training step, which learns the decompiled code statistics from a much larger unlabeled dataset. Thus augmented, our learned labeling model can be combined with an existing decompilation tool, Ghidra, to achieve substantially improved performance in function call recovery, especially at higher levels of optimization.

Zian Su,Xiangzhe Xu,Ziyang Huang,Kaiyuan Zhang,Xiangyu Zhang

2024-10-31

Abstract:Human-Oriented Binary Reverse Engineering (HOBRE) lies at the intersection of binary and source code, aiming to lift binary code to human-readable content relevant to source code, thereby bridging the binary-source semantic gap. Recent advancements in uni-modal code model pre-training, particularly in generative Source Code Foundation Models (SCFMs) and binary understanding models, have laid the groundwork for transfer learning applicable to HOBRE. However, existing approaches for HOBRE rely heavily on uni-modal models like SCFMs for supervised fine-tuning or general LLMs for prompting, resulting in sub-optimal performance. Inspired by recent progress in large multi-modal models, we propose that it is possible to harness the strengths of uni-modal code models from both sides to bridge the semantic gap effectively. In this paper, we introduce a novel probe-and-recover framework that incorporates a binary-source encoder-decoder model and black-box LLMs for binary analysis. Our approach leverages the pre-trained knowledge within SCFMs to synthesize relevant, symbol-rich code fragments as context. This additional context enables black-box LLMs to enhance recovery accuracy. We demonstrate significant improvements in zero-shot binary summarization and binary function name recovery, with a 10.3% relative gain in CHRF and a 16.7% relative gain in a GPT4-based metric for summarization, as well as a 6.7% and 7.4% absolute increase in token-level precision and recall for name recovery, respectively. These results highlight the effectiveness of our approach in automating and improving binary code analysis.

Software Engineering,Artificial Intelligence