Abstract: “This paper is a survey of the use of static program analysis techniques on binary executables. Static analysis techniques are often used on a program’s source code, which is usually a high level language. It is possible to apply them directly on the machine code of a compiled program. One of the challenges is building up a control flow graph of a procedure, since indirect branch instructions accept the contents of a register for the destination address. Program slicing techniques can be used to reduce the assembly code to the smallest possible program to compute the value of that register, and determine the range of values in the register.
Another problem is disassembly itself. On architectures with instructions of varying size, it is difficult to locate the start of the first machine code instruction in a section consisting of both code and data. Also, malicious code could take advantage of the difficulties in disassembly to hide its existence.Various static analysis techniques have been developed to analyze such programs, in order to build up a control flow graph and a call graph. Finally, type-state techniques have been developed to verify that machine code conforms to its interface, and does not alter areas of memory which it should not.”