6

I am looking for an algorithm or some tips on how to find scope changes when doing static analysis of a decompiled ASM source. I need to know the scope changes for tracking stack usage and reaching definitions for variables. If I have a program like

int somefunc(int b) {

// Scope 1
a = b + 1;

if(a > 0) {
  // Scope 2
  a = 0
} else {
  // Scope 3
  a = b;
}

return a;

Once I have constructed the flow graph from the assembly, how do I know then scope changes from 1-2 and back from 2-1 etc? My only guess so far is it would have something to do with dominance and checking for subgraphs. Some of the issues that I would see with this approach would be the loops or statements that have early terminations such as break; continue; return - they will produce a graph where you can not determine dominance and won't be able to tell when your scope increases or decreases.

Vitaly Omelchenko
  • 163
  • 5
  • 2
    There is no such concept at assembly level, so simply put: you won't know. You can certainly follow conditional jumps or so, but they may not coincide with scopes in the original. Basically turning C into assembly into binary is a lossy process and you have to deal with it when reverse engineering. – 0xC0000022L Jan 30 '14 at 20:18

2 Answers2

2

The problem of scope (and the related problem of dynamic typing) eg in JavaScript is tackled by Marijn Haverbeke's tern project. Maybe this could be of great help to this case.

Effectively when you have the decompiled source you can use sth like tern to analyze it as source code on-the-fly (as is done in javascript for which tern is designed)

Nikos M.
  • 201
  • 1
  • 4
  • dont like it? Yet it does provide a way to have a tool to check the (static) scope of variables in the decompiled source, tern maybe for javascript (and is open source) but it can easily (presumably) be modified for other source code – Nikos M. May 26 '14 at 15:14
1

The concept of lexical scope is ONLY available at a higher level of language than assembly. The compiler is what keeps track of scope. Once source has been compiled to machine code, the concept of "scope" ceases to exist... its just a long stream of instructions.

avgvstvs
  • 620
  • 3
  • 13