Skip to main content
SpringerLink
Log in

GPU-Disasm: A GPU-Based X86 Disassembler

  • Conference paper
  • First Online:
Information Security (ISC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9290))

Included in the following conference series:

Abstract

Static binary code analysis and reverse engineering are crucial operations for malware analysis, binary-level software protections, debugging, and patching, among many other tasks. Faster binary code analysis tools are necessary for tasks such as analyzing the multitude of new malware samples gathered every day. Binary code disassembly is a core functionality of such tools which has not received enough attention from a performance perspective. In this paper we introduce GPU-Disasm, a GPU-based disassembly framework for x86 code that takes advantage of graphics processors to achieve efficient large-scale analysis of binary executables. We describe in detail various optimizations and design decisions for achieving both inter-parallelism, to disassemble multiple binaries in parallel, as well as intra-parallelism, to decode multiple instructions of the same binary in parallel. The results of our experimental evaluation in terms of performance and power consumption demonstrate that GPU-Disasm is twice as fast than a CPU disassembler for linear disassembly and 4.4 times faster for exhaustive disassembly, with power consumption comparable to CPU-only implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Cpu benchmarks: Intel core i7-3770 @ 3.40ghz. http://www.cpubenchmark.net/.

  2. 2.

    Videocard benchmarks: Geforce gtx 770. http://www.videocardbenchmark.net/.

References

  1. New 25 GPU Monster Devours Passwords In Seconds. http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/

  2. Preis, T., Virnau, P., Paul, W., Schneider, J.J.: GPU accelerated Monte Carlo simulation of the 2D and 3D ising model. J. Computat. Phy. 228(12), 4468–4477 (2009)

    Article  MATH  Google Scholar 

  3. Balakrishnan, G., Reps, T.: Wysinwyx: what you see is not what you execute. ACM Trans. Program. Lang. Syst. (TOPLAS) 32(6), 23 (2010)

    Article  Google Scholar 

  4. Bao, T., Burket, J., Woo, M., Turner, R., Brumley, D.: Byteweight: learning to recognize functions in binary code. In: Proceedings of USENIX Security 2014 (2014)

    Google Scholar 

  5. Catanzaro, B., Sundaram, N., Keutzer, K.: Fast support vector machine training and classification on graphics processors. In: Proceedings of the 25th International Conference on Machine Learning, ICML 2008, pp. 104–111 (2008)

    Google Scholar 

  6. Eagle, C.: The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler. No Starch Press, San Francisco (2008)

    Google Scholar 

  7. Intel Intel. and ia-32 architectures software developer’s manual, volume 3b: System programming guide. Part, 1:2007, 64

    Google Scholar 

  8. Kapoor, A.: An approach towards disassembly of malicious binary executables. PhD thesis, University of Louisiana at Lafayette (2004)

    Google Scholar 

  9. Kinder, J.: Static analysis of x86 executables (2010)

    Google Scholar 

  10. Koromilas, L., Vasiliadis, G., Manousakis, I., Ioannidis, S.: Efficient software packet processing on heterogeneous and asymmetric hardware architectures. In: Proceedings of the 10th ACM/IEEE Symposium on Architecture for Networking and Communications Systems, ANCS (2014)

    Google Scholar 

  11. Krishnamoorthy, N., Debray, S., Fligg, K.: Static detection of disassembly errors. In: 16th Working Conference on Reverse Engineering 2009, WCRE 2009, pp. 259–268. IEEE (2009)

    Google Scholar 

  12. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: USENIX Security Symposium vol. 13, p. 18 (2004)

    Google Scholar 

  14. NVIDIA. CUDA C Programming Guide, Version 5.0

    Google Scholar 

  15. CUDA NVidia. C best practices guide. NVIDIA, Santa Clara, CA (2012)

    Google Scholar 

  16. Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P), May 2012

    Google Scholar 

  17. Petsas, T., Papadogiannakis, A., Polychronakis, M., Markatos, E.P., Karagiannis, T.: Rise of the planet of the apps: A systematic study of the mobile app ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 277–290. ACM (2013)

    Google Scholar 

  18. Schwartz, E.J., Lee, J., Woo, M., Brumley, D.: Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring. In: Proceedings of the USENIX Security Symposium, p. 16 (2013)

    Google Scholar 

  19. Stone, J.E., Gohara, D., Shi, G.: Opencl: a parallel programming standard for heterogeneous computing systems. Comput. Sci. Eng. 12(1–3), 66–73 (2010)

    Article  Google Scholar 

  20. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: high performance network intrusion detection using graphics processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Vasiliadis, G., Koromilas, L., Polychronakis, M., Ioannidis, S.: GASPP: a GPU-accelerated stateful packet processing framework. In: Proceedings of the USENIX Annual Technical Conference (ATC), June 2014

    Google Scholar 

  22. Vasiliadis, G., Polychronakis, M., Ioannidis, S.: MIDeA: a multi-parallel intrusion detection architecture. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), October 2011

    Google Scholar 

  23. Wong, H., Papadopoulou, M.-M., Sadooghi-Alvandi, M., Moshovos, A.: Demystifying GPU microarchitecture through microbenchmarking. In: 2010 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), pp. 235–246. IEEE (2010)

    Google Scholar 

  24. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX Security, pp. 337–352 (2013)

    Google Scholar 

Download references

Acknowledgments

We want to express our thanks to the anonymous reviewers for their valuable comments. This work was supported by the General Secretariat for Research and Technology in Greece with the Research Excellence grant GANDALF, and by the projects NECOMA, SHARCS, funded by the European Commission under Grant Agreements No. 608533 and No. 644571. This work was also partially supported by the US Air Force through contract AFRL-FA8650-10-C-7024. Any opinions, findings, conclusions or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government or the Air Force.

Author information

Authors and Affiliations

  1. FORTH-ICS, Heraklion, Greece

    Evangelos Ladakis, Giorgos Vasiliadis & Sotiris Ioannidis

  2. Stony Brook University, New York, USA

    Michalis Polychronakis

  3. Stevens Institute of Technology, Hoboken, USA

    Georgios Portokalidis

Authors
  1. Evangelos Ladakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giorgos Vasiliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Polychronakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sotiris Ioannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Georgios Portokalidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Evangelos Ladakis .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Royal Holloway University of London, Egham, United Kingdom

    Chris J. Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ladakis, E., Vasiliadis, G., Polychronakis, M., Ioannidis, S., Portokalidis, G. (2015). GPU-Disasm: A GPU-Based X86 Disassembler. In: Lopez, J., Mitchell, C. (eds) Information Security. ISC 2015. Lecture Notes in Computer Science(), vol 9290. Springer, Cham. https://doi.org/10.1007/978-3-319-23318-5_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23318-5_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23317-8

  • Online ISBN: 978-3-319-23318-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation